[ISN] Q: Why do defenders keep losing to smaller cyberwarriors?

From: InfoSec News <alerts_at_private>
Date: Fri, 12 Aug 2011 02:14:44 -0500 (CDT)
http://www.theregister.co.uk/2011/08/11/cyberwar_fallacies_revealed/

A: 'Ant smarts' not 'asymmetry'

By Dan Goodin in San Francisco
The Register
11th August 2011

Forget everything you've read on The Reg or anywhere else about wars that 
target computer networks, power grids and other essential electronic 
infrastructure because it's loaded with fallacies, a prominent security 
consultant said Wednesday.

Contrary to conventional wisdom, the damage from cyberwar can kill people, and 
those who wage it aren't as anonymous as most security experts and military 
advisers claim, Dave Aitel, CEO of Immunity said during a talk at the 20th 
Usenix Security Symposium in San Francisco. But the biggest myth of all, he 
submitted, is the idea that cyberwar inevitably favors the opponent, allowing 
people with modest means to inflict disproportionate mayhem on much larger 
opponents.

“People assume the current asymetricness, the current offense-seems-to-be 
winning feature of the internet, is built in and it's not,” he said during his 
90-minute talk, which was titled “The Three Cyber-war Fallacies.” “This is a 
danger for attackers as well, because attackers can get lulled into a false 
sense of security. You have the advantage because you got lucky and the current 
field is on your side, but that changes quickly.”

Aitel said that contrary to the oft-repeated claim that cyberwar is 
“non-kinetic,” its effects include real physical effects that can be every bit 
as devastating as a bomb blowing up a bridge. He held up the ability of the 
Stuxnet worm to sabotage centrifuges used in Iran's uranium enrichment program 
as a prime example.

“People miss the message of Stuxnet, which wasn't: 'I blew up your nukes, I'm 
cool,'” he said. “The real message was: 'I can take out any factory you have at 
any time I choose.' That's a much scarier message.”

[...]


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Fri Aug 12 2011 - 00:14:44 PDT

This archive was generated by hypermail 2.2.0 : Fri Aug 12 2011 - 00:33:11 PDT