Create an Account
username: password:
 
  MemeStreams Logo

Mike McConnell on how to win the cyber-war we're losing
search
Home Agent Weblogs Social Network Post Help About

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Mike McConnell on how to win the cyber-war we're losing
Topic: Computer Security 11:38 am EST, Mar  2, 2010

The challenge is to shape an effective partnership with the private sector so information can move quickly back and forth from public to private -- and classified to unclassified -- to protect the nation's critical infrastructure.

We must give key private-sector leaders (from the transportation, utility and financial arenas) access to information on emerging threats so they can take countermeasures. For this to work, the private sector needs to be able to share network information -- on a controlled basis -- without inviting lawsuits from shareholders and others.

Obviously, such measures must be contemplated very carefully. But the reality is that while the lion's share of cybersecurity expertise lies in the federal government, more than 90 percent of the physical infrastructure of the Web is owned by private industry. Neither side on its own can mount the cyber-defense we need; some collaboration is inevitable.

People should listen to the point McConnell is making about information moving in and out of the classified space. The rest of what he is saying, not so much...

We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options -- and we must be able to do this in milliseconds. More specifically, we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment -- who did it, from where, why and what was the result -- more manageable. The technologies are already available from public and private sources and can be further developed if we have the will to build them into our systems and to work with our allies and trading partners so they will do the same.

This is not based in reality. How exactly should we re-engineer the Internet to solve the attribution problem? The "technologies already available from public and private sources" that McConnell speaks of are vaporware.

I agree with many of the points Threat Level is making in regard to this. The biggest one, that I think people are very fast losing site of, is that the cyber activities the Chinese are engaged in are not "Cyberwar", they are "Espionage" (with a capital E).

I admit to having been part of causing this perception problem. I have highly enjoyed tossing around the term "cyberwar" because it's fun to say. Now I'm starting to get worried about it.. Putting this into a war context is going to drive policy people to make proposals and decisions that don't have practical effects.

APT is fairly good at pushing admins into taking actions that they already have a plan to side-step around. APT thinks about how to get you spending your security budget they way they want you to. If we lose sight of what their actual goals are, we are simply going to do this on a national scale.

The attribution problem isn't solvable. We've got to get comfortable with the idea that smoking guns are very rarely going to be pointing definitively at the source of an attack. If we deploy a technology solution to address attribution, they will side step around it, and we will have destroyed the open Internet in the process. They _want_ us to do this.

Most people dealing with APT haven't had a problem tracing the source of the attacks back to China in one regard or another. It's just not good enough to serve as "proof" by a court of law standard, but we know who we are dealing with. From there, it's cat and mouse. As we get better at tracing it, they get better at masking it. This trend will continue regardless of what new technology is deployed.

As long as 2PLA has an interest in letting these activities happen, the actors will have the resources they need to make it happen. There is no silver bullet capable of going around these corners. Stop looking for one. The focus should be elsewhere. Facilitating the sharing of information between victims of attacks that can be used to deploy countermeasures would be a great place to focus.

As it stands right now, the various Chinese APT groups are able to re-use proxy/beacon/drop hosts on multiple victims with great ease because there is ZERO information sharing going on. Can we at least start making their job harder and our stance more informed?

Think Counter Intelligence, not Warfare.

Mike McConnell on how to win the cyber-war we're losing

Thread [2]


  
 
Powered By Industrial Memetics		RSS2.0