Comments

Cyberpower is in a huge state of flux and uncertainty. America's ability to assess, defend and respond is still emerging, as we wrestle with what it means to operate in cyberspace.

If you're interested in the current state of cyber defense, you might like this cover story from the March 2009 issue of the Information System Security Association (ISSA) journal (co-authored by yours truly):

http://www.scribd.com/doc/13624201/Who-Shall-Defend-Us-Determining-National-Defense-Roles-in-the-Internet-Age-By-Daniel-Ward-and-Michael-R-Grimaila

Posted by Dan Ward at June 17, 2009 11:06 AM

Ah, the joys of technology that is still relatively in its infancy. Human beings, such as they are, seem to find ways to victimize and terrorize others with new technology just as fast as we can explore the useful implementation of that technology.

I am reminded that it was very shortly after vehicles started rolling out with bluetooth technology in them that we were hearing about people developing viruses that knocked out the navigation and entertainment systems in them.

I dare say there is NOTHING that we depend on (or perceive ourselves as dependent upon) that is not subject to becoming the weapon of someone's fiendish thinking.

I don't think very many of us would have even dreamed of people using airplanes as missiles to take down buildings and kill on a mass scale like they did on 9/11. But think about it: our food, our water supplies, electrical grids, fuel, postal services, banks... there's literally NOTHING that could not be used as a weapon against us.

Not meaning to be a "doomsday prophet," here. Tom's post just has me thinking and asking "Should we consider cyberspace to be unique in its potential to be used against us? Back to my original contention: it's the relative newness of it that adds to its very vulnerability.

Posted by Dan Gunter at June 17, 2009 4:29 PM

Mmmmmm …. Interesting and topical as we hear Skype was one of the only ways people in Iran in the last few days could communicate to the rest of the world.

I believe we are still at the beginning of the debate about cyber attack and cyber defence. Dare I suggest maybe the ‘nerdiest’ nations will take the biggest prizes?

It’s sad but true that many innovative advances made throughout history have been abused by the leaders of nations. They seem to want to use those very tools to flex their muscles and exert their power over others.

From my idealistic, rose tinted spectacles, blue sky perspective I suggest the debate should NOT be about how we can use or defend ourselves through cyber technology. The debate should be about why the hell we always seem to come back to obtaining more power through advances made in science that in fact should surely be best used for the betterment of the worlds’ population. Carry on dreaming Trevor I hear you saying. But that’s my view nonetheless.

Posted by Trevor Gay at June 17, 2009 5:02 PM

"Power corrupts. Absolute power corrupts absolutely." -- Lord Acton.

"And newly discovered power corrupts in unpredictable ways." -- Yours truly.

LOL. Well, sort of laughing. It's not really funny to think about.

Posted by Dan Gunter at June 17, 2009 5:13 PM

Interestingly a lot of Cyber problems have their origin in perception and emotion. For example the number of viruses on MS verses Apple or Unix. Apple is not so technically brilliant that it resists attack it's just that less hackers want to have a shot at it. Microsoft became the whipping boy.

Also just remember that the vast majority of cyber crime is carried out by NON technical means. Most attacks go for the weak spot (the human) in the system. i.e. a plausable story why an outsider needs access etc.

A few years ago I worked as an IT consultant. Customers who had draconian security about me logging onto their system remotely were often the same ones that allowed me, when on site, to wander around their server rooms, armed with passwords, completely unsupervised.

I have sat at other people's desks with passwords (and in one case credit card numbers!) on post it notes stuck to the monitor.

I have seen a company (again with complex security) dump computer printouts with confidential customer records (finacial org) in the skip outside the office - they were blowing down the street....

As with all technology (for good or ill) it's the interface with humans that is the most dangerous

Posted by PaulH at June 18, 2009 1:32 AM

PaulH, I tell a lot of folks to consider some of the smaller, fairly reputable, and sometimes free antivirus programs. Creators of viruses, worms, etc. typically go after the big boys (such as Norton and McAfee) and ignore the lesser known ones because they see the volume potential (and consider it an accomplishment to defeat the big boys.)

You also raise a good point about humans always being the weak point in the system. I watch some people invest a lot of money in good software to protect themselves online, but then they turn off pop-up protection, turn down the thresholds on their e-mail security settings, etc. because it feels like it's a nuisance and slowing them down, or they're afraid they'll miss something (like those funny pictures that Aunt Sally forwards to all 271 people in her-email address book -- e-mails that originated from God only knows where and are a very common carrier of viruses, worms, trojan horses, spyware, data miners, etc.

Posted by Dan Gunter at June 18, 2009 8:13 AM

This EXISTENTIAL RISK, that I am professionally engaged in, has a unprecedented disruption potential. For countries like Australia, Canada, Great Britain, and the USA -- I will beging by making a huge intranet (one per country) with extremely dynamical encription. This to begin with. But people would have to follow individual meassures at home and at profession that are increasingly stunning.

Posted by Andres Agostini (Andy) at June 19, 2009 8:42 PM