US cybersecurity defences fail to thwart mock cyberattack Critical US electronic systems have failed to withstand a simulated cyberattack. Participants in a recent cyber-warfare exercise told Reuters that the exercise highlighted problems in leadership, communications and readiness. The two-day exercise brought together 230 government agencies, private firms and other participants. …
"Homeland Security Secretary Michael Chertoff added that international laws need to be updated to provide a framework for cybercrime responses."
Yeah, right on, Big Brother, but No Thanks if that is USNewspeak for Biased in favour of a Cowboy Hegemony? Been there, done that and IT Sucks Badly. Let's Play an Altogether Beta Game without the Slings and Arrows of Outrageous Mock Fortune.
CyberSpace Control Systems are a Virtual Front with Rules and InterNetional Laws which are deliberately Novelly IntelAIgently Designed, by Virtue of their Stealthy Ease`of Discovery, to automatically update themselves towards Perfection, although Any and All Constructive, Third Party Remote`Support in Innovation and Implementation is to be Lauded and Applauded.
Ah, I see. "Cyberwar" must be why Wall Street lost $7 trillion in value and why the feds tacked $700 billion onto the national debt just to shore up the banking industry. It HAD to be an act of cyberwar -- I mean, what else could possibly account for such astronomical financial losses?
"Attackers always have the advantage over defenders in cybersecurity and, by extension, cyber-warfare. Problems such as maintaining extended supply lines or knowing the terrain on which battles are fought really translate into the sphere of cybersecurity."
Shurely controlling which nodes go online, which is connected to what, and what -passive or active- protections are in place is how "extended supply lines" and "knowing the terrain" translate to. And it's definitely giving an advantage to the defenders, not the attackers. Now the attackers are still one step ahead, because of the element of surprise, and because the defenders typically need to keep the systems online as much as possible, which prevents them from really using the "supply lines" and "knowing the terrain" advantages to their full extent. So, yes, the attackers usually have an advantage, but it's because the "Problems such as maintaining extended supply lines or knowing the terrain on which battles are fought" do _not_ "translate into the sphere of cybersecurity" terribly well.
Appart from that, this is not a real surprise. Saying "US cybersecurity defence fail" is a bit like saying "UK civil servants lose data". Bleeding obvious.
"Without knowing the details of the simulation it's difficult to speculate on what lessons might be learned."
With all due respect, it's not difficult at all to speculate on what lessons might be learned -- none. The government NEVER learns any lessons. Instead, they stick their fingers in their ears while burying their heads in the sand, all while screaming "I'm not listening!". If the US federal government had the ability to learn from its mistakes, we wouldn't be in our current state (economic, political, social, or military). If DHS was able to learn from its mistakes, it would not continuously fail the cyber-security exercises. George W Bush is famous for his ill-advised "No child left behind" nonsense. How about "No federal agency left behind"? How about we design tests that the federal agencies MUST pass, and if they fail to pass said tests, we get rid of the management (withOUT benefits, bonuses, severance pay, etc)? It's an idea so crazy, it just might work. Either that, or do as Michael Moore suggested a couple of years ago -- since we're so keen on outsourcing, let's outsource the government. Same incompetence, same (lack of) protections for the citizens, but at a much-reduced cost.
"Mars... Where have you been recently?" ..... By Paul Posted Monday 22nd December 2008 21:42 GMT
Paul,
If truth be told, recently forging vorpal blades for Human TerrAIn Use. They are badly/sadly needed to tame and train and thus virtually kill the savage sage and frumious beast. But surely everyone knows that.... for IT has never been made a Secret SteganographIQ Plan with a Perverse Barter of Thirty Pieces of Silver for the Derivative Futures Option of Executive Lease Lend Program Purchase.
And in some Lives is Everything for Sale, but not always can Everything be Bought Solely into Orders that Corrupt.
"Ah, I see. "Cyberwar" must be why Wall Street lost $7 trillion in value and why the feds tacked $700 billion onto the national debt just to shore up the banking industry. It HAD to be an act of cyberwar -- I mean, what else could possibly account for such astronomical financial losses?" .... By Rob Rosenberger Posted Monday 22nd December 2008 17:41 GMT
Rob,
That was probably maybe definitely just the first warning shot across the pirates' bows .... and only an Inaugural Danegeld Inducing Skirmish, to Whet the Appetite of Sublimely HEXPerienced Players and Introduce the Gaping Hole in Read Shield Defences.
"Oh noes! teh hax0rz!"
"Where are the malicious signals that are cracking our webs coming from?"
"China"
"Okay, just flick that big red switch to break all of the official 'recieve' lines coming into the country"
"... done... hey, the attacks have stopped".
Or
"Oh noes! teh hax0rz!"
"blah blah signals blah blah"
"from THIS country"
"Okay, just flick these other switches to get rid of the internet connections to any compromised buildings and shut down the wireless networks."
"... done... hey, the attacks have stopped/are slower/aren't particularly dangerous/will take long enough that we can get an ICBM to the originator before they can get back in"
Or
"Oh noes! teh hax0rz!"
"Did you leave the admin login as 'Administrator / Password'?
"....maybe..."
*BANG*
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
