On Wed, Feb 20, 2013 at 9:34 AM, Gary McGraw <g...@cigital.com> wrote: > hi sc-l, > > No doubt all of you have seen the NY Times article about the Mandiant report > that pervades the news this week. I believe it is important to understand > the difference between cyber espionage and cyber war. Because espionage > unfolds over months or years in realtime, we can triangulate the origin of an > exfiltration attack with some certainty. During the fog of a real cyber war > attack, which is more likely to happen in milliseconds, the kind of forensic > work that Mandiant did would not be possible. (In fact, we might just well > be "Gandalfed" and pin the attack on the wrong enemy as explained here: > http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare.) > > Sadly, policymakers seem to think we have completely solved the attribution > problem. We have not. This article published in Computerworld does an > adequate job of stating my position: > http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9 > > Those of us who work on security engineering and software security can help > educate policymakers and others so that we don't end up pursuing the folly of > active defense. > I'm somewhat surprised a report of that detail was released for public consumption. The suspicion in me tells me its not entirely accurate or someone has an agenda. There's too much information in there that would be cloaked under "national security" given other circumstances.
There also appears to be a fair of FUD-fanning going on: "Additionally, there is evidence that Unit 61398 aggressively recruits new talent from the Science and Engineering departments of universities such as Harbin Institute of Technology." The US equivalent would be like saying the NSA actively recruits Mathematicians and Computer Scientists. Jeff _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________