http://arstechnica.com/tech-policy/2015/01/snowden-us-has-put-too-much-emphasis-on-cyber-offense-needs-defense/
By Sean Gallagher
Ars Technica
Jan 8, 2015
In an on-camera interview with James Bamford for an upcoming episode of
PBS' NOVA, Edward Snowden warned that the US Department of Defense and
National Security Agency have over-emphasized the development of offensive
network capabilities, placing the US' own systems at greater risk. With
other countries now developing offensive capabilities that approach those
of the NSA and the US Cyber Command, Snowden believes the US has much more
at stake.
The raw transcript of the NOVA interview showed Snowden in full control,
to the point of giving direction on questions and even suggesting how to
organize the report and its visual elements. Snowden frequently steered
questions away from areas that might have revealed more about NSA
operations, or he went into areas such as White House policy that he
considered "land mines." But the whistleblower eloquently discussed the
hazards of cyber warfare and the precariousness of the approach that the
NSA and Cyber Command had taken in terms of seeking to find and exploit
holes in the software of adversaries. In fact, he says the same
vulnerabilities are in systems in the US. "The same router that’s deployed
in the United States is deployed in China," Snowden explained. "The same
software package that controls the dam floodgates in the United States is
the same as in Russia. The same hospital software is there in Syria and
the United States."
Some of the interview, which took place last June in Russia, possibly
foreshadowed the cyber attack on Sony Pictures. Snowden said that the
capabilities for cyber attacks such as the "Shamoon" malware attack in
2012 and other "wiper" attacks similar to what happened to Sony Pictures
were "sort of a Fisher Price, baby’s first hack kind of a cyber campaign,"
capable of disruption but not really of creating long-term damage. But he
said more sophisticated organizations, including nation-state actors, are
"increasingly pursuing the capability to launch destructive cyber attacks
as opposed to the disruptive kinds that you normally see online...and this
is a pivot that is going to be very difficult for us to navigate."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
