Page 32 - CDM-Cyber-Warnings-January-2014
P. 32
I can’t say for sure if China’s Red cyber-army is a reaction to what my InfoSec colleague calls the United States’ militarization of the Internet, but the battle lines have been drawn. Cyber- troops are amassing the digital borders of the frail infrastructures that protect government and industry intellectual property on defense systems, high-tech weaponry and other information that could bring our daily lives to a screeching halt. Regardless of who did what, China will continue to build its cyber-army and the U.S. will counter with its share of technology and people to keep our homeland safe. What I can say is that much of the military IP resides with U.S. defense contractors and engineering firms that don’t quite have the full grasp of how to keep the bad guys out of their IT infrastructures. No offense to the excellent IT resources these companies employ, it’s just that the IT complexity problem is too big to close all avenues of intrusion before the breach occurs. What I envision happening now is a proverbial cyber-tennis match, hack attempts launched across the net. Every once in a while, you can’t volley the attack back and “boom” there’s a breach. And one of these breaches is eventually going to be the big one, the 9/11 type. If you happen to be unfortunate enough to be caught in the middle (i.e. the power grid goes down and you can’t access your money because the banking system is down too), you really won’t care who started it. You’ll just know that 1) the disruption came out of nowhere, and 2) you will be turning to civic leaders for resolution. In this scenario, it won’t matter which came first – the U.S.’s militarization of the Internet (the chicken) or China’s cyber-terrorist army (the egg). A few weeks will eventually pass and our daily lives will return to semi-normal and as a nation, we will wonder how long before the next disruption. It will be a very different kind of warfare. The answer, according to some, lies in compromise and amnesty. By this I mean the U.S., China, Russia, and others opening up about the IP stolen or systems breached and share how the data was stolen. There are great advantages to this as it provides forensics, not for prosecution, but for remediation of the holes in the infrastructures that were breached. Forensics that can then be used to go back to the breached contractors or U.S. Gov databases that were hacked and shore them up. We will most likely find through these revelations that some breaches were never even detected! In this solution, in return for the revelation of each government’s discretions, the U.S. offers amnesty and perhaps a reduction in the sanctions we currently have levied against them. This or some other olive branch must be dangled in order to get the information that will lead to a lessening of the cyber-terror arms race, and improvements in InfoSec technology. You might recall that this concept has been tried once already – détente, and nuclear warheads 40 years ago – so there is somewhat of a blueprint to negotiate. Much like the efforts in the 1960s through 1990s to reduce global nuclear arms, the global cyber-terror arms race will need to be worked out by governments in an exercise of compromise and amnesty. The difference today is that back in the 1960s it was very difficult to hide a hydrogen bomb test. Today it is very easy (comparatively) to build a cyber-bomb and test it with little or no trace evidence. The cyber-threat danger is not very publicized so it is not too + % %! ! & , ! . !( %+ ' "! "#+% ' - + % !& , ! % '& % & %) *"% *
