Information Warfare: Fighting Vulnerability

Archives

June 11, 2006: The Cyber War battlefield is changing. Since most of the major Cyber War players, especially China, are increasingly dependent on the web, vulnerability has become as important as your ability to carry out attacks. In the race to reduce vulnerability, the United States is moving faster than everyone else. You won't hear about this in the news, because good news isn't news. You will hear announcements about new attacks that are about to take place. What isn't reported is that, in the last year, most of those attacks have turned out to be false alarms, or attacks that were launched, but that fizzled in the face of better defenses. That is also not news. You know, the good news thing again.

In the last five years, corporations, and individuals have responded to the growing threat of web based attacks, by fighting back. Last year, for example, 93 percent of major corporations had problems with computer viruses. Currently, only 75 percent report problems, and the severity of those problems is way down. Spam is, for those who use available defenses, no longer a problem. Spam still comprises most of the email traffic, which is a problem for the Internet as a whole, but that is now a legal, law enforcement and diplomatic problem. Most of the increased protection from web based attacks was accomplished by the use of more and more protective software. But this has revealed the growing threat of another vulnerability: people. Currently, about 70 percent of the time, it's human error, or cooperation, that is the cause of a computer system being compromised.

Moreover, it's well to remember that there's no such thing as a "computer problem." Computers, both hardware and software, are made by people. Any flaws are manmade. Cyber criminals, who are a growing presence on the web, are most successful when they employ a combination of software tools, and "human engineering" to get into systems and do their damage. This approach works less well for military attacks, which depend more on hitting many targets all at once. "Human engineering" also depends on operatives being familiar with the local culture. Thus it's difficult for a lot of Chinese Cyber War operatives to get on the phone to the United States and pull off "human engineering" scams. But that doesn't prevent Chinese, or even North Korean or al Qaeda operatives from gathering useful information ahead of time for a future attack. Thus more emphasis has been placed on building defenses against "human engineering" attacks. That's more difficult than creating new defensive software, as it involves training people. When you are dealing with people, you are dealing with far more unpredictability and unreliability than with software.

 


Article Archive

Information Warfare: Current 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 


X

ad
0
20

Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..
Subscribe   Contribute   Close