[ISN] The danger of misconstruing the most serious security threats

From: InfoSec News <alerts_at_private>
Date: Thu, 11 Aug 2011 04:40:10 -0500 (CDT)
http://fcw.com/articles/2011/08/08/home-page-tech-briefing-apt-cybersecurity.aspx

By John Zyskowski
FCW.com
Aug 10, 2011

Unlike in politics, it’s rather important in the world of cybersecurity 
that words and labels mean something specific. Routinely mislabeling 
hacking and other incidents of computer mischief could lead to 
overreactions to garden-variety illicit activity or a tendency to 
downplay the need for a new kind of response to truly dangerous threats.

For example, many experts cringe at how loosely the term “cyber war” is 
thrown around when a foreign state is the suspected culprit behind a 
hack or information theft from a government computer. The more accurate 
label for those kinds of cases is espionage, and that falls well short 
of an act that justifies retaliation via cruise missile.

On the flip side, experts fear that agency officials might get lulled 
into a false sense of security due to the misuse of the term “advanced 
persistent threat,” an increasingly popular label for a highly 
sophisticated and determined form of hacking — like the campaign that 
hit security vendor RSA and several defense contractors this past 
spring.

One instructive example is the case of Stuxnet, the virus that infected 
industrial control equipment used by countries around the world and, 
most importantly, by Iran’s nuclear program.

When news of the Stuxnet virus broke last summer, some security experts 
were reluctant to label it as APT, even though many in the press did so 
anyway. The virus was certainly advanced; it used an impressive array of 
hacking techniques, some of which were redundant in case certain tactics 
failed.

[...]


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Thu Aug 11 2011 - 02:40:10 PDT

This archive was generated by hypermail 2.2.0 : Thu Aug 11 2011 - 02:38:42 PDT