Begin forwarded message:
From: Mario Profaca <[EMAIL PROTECTED]>
Date: September 30, 2008 2:51:57 PM PDT
To: [EMAIL PROTECTED]
Subject: [SPY NEWS] Government has the tools to tackle cyber-crime
Reply-To: [EMAIL PROTECTED]
http://www.computerweekly.com/Articles/2008/09/30/232500/government-has-the-tools-to-tackle-cyber-crime.htm
Government has the tools to tackle cyber-crime
Author:
Ionut Ionescu, a member of (ISC)2’s European Advisory Board and EMEA
director of security services for Nor
<http://www.computerweekly.com/authors/articleauthor.aspx?liArticleID=232500
>
Posted:
15:06 30 Sep 2008
Topics:
ISPs |
<http://www.computerweekly.com/Home/RefinedSearch.aspx?cat=IT%2fInternet%2fISPs&key=ISPs&ct=NewsAndBlogs&sort=Relevance&ft=0
>
Network Infrastructure |
<http://www.computerweekly.com/Home/RefinedSearch.aspx?cat=IT%2fNetworking%2fNetwork+Infrastructure&key=Network+Infrastructure&ct=NewsAndBlogs&sort=Relevance&ft=0
>
Business Continuity
<http://www.computerweekly.com/Home/RefinedSearch.aspx?cat=IT%2fIT+Management%2fBusiness+Continuity&key=Business+Continuity&ct=NewsAndBlogs&sort=Relevance&ft=0
>
*In view of the cyber-warfare dimension to the Russia-Georgia conflict,
and the Chinese cyber-espionage ongoing against the west since c.2003
("Titan Rain", and so on), how concerned should we in the UK be about
state-sponsored hacking?*
Cyber-espionage and cyber-warfare
<http://www.computerweekly.com/Articles/2008/09/26/232466/how-concerned-should-the-uk-be-about-cyber-terrorism.htm
>
are just expressions of a millenia old problem onto a new medium (cyber
space).
The general public in the UK should be concerned, and the UK government
should be concerned, but only to the same extent that they were
concerned before about state sponsored espionage and warfare in general.
Meaning, the public does not need to panic and the government does not
need to just "throw money at the problem".
Governments have had "electronic" espionage and warfare concerns for
most of the last century. The main thing about "cyber" is the
connectivity that the internet brought to us, which has obvious
advantages for doing business, but perhaps not so obvious, but
frightening, consequences for governments in terms of critical national
infrastructure (CNI).
ADVERTISEMENT
Espionage is by definition a form of asymmetric warfare, because
relatively small amounts of resources committed could bring huge
benefits (ie, high return on investment in business speak). State
sponsored espionage should be worrying for any state targeted by it,
because it implies unlimited resources being invested by a foreign
hostile power to try to disrupt, corrupt or uncover information.
Since it is asymmetric, the answer for a government targeted by
"state-sponsored hacking" is to apply good, age-old, security
principles, such as: value at risk, separation of duties, disaster
recovery planning and so on.
For example, most utilities installations in a country (eg, power
plants, water purification facilities, etc) are ran by SCADA systems not
connected to the internet. So, the security of those isolated systems
needs to be investigated, not just from a "hacking perspective", but
from a technology-people-process perspective. Hacking (state-sponsored
or not) is a concern and should be even more of a concern if these
systems get connected to the internet or to other systems, which could
themselves be hacked, etc.
A bigger worry could be a government's or a country's infrastructure
moving more and more to being delivered by commercial providers, with
shared infrastructure and more connections to the internet. In this
case, the threat assessments need to include these commercial suppliers,
the technology they use, where it was developed, how are their people
recruited, are their work processes safe enough for the informaton at
risk, etc? Governments are usually pretty astute at evaluating and
mitigating such risks.
In brief: yes, it is a worry, but we generally know how to tackle it.
------------------------------------
-__ ___ _ ___ __ ___ _ _ _ __
/-_|-0-\-V-/-\|-|-__|-|-|-/-_|
\_-\--_/\-/|-\\-|-_||-V-V-\_-\
|__/_|--//-|_|\_|___|\_A_/|__/
SPY NEWS is OSI newsletter and discussion list associated to
Mario's Cyberspace Station - The Global Intelligence News Portal
http://mprofaca.cro.net
http://spynews.byethost13.com
Since you are receiving and reading documents, news stories,
comments and opinions not only from so called (or self-proclaimed)
"reliable sources", but also a lot of possible misinformation
collected and posted to Spy News for OSI purposes - it should be
a serious reason (particularly to journalists and web publishers)
to think twice before using it for their story writing, further
publishing or forwarding throughout Cyberspace.
To unsubscribe:
mailto:[EMAIL PROTECTED]
*** FAIR USE NOTICE: This message contains copyrighted material whose
use has not been specifically authorized by the copyright owner. Spy
News is making it available without profit to SPY NEWS members who
have expressed a prior interest in receiving the included information
in their efforts to advance the understanding of intelligence and law
enforcement organizations, their activities, methods, techniques,
human rights, civil liberties and other intelligence related issues,
for non-profit research and educational purposes only. We always
mention the author and link the original site and page of every
article. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S.
Copyright Law. If you wish to use this copyrighted material for
purposes of your own that go beyond 'fair use,' you must obtain
permission from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
SPY NEWS home page:
http://groups.yahoo.com/group/spynews
Mario Profaca
http://mprofaca.cro.net/profaca.html
e-mail: mario.profaca[at]zg.t-com.hr
SPY NEWS owner & editor
Yahoo! Groups Links
