[ISN] Does keeping cyberattacks secret endanger US?

From: InfoSec News <alerts_at_private>
Date: Fri, 16 Sep 2011 01:05:56 -0500 (CDT)
http://gcn.com/articles/2011/09/06/digital-conflict-undisclosed-cyberattack-data.aspx

By Kevin Coleman
GCN.com
Sept 15, 2011

Hostile activities in cyberspace have grown, and by many accounts the growth 
rate has been dramatic. But few people have a real appreciation of just how big 
this issue actually is, and for good reason. When we look at the cyberattacks, 
we break the collective environment into three distinct areas:

     * What happens in the classified environment?
     * What happens and is disclosed in the open environment?
     * What happens and is undisclosed in the open environment?

In the classified environment it is necessary to have controls in place to 
protect the information about cyberattacks from being disclosed. For these 
reasons information about cyberattacks in this environment is typically 
restricted to those with a need to know. The disclosure of this information 
could hinder ongoing investigations or compromise covert cyber missions.

In the open environment businesses, government entities with 
nonclassified-but-sensitive data, educational institutions and other 
organizations can and most of the time do disclose when they fall victim to 
cyberattacks. In some cases there are regulations that actually require the 
disclosure of these events. Organizations have learned that proper and timely 
disclosure of successful cyberattacks can actually help mitigate the total 
amount of attack damage to the organization.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Received on Thu Sep 15 2011 - 23:05:56 PDT

This archive was generated by hypermail 2.2.0 : Thu Sep 15 2011 - 23:11:45 PDT