Dr. InfoSec's Quotes of the Week (009)

Monday, September 06, 2010

Christophe Veltsos


Altering the Economics of Cybersecurity

"Economic incentives currently favor the attackers - attacks are easy, cheap, you can steal billions and your chances of getting caught are slim. If we can increase the cost to the attackers and increase the profitability of good cyber defense we can create a sustainable system..." -- Larry Clinton, Internet Security Alliance President and CEO

McAfee on APTs

"If they don’t know what it is, it’s an APT. While the attacks aren’t new — they have happened in the government world for a long time — the realization of what is going on is new. It can be difficult for an organization to sort out whether it is just a zero-day malware or if the organization is being specifically targeted. In the conventional world, if somebody launches a missile, you can pretty much understand what the intent is and you can attribute it. In the cyber world, if someone launches an attack, you might not be sure who is behind it and you don’t know what the intent is. In the military world, they make a distinction between information gathering and an actual attack..."  -- George Kurtz, worldwide CTO for McAfee

Microsoft on Privacy

"Every piece of data on the Internet maps back to who created it and who they know. Where they were when they did it, where they've been and where they plan to go. What they are interested in, attend to, and interact with, and is around them, and when they do these things. The contextualization of the web in the world and the connection of the world to the web, mediated by the connections of people to each other, is forming a new Internet which has vast implications of privacy, identity, and innovation; and how we are going to structure our societies and our economies..." -- Marc Davis, Partner Architect at Microsoft Online Services Division

Lynn on National Cyber Strategy

“The principal elements of that strategy are to develop an organizational construct for training, equipping, and commanding cyberdefense forces; to employ layered protections with a strong core of active defenses; to use military capabilities to support other departments' efforts to secure the networks that run the United States' critical infrastructure; to build collective defenses with U.S. allies; and to invest in the rapid development of additional cyberdefense capabilities. The goal of this strategy is to make cyberspace safe so that its revolutionary innovations can enhance both the United States' national security and its economic security...” -- William Lynn,the US Deputy Secretary of Defense

Cross-posted from Dr. Infosec

Possibly Related Articles:
Security Awareness
Post Rating I Like this!
Robert Gezelter Yes, attribution is both difficult and time consuming. Mis-attribution can be a desired result, with the attacker's intent being to trigger a conflict.

Regrettably, this is not news. It was with precisely this concern in mind that I recommended the cyber equivalent of "Defensive Action Only" when I authored Chapter 21 ("Protecting Internet Visible Systems") in the Computer Security Handbook, Third Edition (2002, Wiley) [An outline of Chapter 21 can be found at http://www.computersecurityhandbook.com/csh4/chapter21.html]

I am still of the opinion that "counter-battery" approaches are likely a poor idea. In the commercial sector, they are at least potentially criminal. In the national security sector, they are inherently vulnerable to misdirection.

On the other hand, disconnection or blocking is a defensive action, forcing some responsibility back toward the source, a point I noted in a August 14, 2003 Network World column entitled "Stopping Spoofed Packets can cut down on DDoS Attacks" [Network World URL available via http://www.rlgsc.com/publications/articles.html]

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.