backtop


Print 62 comment(s) - last by hashish2020.. on Oct 13 at 3:46 AM


Should our nation spend more money to safeguard us against nations like China that are reportedly grooming legions of military hackers and striking out at the U.S. and other nations? A new report argues the opposite, saying cyberdefense is confusing and should not be a spending priority. It advocates focusing existing resources on military networks.  (Source: Fox News)
A new study recommends a cautious approach when defending the nation against cyberterrorism

Be ready for both defense and offense.  Cover all routes of attack.  Practice careful surveillance.  All of these would seemingly be logical paradigms for our nation's cybersecurity efforts.  However, a new report takes a different bent and says that the nation shouldn't make cybersecurity its top priority and instead should focus on reallocating limited resources to defence of critical infrastructure.

The new report from the RAND Corporation says that electric power, telephone service, banking, and military command and control in the U.S. are all accessible and able to be attacked from the internet.  That makes them open to attack, according to the report.  RAND's press release describes, "Working against connected but weakly protected computer systems, hackers can steal information, make the systems malfunction by sending them false commands and corrupt the systems with bogus information."

Martin C. Libicki, the report's lead author and senior management scientist at RAND, a nonprofit research organization, adds, "Adversaries in future wars are likely to go after each other's information systems using computer hacking.  The lessons from traditional warfare cannot be adapted to apply to attacks on computer networks. Cyberspace must be addressed in its own terms."

The report says that estimates of current cyberwarfare damage to our nation aren't consistent and cite anything from several billion yearly to hundreds of billions.

According to the report, military networks should be top priority when it comes to defense, as attacks on military networks are potentially the most potent.  They describe a hypothetical scenario in which an enemy could silence missile defenses of a nation and then pound its critical targets with rockets.

The report says that offensive cyberwarfare is largely useless as it tends to bother, but not generally disarm adversaries.  Further, Libicki warns that cyberattacks are amorphous and determining the identity of attackers is largely guesswork.  Attempts at counterattacks are thus largely futile, according to the report.  States Libicki, "This is not an enterprise where means and ends can be calibrated to one another.  As a result, it is ill-suited for strategic warfare."

Rather than try to target nations or launch counterattacks, the study suggests a focus on diplomatic, economic and prosecutorial efforts against cyber attackers.  However, the report suggest that such efforts not be made a priority in the nation's spending.  Reads the release, "Libicki does not recommend the United States make strategic cyber warfare a priority investment."

Other recent reports have taken a different bent, advocating more funding.  They have argued that the U.S. is woefully unprepared for cyberattack.  They also point to nations like China that are grooming legions of computer-savvy troops to launch cyberstrikes.

The RAND study was federally financed, with the goal of offering independent policy alternatives for the U.S. Air Force.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Critical Systems Offline
By HotFoot on 10/9/2009 3:11:31 PM , Rating: 4
Critical systems should be isolated from the internet. Computers controlling the functioning of power generation, etc. have no need to be connected to the internet. It's not that hard to use a separate computer if you want to check your email...

I worked at a site that had two networks - one secure, and one open. The two were not connected by anything more than their power cables. Why wouldn't this be the practice at all places all this spending is trying to protect?




RE: Critical Systems Offline
By MatthiasF on 10/9/2009 3:57:16 PM , Rating: 2
I think that's what the study advocates. Another study also mentioned that linking the power infrastructure by network wasn't worthwhile compared to security risks.

It makes sense that not everything has to be federalized and thrown onto the public network, but with company leaders like Google starting to lobby heavily for more sensitive information to be placed online, who knows what kind of stupid decisions will arrive in the future.


"If you mod me down, I will become more insightful than you can possibly imagine." -- Slashdot














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki