More on Chinese Cyberattacks
Wow, is this a crazy media frenzy. We should know better. These attacks happen all the time, and just because the media is reporting about them with greater frequency doesn't mean that they're happening with greater frequency.
In a private e-mail, Gary McGraw made an important point about attribution that matters a lot in this debate.
Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of forensic work that Mandiant did would not be possible. (In fact, we might just well be "Gandalfed" and pin the attack on the wrong enemy.)
Sadly, policymakers seem to think we have completely solved the attribution problem. We have not. This article published in Computerworld does an adequate job of stating my position.
Those of us who work on security engineering and software security can help educate policymakers and others so that we don't end up pursuing the folly of active defense.
This media frenzy is going to be used by the U.S. military to grab more power in cyberspace. They're already ramping up the U.S. Cyber Command. President Obama is issuing vague executive orders that will result in we-don't-know what. I don't see any good coming of this.
EDITED TO ADD (3/13): Critical commentary on the Mandiant report.
Posted on February 21, 2013 at 12:54 PM • 56 Comments