- Are we preparing for cyber warfare, or
- are we preparing for cyber terrorism, or
- are we fighting cyber crime?
Crime. We are fighting cyber crime. Or it may be simply unwanted and undesirable activity, since enacting laws is normally a slow process. That is, pernicious or malicious activity is not necessarily illegal and criminal activity. Calling it a form of terrorism or a form of warfare shows a lack of respect for war and terrorism. Calling it terrorism or warfare employs hyperbole to create a sense of urgency. Even worse, calling it terrorism or warfare implies that central coordination, probably a central government initiative is required to address the problem.
Calling it terrorism or warfare speaks to the motives of the activity. Understanding motives is important when prioritizing and predicting attacks. Prioritization and prediction are subsets of the defense problem. You can proceed directly to a “defend against” solution while leaving the “motivation for” question undetermined.
Lock your doors. Take your keys. Assume responsible for your own house.
- Where do we start?
- Who is in charge?
- What happens next?
Start with what you do best. Don’t wait to be told to do. Don’t wait for a crisis. Don’t wait for a government agency to tell you what you have to do. Don’t wait for an industry consortium, such as the payment card industry, to tell you what minimum precautions you must take. Government agencies and industry consortia do not write the practices; they read the practices, such as ISO 27001. Practices are already written. Government agencies and industry consortia pick their deliverables from the practices. Government agencies and industry consortia take action only after problems have occurred, and even then only when problems are on public display.
It takes a disaster to move regulations.
The need for defense precedes the compliance measures; the compliance measures do not create the need. For example, “PCI Compliance” exists as an effort to address a lax state of credit card protection.
Patrol your own attack surfaces and improve your own defenses. Government agencies are slow to respond to detected threats (see Fighting Back and Business Continuity). You are not subject to their encumbrances. You can shun suspicious activity. You need not wait for someone else to confirm that the suspicious activity is malicious or unlawful. You need not wait for someone else to shut down suspicious activity. You can view your log files, filter out suspicious traffic, blacklist (URL filter) destinations. Don’t wait to be a victim and blame the government for not protecting you.
The Einstein project, authorized under the still classified portions of the Bush Administration’s Comprehensive National Cybersecurity Initiative (CNCI), is a plan to deploy Intrusion Detection sensors (IDS) at all of the government’s Internet gateways. Sensors are good; analysis without sensors is difficult. Sensors without analysis is waste.
- The Slow Road to Cybersecurity by Craig Edwards, the August 28, 2009 Solid Principles (Principles of Conservativism) podcast presents a review of preparedness for cyberattacks.
- Transcript of June 8, 2010 debate “They (sic) cyber war threat has been grossly exaggerated” [pdf] at Intelligence Squared U.S. (For: Marc Rotenberg and Bruce Schneier; Against: Mike McConnell and Jonathan Zittrain).
- RSA 2011 panel discussion
- The Center for Internet Security (cisecurity.org) is a not-for-profit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. Through its three divisions–Security Benchmarks, Multi-State ISAC and Trusted Cyber Security Purchasing Alliance–CIS serves as a central resource in the development and delivery of high-quality, timely products and services to assist our partners in government, academia, the private sector and the general public in improving their cyber security posture.
- ‘Flame’ cyberespionage worm discovered on thousands of machines across Middle East
- Cyber espionage: New worm attacks AutoCad, steals blueprints
- 2012 Will See Rise in Cyber-Espionage and Malware, Experts Say