The rhetoric about cyberattacks is nearly deafening. It seems like my Twitter timeline blows up every day about cyber-this or cyber-that. Makes me want to cyber-puke. Since Mandiant pointed the finger at China everyone seems to be jumping on the bandwagon of tough talk and posturing.
Take example #1: The US is now fielding teams to play offense and respond to computer attacks on critical infrastructure.
I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Gen. Keith Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.
Uh, this is news? Maybe that there is finally acknowledgement that the US (along with every other first world nation) invests in building cyber-attack capability. I know it’s hard to remember, but a few short years ago there was an uproar when Anonymous documentated that HBGary was proposing to build weaponized exploits. Where’s the uproar now? Oh yeah, now it’s politically correct to defend ourselves. This is media-driven nonsense. I doubt the strategy has changed at all, except maybe accelerated a bit. Though it will be interesting to see if and how sequestration impacts these kinds of investments.
Rich recently pointed out that China is fundamentally different because they use military hacking apparatus to help commercial Chinese entities gain intelligence that helps them win big contracts. Obviously Israel’s announcement that their cyber-defense capabilities will be used to protect private Israeli enterprises is different, but it is another clear indication that the line is blurring between the private and public sectors. As it should.
The Defense Ministry will set up a new body to support local defense industries in coping with cyber threats, ministry director-general Maj.-Gen. (res.) Udi Shani announced Tuesday.
And if you need another data point showing ‘cyber’ is the new hotness, the CEO of BP disclosed on CNBC that BP Fights Off Up to 50,000 Cyber-Attacks a Day.
Cybersecurity is a growing issue around the world, not only with companies but with governments,” Dudley observed. “We see as many as 50,000 attempts a day like many big companies … to my knowledge we haven’t had an incident that’s taken away data from us, but we’re incredibly vigilant.
Clearly someone is hiding something from the CEO here, but he pulled the plausible deniability card in the form of “to my knowledge…” But if he’s right and they haven’t lost any data that would make them only such company.
And before you start bitching in the echo chamber about how the hype is getting in the way of you doing your job because you are being paraded in front of the board and up to the CEO’s office once a week, remember when no one gave a crap about security. It’s always good to be careful what you wish for.