[ISN] How Your Business Can Avoid Being Collateral Damage In A Cyber War

From: InfoSec News <alerts_at_private>
Date: Tue, 24 Aug 2010 02:52:38 -0500 (CDT)
http://www.csoonline.com/article/604663/how-your-business-can-avoid-being-collateral-damage-in-a-cyber-war

By Richard Power
CSO
August 23, 2010

All around the world, governments declare they are gearing up for cyber 
war. I know, I know, to anyone who has been at this for any significant 
length of time, many of the news stories we are reading today could 
have, or should have, been written a decade ago, or more. The term 
"Cyber war" seems to be on everyone's lips again. (Cue the theme music 
for "Groundhog Day" - again!) In one way, it is hard to take it 
seriously anymore; in another way, it is incredible that so many 
governments sound like they are just getting started, again. 
Nevertheless, even though the chest-beating seems to be a redux, and 
much of the blustering rhetoric seems to be recycled, the reality on the 
virtual ground in cyber space is that the capabilities (the offensive 
ones, at least) have evolved over the last decade, and so have the 
opportunities. Furthermore, the appetite to use them seems to have grown 
apace.

Yes, something is going on in the shadows; indeed, a lot is going on in 
the shadows. Meanwhile, in the corporate world, the focus has been on 
implementing "conventional wisdom" defenses against a broad spectrum of 
threats from phisher-kings and trophy-hunting hackers to dishonest 
insiders and unscrupulous competitors. "Conventional wisdom" is never a 
good guide; and certainly not in cyber security. Oh, of course, it is 
the safe path in and out of the boardroom for that annual review; until 
the manure actually hits the propellers. Then, well ...

The recent China-Google and Russian Spy Ring headlines drive home a 
troubling truth: the water is deeper than ever, and rising every fiscal 
quarter. It is no longer as simple as saying nation states attack nation 
states or disgruntled employees are 80% of the problem, the reality is 
much more complex. Over a decade ago, it became apparent that 
determining where your internal network ended and the "outside world" 
began was no longer as simple exercise; then some years ago, it became 
apparent that the definition of an "insider" as an employee or an 
ex-employee had also broken down.

Increasingly, lines are blurred; increasingly definitions are defunct. 
When China moves against the U.S. government or some large corporate 
entity (again), or vice versa, or some geopolitical dispute between 
Russia and one of its former states boils over into the EU, or Latin 
America or the Middle East erupt in hot cyber war, where will your 
enterprise be? Will it be in the middle, or on one side or the other? 
And which side is the right side to be on? I don't mean morally, I mean 
tactically, and strategically. How can you possibly prepare? How can you 
possibly justify putting time and grey matter into thinking through what 
"prepared" would look like? Where is it all going?

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Tue Aug 24 2010 - 00:52:38 PDT

This archive was generated by hypermail 2.2.0 : Tue Aug 24 2010 - 00:55:15 PDT