If you really want to set me off just point me to an interview with some old military guy who uses "cyber" as a noun and uses euphemisms for everything. This article for instance. Apparently there was a conference on Cyber Warfare in London this week and an Air Force base commander was spouting off about counter-measures in cyberspace. Let me re-iterate a few things I have mentioned in previous postings.
Take this from the article:
Air Force Cyber Command (AFCYBER), a US military unit set up in September 2007 to fight in cyberspace, is due to become fully operational in the autumn under the aegis of the US Eighth Air Force.
It makes you think that the Air Force is taking the lead in cyber defense, no? In reality this new "unit" is just the IT department of the US Air Force. You see, "cyber" means "computers" ,and anything to do with them, in the military. The Air Force is not really dedicating 10,000 personnel to defending their cyber assets.
What really concerns me is the talk about taking the offensive. Here you have a branch of the military that has repeatedly demonstrated that it cannot secure its own house contemplating bringing out the big cyber guns and retaliating. I don't feel comfortable with that. While I would not argue that the US government should not be involved in cyber espionage I would argue that developing new attack tools on the one hand is easy and on the other dangerous. Attacks are simple because most targets are unprepared, as the Air Force has discovered from internal experience. But you better not start lobbing cyber bombs until you have hardened your own defenses.
Try to decipher this statement quoted in the article:
"We're trying to move away from clandestine operations. We're looking for real physics - a bigger bang resulting in collateral damage."
You know what that means. Collateral damage means that infrastructure, enterprises, and commerce could suffer from this "bigger bang" concept.
Someone with a clue has to step in to the US military. One, to stop this kind of silly talk and two, to make sure that IT systems are being hardened in advance of these cyber wars they seem so anxious to engage in.
In the mean time the diplomatic corp should start working on a Pax Internetica. It is my belief that in cyber warfare a good offense is not a good defense. The only result from escalating offensive capability will be disaster. In cyber warfare a good defense is a good defense.
About Stiennon
Richard Stiennon is a security industry analyst. He is currently consulting, speaking and writing on all manner of security topics for IT-Harvest, the IT research firm he founded to cover the security space. He was most recently chief marketing officer for Fortinet. He has served stints at PricewaterhouseCoopers, Gartner, and Webroot Software.
The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
Get a clue...
Your arguments make as much sense as the idea that in somehow creating Anti-Gun Laws, you will find yourself safer. The real clue here is...there will always be law breakers, and if they are going to break the law already, say for murder, they are not going to stop and ask themselves...should I also break the law of "insert your own firearm law here?" Laws keep the law abiding in line; nothing more. The same holds true for our enemies, whether they be terrorists or other countries. When it becomes a life or death struggle, the Marquess of Queensberry rules will always be tossed by the wayside. Perhaps you would feel better about yourself when the infrastructure about you is down around your ankles, knowing that you could have done more to prevent it (very similar to the policy of assured mutual destruction...ya know, the concept that help win the Cold War), but you didnt because you were somehow more civilized. And now those around you are potentially dead. We KNOW for a fact that other countries such as CHINA have had dedicated units in their military, devoted to cyberwarfare...we are playing catchup already. We also know for a fact that they are not only targeting command and control...but power, wastewater treatment, energy production.....the list goes on. If you ask my opinion, we should have gotten the clue earlier...just as we should have understood, we were at war with the terrorists since the 70's because they WERE at war with us.
Someone?
"Someone with a clue has to step in to the US military".
It is always easy to take a quote from one person and apply it across the board. If Stennion knows how to fix it, why doesn't he volunteer and do something about it?
Besides, gaining the capability does not necessarily mean that it will be used, --- unless necessary and in retaliation.
I also fail to see why stennion doesn't rcognize that building an offensive capability does not necessarily mean that we are sacrificing hardening the systems. He is implying that we are only capable of doing one thing at a time. That's not true at all. But I guess he just has too much white-cyber-space to fill these days.
I am waiting for the call
But the Washington Beltway has a way of eating outsiders alive. I doubt I could survive long enough to make any difference. Besides, I am not independantly wealthy.
Better to wield the keyboard to shed light on the fumblings of Government agencies, retailers, nation states, and cyber criminals in the hope that it will effect some change.
In response to the argument that we would not use offensive capability unless necessary I can only chortle.
No, I do not think we can do both. We can not even handle one. We have yet to demonstrate that we can handle the defensive requirements. That is exactly my point.
No need for offense
China is trying to paly catch up both industrially and militarily. THere is no need for the US to engage in the type of industrial espionage that China is. What would they do with the info they gleaned? Give it to Northrup or Boeing?
I firmly believe that defense can be everything you need to counter today's threats. People guessing passowrds? Use strong authentication. Someone reading your email? Encrypt it. DDoS? Get some bandwidth.
If the US military starts to arm and develop its own offensive capability it will probably be used some day. The collateral damage could be disastrous. Better to have an ironclad defense in place. Choke off China's source of information. Increase the cost of operations for China as well.
What about military espionage? Sure, that is the realm of several agencies already. I imagine they know what they are doing.
Post new comment