More on Chinese Cyberattacks
Wow, is this a crazy media frenzy. We should know better. These attacks happen all the time, and just because the media is reporting about them with greater frequency doesn’t mean that they’re happening with greater frequency.
Hype aside, the Mandiant report on the hackers is very good, especially the part where the Chinese hackers outted themselves through poor opsec: they logged into Facebook from their work computers.
But this is not cyberwar. This is not war of any kind. This is espionage, and the difference is important. Calling it war just feeds our fears and fuels the cyberwar arms race.
In a private e-mail, Gary McGraw made an important point about attribution that matters a lot in this debate.
Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of forensic work that Mandiant did would not be possible. (In fact, we might just well be “Gandalfed” and pin the attack on the wrong enemy.)
Sadly, policymakers seem to think we have completely solved the attribution problem. We have not. This article published in Computerworld does an adequate job of stating my position.
Those of us who work on security engineering and software security can help educate policymakers and others so that we don’t end up pursuing the folly of active defense.
This media frenzy is going to be used by the U.S. military to grab more power in cyberspace. They’re already ramping up the U.S. Cyber Command. President Obama is issuing vague executive orders that will result in we-don’t-know what. I don’t see any good coming of this.
EDITED TO ADD (3/13): Critical commentary on the Mandiant report.
Leave a comment