The results of the Cyber Shockwave simulation that the Bipartisan Policy Center conducted earlier this week came as no SHOCK to most security professionals that have really been involved in analysis of cyber warfare, cyber terrorism and cyber crime. This event has brought the badly needed attention this threat needs and deserves.
Many are sitting back picking apart and finding fault with some of the details of the scenario rather than using this for what it is another WAKE UP CALL! All this occurring as one security firm disclosed a new BotNet with more than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks we have experienced to date.
Given the U.S. dependence on computers, the Internet and the entire information infrastructure, our adversaries see our vulnerability to acts of cyber aggression as our soft under-belly and that makes it a prime target in their eyes. In the cyber domain, the time with which a cyber attack evolves is several times faster than traditional attacks. While the participating officials sat there and scratched their heads, the situation worsened and quickly evolved to the point of disaster.
Why is it that the U.S. has a tendency on waiting too long until after something happens and then responds? Given the widespread publicity this exercise has gained, we can only hope government leaders, corporate executives, law enforcement, industry and our military will pull together and collaborate across traditional boundaries and protect the digital assets of our nation.
{ 5 comments… read them below or add one }
As a tech support and network engineering guy, I can tell you that this problem is directly related to a lack of computer security fundamentals at the rank-and-file level.
Computer security fundamentals needs to become a non-waiverable screening point during the hiring process; no interview process should be completed without an appropriate screening, whether executive or employee. This should be the responsibility of a new position of internal auditor with executive-floor access.
Look at the penetration points for most of today's attacks, and you will plainly see that this is a social engineering problem. America is overweight, and the problem is that people are eating fast food; America is getting hacked, and the problem is people are clicking on links. Both are obvious, but neither will change. It's a sensitive subject.
Tell companies to simply turn security up at the desktop level? The less-educated executives will tell you to turn it back down.
Using for example this website without javascript:
"This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough."
–> This is EXACLTY the point. Website uses Javascript, but Javascript is bad and a intrusion point for malicious code. Period.
You can thank U.S. corporations for their lack of foresight in laying off thousands of American programmers to 'save a buck', and then training their 'cheap labor' replacements in China, India and Brazil. These tax averse corporations will no doubt expect our taxpayer-funded military to bail them out when the proverbial s*** hits the fan.
These comments should be a wake up call to the dangers of Internet voting, which is already being tried in at least a dozen American states. Could a hacker in China choose our next President? Don't bet against it. Internet voting has to be stopped now, and you can help by writing the media, your elected officials. It's flying under the radar and anything you can do to keep this Trojan Horse from infecting our elections, the better chance we'll all have of holding onto our democracy.
Yeah guest I hear you. Our company closed whole IT field offices the beginning of last year. When I was pulled in the office and told I was being layed off, I overheard one of our indian IT guys telling the head of personel that he had to return to india because he had a visa problem.
America is selling it's soul not just in IT but also in sending all of our manufacturing jobs to china. It will come back and bite us.