The Future of Cyber Security and Cyber Conflict

January 30, 2009
56 Views

As I write this there is evidence that the Russian’s are once again attacking another country through massive denial of service attacks.  For a recap with analysis you will not see elsewhere see The Kyrgyzstan Cyber Attack That No One Is Talking About .  This is not the first time that a major nation state has been accused of launching attacks like this.  Russia has been implicated as responsible for two other large scale attacks (Estonia and Georgia).   In other investigations China has been implicated of sponsoring/supporting attacks designed to extract information.  These are very serious high end attacks that are hard to mitigate, but organized crime is also becoming increasingly capable, investing large amounts in R&D to allow their continued ability to sap resources through cyber theft.   In a recent example a payment processing company called Heartland Security Systems admitted its security system had been breached and millions of credit and debit card numbers were extracted. I’ve previously written about the government’s response and many of us have been strongly supportive of the efforts and activities of Melissa Hathaway and th


As I write this there is evidence that the Russian’s are once again
attacking another country through massive denial of service attacks. 
For a recap with analysis you will not see elsewhere see The Kyrgyzstan Cyber Attack That No One Is Talking About
This is not the first time that a major nation state has been accused
of launching attacks like this.  Russia has been implicated as responsible for two other large scale attacks (Estonia and Georgia).   In other
investigations China has been implicated of sponsoring/supporting
attacks designed to extract information.  These are very serious high
end attacks that are hard to mitigate, but organized crime is also
becoming increasingly capable, investing large amounts in R&D to
allow their continued ability to sap resources through cyber theft.  
In a recent example a payment processing company called Heartland
Security Systems admitted its security system had been breached and
millions of credit and debit card numbers were extracted.

I’ve previously written about the government’s response and many of us
have been strongly supportive of the efforts and activities of Melissa
Hathaway
and the team of coordinators she assembled in government.  
Her approach has been viewed as very positive by all credible
observers and it is good to know she will be continuing to work to make
our nation safe in this area. 

It was also good to see the approach of the Obama team posted on the
Whitehouse.gov site.  In a homeland security policy statement six key
goals were articulated.  They are copied below:
   

    Protect Our Information Networks

    Barack Obama and Joe
    Biden — working with private industry, the research community and our
    citizens — will lead an effort to build a trustworthy and accountable
    cyber infrastructure that is resilient, protects America’s competitive
    advantage, and advances our national and homeland security. They will:

  • Strengthen Federal Leadership on Cyber Security:
    Declare the cyber infrastructure a strategic asset and establish the
    position of national cyber advisor who will report directly to the
    president and will be responsible for coordinating federal agency
    efforts and development of national cyber policy.

  • Initiate a Safe Computing R&D Effort and Harden our Nation’s Cyber Infrastructure:
    Support an initiative to develop next-generation secure computers and
    networking for national security applications. Work with industry and
    academia to develop and deploy a new generation of secure hardware and
    software for our critical cyber infrastructure.

  • Protect the IT Infrastructure That Keeps America’s Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.

  • Prevent Corporate Cyber-Espionage:
    Work with industry to develop the systems necessary to protect our
    nation’s trade secrets and our research and development. Innovations in
    software, engineering, pharmaceuticals and other fields are being
    stolen online from U.S. businesses at an alarming rate.

  • Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit:
    Shut down the mechanisms used to transmit criminal profits by shutting
    down untraceable Internet payment schemes. Initiate a grant and
    training program to provide federal, state, and local law enforcement
    agencies the tools they need to detect and prosecute cyber crime.

  • Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches:
    Partner with industry and our citizens to secure personal data stored
    on government and private systems. Institute a common standard for
    securing such data across industries and protect the rights of
    individuals in the information age.

Another goal was in the Defense portion  of the Whitehouse.gov site which called for DoD to lead in operational defense.  It reads:

  • Protect the U.S in Cyberspace: The Obama-Biden
    Administration cooperate with our allies and the private sector to
    identify and protect against emerging cyber-threats.

My assessment of these seven goals:  This is too important for us to kibitz on at all.  Now is the time for us to all form up on these goals and execute.  Collectively we have to move faster in all these areas if we are to lesson the impact of the thinking/changing/technologically advanced adversaries that face us.  I only add that we should keep bold visions in mind.  I really believe that security and functionality of IT are totally connected and should always be considered in the same breath.  And both can be dramatically improved, this is not a zero sum game where functionality is compromised by security.  I believe our goal should be, as I’ve stated before, that the security and functionality of the federal enterprise will be improved by two orders of magnitude over the next 24 months.  And I believe the cyber and CTO team of the new administration can deliver on that.

I also believe that DoD will continue to have a key leadership roll in cyber, since increasingly that domain is being used by military adversaries and our own military must be able to operate with knowledge that their IT systems are safe from adversary attack.    

More later.

Link to original post