Welcome!

@BigDataExpo Authors: Elizabeth White, Sridhar Chalasani, Tirumala Khandrika, Gopala Krishna Behara, Patrick MeLampy

Blog Feed Post

My Infosec Wish for 2013: A Balanced Cyberwarfare Debate

By

CybersoldiersI can already hear the chuckling. “Cyber warfare? Balanced? And I’d like partisanship in Washington to end, a double date with Mila Kunis and Scarlett Johansson, and some fries with that!” Yes, my desire is utopian, but the fact that I would have to qualify it with a self-deprecating remark suggests the distance that we have yet to travel before we can get more value out of our present conversation on the topic of cyber warfare.

First, let’s start with the unfortunate fact that little is really new. As CTOVision head honcho Bob Gourley notes, we’ve had so many “cyber wake up calls” as to render the phrase meaningless. If these are wake-up calls, someone keeps hitting the snooze button. We know that our SCADA systems are vulnerable, and have been vulnerable for a while. We know that air-gapping will not protect our systems, and that our systems can be attacked through their subsystems. We also understand that espionage and covert operations pose a fundamental attribution problem worsened by the fact that investigation requires cooperation from governments with something to hide. Anonymous and other decentralized hacking collectives? Predicted and analyzed 20 years ago. Finally, we also (should) get that everything from vendors to human psychology provides a multitude of attack surfaces for a potential attacker. Clearly, we’ve had plenty of forewarning for the calamities we’re suffering and have yet to suffer.

But knowing is unfortunately not, as I learned from watching GI JOE cartoon shows, half the battle. On one hand, much cyber warfare conversation these days boils down to endless repetition of civilization-destroying “cyber-doom” scenarios involving genius hackers that never face intelligence, targeting, and weapon customization problems inherent in any kind of attack capable of causing meaningful kinetic damage. That might be what James Bond faces in Skyfall, but it’s not a realistic idea of the future threat. Cyberhype is endemic, and clouds meaningful assessment of dangers and the resources necessary to combat the problem. Much of what we know in other fields about the dynamics of coercion is completely overlooked in even sound technical assessments that neglect the motives and politics of potential attackers. Attribution, for example, is variable upon an actor’s desire to coerce vs. steal or damage. But while cyber-doom is not on the horizon, attention to the intersecting fields of cyber warfare, cyber conflict, and the broader issues of cyberpower yields some discomforting realizations.

For starters, the line between espionage and warfare is never clear to policymakers in practice. Solar Sunrise occurred in the middle of a standoff between the United States and Iraq, and policymakers faced uncertainty over whether the intrusion was part of the geopolitical drama. Long range cyber-reconnaissance can identify weak points. The ability to cause damage to civilian and military infrastructure may not coerce on its own but can cause cumulative damage when combined with other sources of national power. Zero-day markets and a vigorous underground may not challenge the dominance of custom-designed single shot weapons built by states but add an unstable element to the mix. Knowledge that one’s networks are vulnerable to other powers may help tilt the overall balance in larger peacetime strategic competitions. While no piece of malware has yet killed anyone, military cyberpower has helped states coordinate and employ fearsome conventional weapons.

Stuxnet, while unique, also is at times underrated. As Jason Healey noted, Stuxnet had features of autonomy and mirrors an environment in which computational agents are delegated increasingly broad cognitive powers. The way we make war often mirrors the way we make wealth, and future cyberweapons are being dreamt up in an environment characterized by the rise of a “Second Economy” built on a vast and increasingly automatic infrastructure. Cyberspace, once the humble child of the 19th century telegraphic revolution, is increasingly conquering almost every aspect of everyday life and even reaching inside the human body. It’s not surprising that many cybersecurity ideas are drawn from science fiction, even if they often mislead. Science fiction is, after all, a vehicle for commenting on destabilizing changes in the present.

The ground is shifting. DARPA’s Plan X heralds the rise of military-industrial cyber weapon complexes with streamlined cyberweapon acquisition and deployment, and potentially new kinds of cyber weapons that move beyond the network base of contemporary cyber offense and defense. Trends in computing may shift towards biological and analog computing, complicating current technical assumptions. Big data as a form of cyberpower can aid in uncovering patterns of vulnerability that targets may be entirely unaware of. New methods of password cracking challenge old assumptions about password strength and the user vector for targeting. Finally, if the operational repertoire of cyber warfare in and of itself is limited, cyberpower’s capacity to intersect with other operational environments and modify their features makes attack endlessly customizable.

The idea that the offense is dominant should be held to rigor. But so is the idea that eternal principles of cyber conflict and geopolitics can be derived from the study of an extremely limited set of cases. History is important, and is sadly overlooked in the information security and warfare fields. The Cyber Conflict Studies Association, thankfully, is seeking to remedy this. Certain essential aspects of security and war never change, and a disruption-focused tech industry ignores this at its own peril. But assumptions based on modern Internet Protocol technologies will fail to be of strategic value when attackers bypass them or the technologies change. Want an example? Take a gander at the vulnerabilities inherent in your own car. The answer is not an “everything is new” attitude, but a richer and more detailed effort to think about what precisely cyberspace is. A solid understanding of cyberspace, separate from the domination of any one kind of technology, can not only inform about the nature of cyberpower and cyber threat but also hedge against technological change. That conversation is far from finished, and hopefully 2013 will auger a more useful debate about war and other forms of conflict in cyberspace.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com

@BigDataExpo Stories
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togethe...
SYS-CON Events announced today that Dataloop.IO, an innovator in cloud IT-monitoring whose products help organizations save time and money, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Dataloop.IO is an emerging software company on the cutting edge of major IT-infrastructure trends including cloud computing and microservices. The company, founded in the UK but now based in San Fran...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
SYS-CON Events announced today that Addteq will exhibit at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Addteq is one of the top 10 Platinum Atlassian Experts who specialize in DevOps, custom and continuous integration, automation, plugin development, and consulting for midsize and global firms. Addteq firmly believes that automation is essential for successful software releases. Addteq centers its products an...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain.
In his session at @ThingsExpo, Sudarshan Krishnamurthi, a Senior Manager, Business Strategy, at Cisco Systems, will discuss how IT and operational technology (OT) work together, as opposed to being in separate siloes as once was traditional. Attendees will learn how to fully leverage the power of IoT in their organization by bringing the two sides together and bridging the communication gap. He will also look at what good leadership must entail in order to accomplish this, and how IT managers ca...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settle...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets. By creating abundant, high-quality editorial content across more than 140 highly targeted technology-specific websites, TechTarget attracts and nurtures communities of technology buyers researching their companies' information technology needs. By understanding these buyers' content consumption behaviors, TechTarget creates the purchase inte...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including cloud...
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Have you ever noticed how some IT people seem to lead successful, rewarding, and satisfying lives and careers, while others struggle? IT author and speaker Don Crawley uncovered the five principles that successful IT people use to build satisfying lives and careers and he shares them in this fast-paced, thought-provoking webinar. You'll learn the importance of striking a balance with technical skills and people skills, challenge your pre-existing ideas about IT customer service, and gain new in...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ca...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...