Cyber Defense Weekly August 2, 2010
| Cyberwar is not the Cold War |
|
 The recurring use of the Cold War as analogy for cyberwar is not well thought out. At Black Hat last week in Vegas, Jeff Moss recalled his youth and the gloom that overhung the world knowing there was the threat of global annihilation that could occur with only twenty minutes warning. The US, China, and USSR built up massive stockpiles of nuclear warheads and the missiles, bombers, and submarines needed to deliver them while engaging in espionage to uncover the others' strategies, technology, and movements. This balanced threat of massive retaliation or an overwhelming first strike capability led to an uneasy global peace that has lasted 65 years. Yes there have been regional wars in Korea, Vietnam, Iran-Iraq that have cost millions of lives, but nothing like the all out war that could have occurred between the Soviet Union and Western Europe, or China and the Soviet Union, either one of which would have pulled the US into WWIII. The Cold War ended in 1990 when the Soviet Union dissolved. The world's democracies and the peoples of Estonia, Ukraine, and the other ex-Soviet states were the winners. But cyberwar is not the Cold War. There is no balance of power, there Is no imminent threat of the world coming to an abrupt end. Read the rest of my thoughts on this topic at ThreatChaos.com |
|
| How Charlie Miller would engage in cyberwar | |
| Researcher and hacker Charlie Miller presented at Black Hat last week. His thesis was based on the hypothetical scenario of his being retained by North Korea to attack the US. His war fighting technique was the recruitment of 100 million bots and using them in massive DDoS attacks.
I like to see the security community engaging in these types of flights of fantasy. They have more credence than those coming from traditional war colleges. Yet, Miller's proposal lacks an understanding of defensive technologies that are already available. There are some limitations on the effectiveness of DDoS that he ignores and he cannot provide the justification that North Korea would have for this level of attack. Firms like Akamai, Verisign, and Prolexic have been ramping up their abilities to mitigate DDoS to the point where they will soon be able to block and filter out DDoS attacks that can consume a terabyte of bandwidth. Many US government servers are already protected by these services. The Internet itself is not robust enough to deliver a terabyte of attack to a target. So the idea of a massive botnet being a super weapon is not valid. And finally, what would be the point of North Korea attempting this? They have nothing to gain, cannot follow through, and the repercussions would be devastating. So, sorry Charlie, not the right avenue of investigation. |
|
| Former head of NSA keynotes Black Hat | |
| Gen. Michael Hayden(retired), the former director of the NSA and the CIA, also spoke at Black Hat last week. He credits the audience with creating today's vulnerable Internet which is a little over the top but he had some good observations.
Hayden contributed two important points to the ongoing debate on cyberwar. 1. Cyber espionage is not cyberwar. So true. 2. International cooperation is needed to curtail use of DDoS. There should indeed be high level agreements on limiting the use of cyber attacks. DDoS is just one of the concerns.
|
|
| Industry news | |
| Sourcefire was in the news last week. They reported a great second quarter revenue of $30.6 million, up 38% from second quarter a year ago and up nearly 19% from the first quarter. They are well on their way to a $120 million year. Sourcefire is one of the primary security firms that is profiting directly from increased government investment in cyber security.
Sourcefire's vulnerability research team, the VRT, also announced the availability of Razorback, a security intelligence framework that will tie together all of an enterprise's security assets. While these types of overlays are hard to impliment and can be even harder to sell, it gives Sourcefire a vision that they previously lacked. Boeing completes acquisition of Narus, the network monitoring and recording company. You may recall that Narus is the technology used by the NSA to snoop on ATT's network. I expect more acquisitions of security vendors by defense contractors this year. Dell partners with Juniper and SecureWorks to offer UTM and managed security services. |
|
| Upcoming events |
|
| Hear more of my thoughts on cyber defense and recent developments on this Tuesday's Cyber Defense Webcast, 2 PM Eastern.
Join me today for the first segment of Internet Evolution's 60 Days of Executive Education where I will be covering security topics every day this week at 3 PM Eastern (GMT-5). Today's topic: What CXOs consistently fail to grasp about enterprise security. |
|
