7 comments

[ 2.9 ms ] story [ 26.7 ms ] thread
Actually I think the us government is more than aware of this fact. I remember sitting in at a private security function for the UAE government in 2007 when this issue was raised. That fact however is that this shift in battle dynamic only applies to nation states primarily. As it stands, there is no economic point in nation states fighting each other. For those countries that are engaged against the us however asymmetrical guerrilla tactics are far more rationale,.economical and accessible than cyberattacks. resistance fighters get a greater ROI from suicide bombings than they would from expensive.cyber attacks that rely On equipment which can be difficult to source or even utilise in third world countries. .
The first link is to a DOD report. What part of..well, anything, suggests the US isn't taking cyber seriously?
That a unified (sub)-combatant-level command has been newly created for this very task speaks volumes.

http://en.wikipedia.org/wiki/United_States_Cyber_Command

The author's frustration is justified, but his conclusion that they do not take it seriously is misplaced. In my opinion, the U.S. (and specifically, DoD in this case) suffers from two things:

1. Defense is hard. Once a vulnerability in a system has been found, defense is reactive. It is currently very hard to protect against a determined attacker.

2. DoD is a large ship, and while they have identified the need for an intense focus in this area; building the skillset and practices to make this work effectively in such a large institution is hard.

To summarize, the author is right to be frustrated but the examples he lists come from a lack of effectiveness, not a lack of focus.

It is worth putting into context that the defenses of other nations (and private entities) are not much better, and often worse. Offence is much, much more powerful than defense in the world of InfoSec currently. This is an issue that all nations are dealing with. I am reminded of a line I read on a popular security research's blog shortly after the Mandant report came out:

"The #1 APT (Advanced Persistent Threat) actor in the world today is...the United States."

The battlefield is physical. It always will be. It only appears not to be because that side of things is remarkably well covered.

The day that a nation decides to not bother with the physical battlefield is the day they get slaughtered by a rabble with flintlocks, metaphorically (or perhaps literally). Being king of the cyber world will do you no good at all if you can't stop the other guy simply walking in and shooting you.

What?

Don't everybody know about Economic Hitmans? And all the secret stuff the CIA does?

If any, the US is the country most aware of any complimentary battlefields.

In fact, I guess most successful cyber attacks by the Chinese were done only because of US-Gov mandated backdoors in commercial software.

They will learn their lessons fast.

I think the US gov't tales cyber security very seriously. They're just getting hammered by everyone since they're the most prominent target. This reminds me of why MS Windows seems so "full of viruses". I don't think it's because MS doesn't take security seriously. It's that there's so much more to be gained by attacking Windows PCs than any other OS and so many more potential targets, making it easier for large vulnerabilities to make headlines.