Think Information. Think Security.
 
Picture
Rick Dakin, president of the Denver chapter of the FBI affiliate InfraGard, believes that foreign state-sponsored actors will continue to escalate cyber intrusion activity against American networks in an effort to determine the maximum allowable tolerance level before the US declares such events an act of war.

"What does our government or other governments think is an effective deterrent or response to an all out cyber attack? Since we have no good definitions or protocols, I do think that the attack on Lockheed Martin is a sign of the future," Dakin said in an interview with TechWorld.


Pundits and security industry leaders continue the debate over the use of certain terminology employed in describing state-sponsored cyber offensives - namely the use of "cyber war" as an all-inclusive descriptor.

"When our ambassadors are going to international treaty conferences where we are trying to decide the definitions of cyberwar and what appropriate responses to cyber attack should be, we have a new generation of thinking," Dakin explained.

Amid growing concerns over state-sponsored attacks reportedly emanating from China, Iran, Russia and other nations, western governments have begun to seriously step-up the cyber offensive rhetoric in recent months.

A soon to be finalized Pentagon cyber strategy which will outline the circumstances in which an attack against U.S. computer networks could be considered an act of war, and potentially elicit an armed military response.

The measure of a cyber attack and the corresponding response would be determined by evaluating the level of "death, damage, destruction or high-level disruption" caused by an attack.

News of the Pentagon strategy itself closely follows the release of an Obama administration report on international cyber security coordination which provides the strongest indications to date that cyber attacks against a NATO member nation could invoke retaliatory actions under the treaty's mutual defense doctrine.

But one of the biggest obstacles to standardization of military response to cyber-based attacks is in reliably determining attribution. In many cases, it is nearly impossible to clearly determine the origin of an attack, and even more difficult to ascertain if the event was state-sponsored or instigated by individual actors.

Many security experts believe the problem of accurate attribution may be the strategy's Achilles heel. Proxies, routing tricks, compromised machines, and spoofed IP addresses can be easily coordinated to give the appearance that an attack is originating far from the actual source.

"The U.S. military is setting itself up for failure because attribution is difficult, and it's easy to spoof your identity thereby falsely implicating the wrong government or group. A military attack could be misplaced, as a result, but at the same time not responding will now be seen as a sign of weakness," said Jay Bavisi, president of EC-Council.

Is the tough-talk capable of being backed up by swift and decisive action based on credible analysis of an attack? Most likely it is not.

"In the realm of the Internet (cyber realm), you will fail miserably if you think that you can pinpoint an opponent via an IP address or even collection of addresses, a signature, a comment in an application and so forth," wrote security guru J. Oquendo.

InfraGard is a public/private cooperative that operates under the guidance of the Federal Bureau of Investigation.

According to the group's website, "InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories."


Cross Post from InfoSec Island



Leave a Reply.