(((It's true that, in the world of computer misbehavior, there's a long, blank-faced, moronic-rube period when normal people simply don't want to admit that such things are
(a) thinkable (b) doable and (c) actually happening.))))
TOP OF THE NEWS
–DoD Report: China Bolstering Cyber Warfare Capabilities
(May 28 & 29, 2007)
China "has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks," according to a recent report from the US Defense Department (DoD). In previous years, the
Pentagon's annual report to Congress on China's military power has indicated that China was focusing on defensive measures, so the shift to offensive tactics merits attention.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9021663&source=rss_topic17
http://www.pcworld.com/article/id,132284-pg,1/article.html
[Editor's Note (Skoudis): Reports like this and the recent cyber attacks against Estonia may indicate a coming shift in the dominant threat we face. Such a shift has happened before. Before 2003, our dominant threats were hobbyists and insiders. In 2003 and 2004, the threat then changed to organized crime looking to make money. Depending on the geopolitical environment, the dominant threat may shift again, and very quickly, to state-sponsored cyber warfare.
Note also that the state and organized crime threats are not mutually exclusive. It has been reported that in the Estonian case, the attackers rented bot-nets from cyber crime organizations. (((My, how handy.)))
(Honan): The ongoing cyber attacks against Estonian websites, covered in a recent NewsBites edition http://www.sans.org/newsletters/newsbites/newsbites.php?vol=9&issue=40,
should serve as a sobering reminder that Cyber Warfare is not a theoretical threat but a very effective and real one that nation states need to address.
(Schultz): When the concept of information warfare was introduced, it was immediately embraced by the military and intelligence community, but there did not seem to be very much substance behind it. The opposite is now true–security risks related to information warfare activity must now be clearly recognized, monitored, and mitigated.]
(((Okay, but if you, Joe User, have got an entire massive petrocratic nation-state personally subverting your wimpy little commercial-off-the-shelf wintel windoze box, what the heck are you supposed to be able to do about that? They're called "personal" computers, not
"national" computers.)))
