July 28th, 2008 | Defense Tech Poll | 397215 Commentshttp%3A%2F%2Fdefensetech.org%2F2008%2F07%2F28%2Fcyber-war-capabilities%2FCyber+War+Capabilities2008-07-28+17%3A19%3A08Wardhttp%3A%2F%2Fdeftech.usmilblog.com%2F%3Fp%3D3972
Previous post: A PhantomSkunk in the Works
Next post: What do you Think…?
{ 13 comments… read them below or add one }
The business and consumer sectors will be the bigger challenge. The McAffe studies showed 39% of businesses with less that 1,000 employees spend less that 1 hour a week on information security. There are over 7 million of businesses that fall into that classification.
Of course less than 40% of businesses with 1000 people or fewer spend any real time on information security. Do you really think that Bob’s Body Shop is in terrible danger of a Chinese cyber attack? I know the first thing the enemy wants to do is cripple Reggie’s Heating and Air — with American consumers in the greater Atlanta area suffering through a summer heatwave with no access to 30 minute or less air conditioning repair, there is no way the US could oppose the Chicom threat…
Seriously, the vast majority of small US businesses have minimal need for information security beyond keeping the payroll safe. Surely, someone COULD hack into their computers, but unless you’re just trying to give yourself a few hours overtime last week, there’s not much point.
Brian you did not consider that all those computers you say need “minimal” protection can be used as a weapon in a DDoS attack against other computers and systems. In addition, given 70% of the U.S. economy is driven by those small businesses, stealing their customer list, product cost structures, and in some cases even their vendor lists can be stolen and used to gain a competitive advantage against the business. One modality of Asymmetric Warfare is economic attacks against the enemy
We’re not, and it has nothing to do with visas or talent retention – it has everything to do with our IT infrastructure (competency of “admins” who opted for an MCSE instead of an MBA among other problems) and the fact that Windows is still the dominant operating system – in the business, civilian, AND military worlds. And it’s doubtful that that problem will be addressed with a stack of H1B visas.
…and the important sector to remember is our critical infrastructure. Not enough is being to done to secure entry points into control systems and SCADA. Proper separations of LAN elements (control, business, remote etc….) are not being secured, even though we doing better. But we shouldn’t “figure it out” while we are being attacked. The thing a state sponsored hack (or just an idiot with kiddie scripts) would love to do is to use our current and future infrastructure against us.
Yes Kevin, I realize that small businesses are the lifeblood of US industry. I also realize the sheer number of these businesses that exist.
Can a competetive advantage be gained against a specific business? Of course. But that is a problem for the individual company. It is not a national security concern. To significantly affect the economy of the United States, an enemy would have to attack not one, not a dozen, but literally tens or even hundreds of thousands of individual companies.
If we have it bad, you KNOW China, Russia, et all have it much, much worse. I would wager we spend a hell of a lot more on IT security than the rest of the world’s powers. Furthermore, closed systems (used to improve security) make coordinated military, government or business efforts less effective, which gives us an edge in the long run.
Cyber attacks and the incredible damage (both permanent and temporary) they cause will soon rival that of nukes during the Cold War. A successful first strike will have a small chance of success and can cripple a country, but its failure will lead to an overwhelming response. Specifically a cyber, conventional and possibly nuclear response, which will go a long way in persuading enemies from trying such an attack.
Just think about this for a moment. Think of how computerized the U.S. is and how many systems we have to protect/defend and contrast that to any other country in the world. We have a much bigger burden, we are a much bigger target and we have more are risk if we get caught with our pants down!
Yeah, so?
Go ahead and hack my office. The absolute most you could do is read a bunch of private e-mails and perhaps steal some work product. Because I know the Iranians really want to know my trial strategy for Joe Blow the crackhead who got caught with ten pounds of pot. I suppose you could send out a bunch of nasty e-mails from my account and make a judge mad or something.
The US is a big target for international hackers. Most private businesses and state agencies are not. It is the equivalent of flying a plane over a field and dropping a 2000 lb bomb on Farmer John’s prized watermelon crop. “Ha ha! Without those watermelons, the county fair will be ruined!” Go ahead and let the North Koreans spend 1000 man hours hacking into the computers for the North Texas Gazette. “How will the people know who won the football game when I have erased the sportswriter’s articles? My plan is FLAWLESS!”
Would such an attack be an inconvenience? Sure. But let’s not pretend that the United States is in some critical threat because Unit Parts, largest producer of refurbished starters and alternators in the southwest region, doesn’t have the finest security program money can buy.
BRIAN
YOU DON’T GET IT! They can turn your computer into a node on a BOTNET and use that in a DDoS attack. Private Businesses are a prine target. One Special Agent just disclosed he knew of 100,000 systems in the U.S. that were totally compromised. IF you are a security professional you really need to stay up to date.
Yeah, that’s great. They can make my computer into a minor irritant. I’m impressed. Woo hoo.
I’m totally sure there are 100,000 systems in the US compromised. Riiight. And they’re all coordinated by the same people. Riiight. Yeah, I’m sure that there are lots of computers out there that have been hacked at some point, but they ain’t all working for the Chinese. It’s some 15 year old who is trying to steal your credit card.
Here’s the deal. This is DefenseTech. We come here to discuss national security issues. I’m sure there’s a whole lot of people out there who have credit card info stolen that could really use help beefing up their security. But this IS NOT a national security issue. Period.
Brian
All those little irratants hooked together is a BotNet and that is what was used in the attack against Estonia last year that took them down for over 2 weeks. And 17% of the DDoS traffic came from compromised systems in the U.S.
Kevin, don’t waste your time educating Brian. There is no value in educating a fool like him. He knows everything – he thinks reality is more like nothing!