August 17, 2014 ·
Cyber Retaliation Like That Exposed By Snowden A Bad Idea Says Cyber Security Guru – Bruce Schneier
When discussing the idea of automated cyber retaliation, or hitting back, cyber security guru Bruce Schneier told a recent Black Hat Conference, contended that automated cyber retaliation is “too hard to know for sure — who’s behind the attacks.” Innocent digital bystanders could get caught in the crossfire, and extensive, unintended, cyber collateral damage could be the result.
Tim Greene, writing in the August 14, 2014 online website NetworkWorld, writes that “the NSA program dubbed MonsterMind, came to light through a recent Wired.com magazine interview” with former NSA employee and U.S. fugitive, Edward Snowden. “MonsterMind,” Wired.com wrote, “would enable automated [digital] retaliation against machines that launch cyber attacks, with no human intervention.” “The problem with any such automated cyber retaliation,” Mr. Schneier told a Black Hat gathering of conference attendees, “is that automated or otherwise, the [unintended, digital] collateral damage it could cause by striking the source could be very damaging,” to too many innocent digital bystanders. Mr. Schneier added that “it’s often difficult, or impossible to determine conclusively, whether the traceable source is the actual,” culprit. “Despite the risks involved,” Mr. Schneier said, “the practice [of automated retaliation] is becoming more common,” which he called a “dangerous trend; although, Mr. Green notes that Mr. Schneier cited no specific cases of automated cyber retaliation that went awry. “A more measured approach, where forensics determine where such attacks originated — is the right way to go,” he said. “Vigilante justice doesn’t tends not to work well,” he added.
“More important for attacked organizations,” Mr. Greene contends, “is responding quickly to minimize the damage. “Forget about keeping attackers off your networks”; he argues, and instead, “concentrate on what you’re going to do about it — once the [your] networks are breached.”
“In general, the attacker with more resources [than the victim] is going to get in [to your networks],” Mr. Schneier said, “it’s a matter of containing some of the damage.” “The trick,” he adds, “is to formulate a response quickly; and, executing effectively — while automating as much as possible in order to reduce the risk of human error. “More than with other security activities, incident response requires more human intervention, so it’s important to develop effective incident response tools to help out,” Mr. Schneier said. “People are our biggest security problem,” he observed, “but you can’t full automate [cyber] response. You can’t cut people out of the loop.” V/R, RCP
No comments:
Post a Comment