Government Engineers Actively Plan For Cyberwar
and
Managing Information Security In An Innovation Void
A while back, I did some research on RFID and found the information rather disturbing. I was excited for the find and posted it on the same forum that I mentioned. Of course, there are always people that will tell you that you are paranoid and the sky is not falling.
While this is not about RFID, Cyberwar is just as touchy a subject but the word gives it a menacing feel. Is the government overreacting?
In doing research for CIS 610: Information Warfare, I found that China has been our biggest attacker in regards to cyberwarfare and it has been that way for years.
If governments start launching large-scale electronic responses to attacks, such as unleashing viruses and worms meant to neutralize an attack, or conducting denial-of-service attacks designed to knock adversaries offline, enterprises had better brace for the potential for collateral damage. "Once released, no one really knows what the impact could have on certain systems and networks," [says Pete Lindstrom].This goes back to last week's blog. While viruses are used to "fix" what other viruses "broke", it is only a matter of time before those "helpful" viruses are turned to cause more problems. The thing is, with this article being written just a few days ago, hasn't our government been working on these years to prepare for cyberwar? Isn't that why President Obama wanted to institute an "Internet Kill Switch"? Is our country, our government, prepared for a cyberattack that is inevitable? Will we be defeated in Cyberspace or conquer in Cyberspace?
The second story I chose was based on its title only. Security management in an innovation void? The phrase innovation void is what got my attention. I had to read it just to see what the article was talking about!
Peter Kuper says,
In 2012 we will see an increase in network intrusions from disparate parties trying to create IT infrastructure chaos for a variety of reasons primarily political, financial and economic. An easy prediction perhaps given the trend and yet while I fully trust CSOs and CISOs and security teams are doing all they can to prevent breaches; I am deeply concerned that they still lack the technology to adequately protect IT infrastructure from malicious attacks.That's a pretty bold statement. After all, isn't installing patches for their OS and updating their security software enough? He further explains,
There are several reasons for this state of unpreparedness. Budget constraints certainly continue to be an issue even as the U.S. economy plods along in recovery mode. However, the more disconcerting limiting factor is beyond the direct control of infosec executives:the scarcity of innovation in the information security industry.Ok, budget constraints I can buy, but "scarcity of innovation"? I'm not sure about that. However, he redeems himself with me when he states that we should be innovators of our own security. I can buy that.
Resources such as The Honeynet Project offer challenges that help us think outside the box when it comes to security. After all, our attackers are doing whatever they can to either make money or to take over. This means, that we have to outhink them and we can only do that if we utilize the tools that others make available to us to allow us to do that.
Another site is Hackers Thirst which is a site used at educating people on how to make their systems more secure.
Finally, just because you attend a DEF CON conference, doesn't make you an evil hacker. While hackers of the malicious kind do attend, such conferences help educate people involved in Information Security regarding various techniques. Also, it helps to be a hacker to understand how to prevent your system from being hacked. The next DEF CON conference is July 26 - 29. I intend to be there!!!
No comments:
Post a Comment