This is a pretty difficult question to answer, isn't it? Let's just think of a few events that happened in the last few months, according to the press:
- December, 2006: China suspected to hack Navy site (fcw.com)
- May 2007: Denial of Service Attacks on Estonia (News.com, Computerworld, …)
- June 2007: America getting ready for Cyberwar (Telegraph)
- September 2007: Pentagon hacked by Chinese hackers (Guardian, ZDNet, Times)
- September 2007: Alleged attacks from China on Germany (Golem)
- ... only the tip of the iceberg?
- …more to come?
Is this now the start of Cyberwar?
I do not think that this is the start. This is probably just the first time we see that in press and the first time, it catches broad attention in mass media. But we had these kinds of attacks since quite some time. We have publically seen these attacks to commit industrial espionage – why shall the countries behave differently? (Remember the UK company that was hacked over a long period of time by an Israeli group – Washington Post?).
Is this a problem coming only "from the east"?
I do not believe so. I would be more than surprised if other intelligence agencies would not have the similar capabilities. This is their job, isn't it? So it is to be expected that we see – at the moment – just the tip of the iceberg.
What does this mean for the government and enterprises?
Now, this is probably the key question. Let's accept a fact: If somebody is ready to invest a lot of time and money to get access to information, he/she will get it – for sure. The groups we are talking of, we have to expect having excellent skills, money, and very good connections. Do we have to give in? Surely not! The most important thing we can do is raise the bar. And this can be done! By properly managing your risks, following some basic processes and then maintaining and monitoring your environment you are already upper-class.
On our side we are working hard to get complexity out of security and security products. It has to be easy to configure these products and you need a central point to manage them. If this is not the case, you will most probably not even see whether you are attacked or not. Last but not least, we might see "odd" behavior only if we can correlate events across different products and platforms. This has to be our mission and vision. We will definitely not be there by the end of the year but this is the road we are going.
Comments? Your views?
From the airport in Johannesburg