Welcome!

@BigDataExpo Authors: Liz McMillan, Elizabeth White, Talend Inc., Pat Romanski, Scott Allen

Blog Feed Post

My Infosec Wish for 2013: A Balanced Cyberwarfare Debate

By

CybersoldiersI can already hear the chuckling. “Cyber warfare? Balanced? And I’d like partisanship in Washington to end, a double date with Mila Kunis and Scarlett Johansson, and some fries with that!” Yes, my desire is utopian, but the fact that I would have to qualify it with a self-deprecating remark suggests the distance that we have yet to travel before we can get more value out of our present conversation on the topic of cyber warfare.

First, let’s start with the unfortunate fact that little is really new. As CTOVision head honcho Bob Gourley notes, we’ve had so many “cyber wake up calls” as to render the phrase meaningless. If these are wake-up calls, someone keeps hitting the snooze button. We know that our SCADA systems are vulnerable, and have been vulnerable for a while. We know that air-gapping will not protect our systems, and that our systems can be attacked through their subsystems. We also understand that espionage and covert operations pose a fundamental attribution problem worsened by the fact that investigation requires cooperation from governments with something to hide. Anonymous and other decentralized hacking collectives? Predicted and analyzed 20 years ago. Finally, we also (should) get that everything from vendors to human psychology provides a multitude of attack surfaces for a potential attacker. Clearly, we’ve had plenty of forewarning for the calamities we’re suffering and have yet to suffer.

But knowing is unfortunately not, as I learned from watching GI JOE cartoon shows, half the battle. On one hand, much cyber warfare conversation these days boils down to endless repetition of civilization-destroying “cyber-doom” scenarios involving genius hackers that never face intelligence, targeting, and weapon customization problems inherent in any kind of attack capable of causing meaningful kinetic damage. That might be what James Bond faces in Skyfall, but it’s not a realistic idea of the future threat. Cyberhype is endemic, and clouds meaningful assessment of dangers and the resources necessary to combat the problem. Much of what we know in other fields about the dynamics of coercion is completely overlooked in even sound technical assessments that neglect the motives and politics of potential attackers. Attribution, for example, is variable upon an actor’s desire to coerce vs. steal or damage. But while cyber-doom is not on the horizon, attention to the intersecting fields of cyber warfare, cyber conflict, and the broader issues of cyberpower yields some discomforting realizations.

For starters, the line between espionage and warfare is never clear to policymakers in practice. Solar Sunrise occurred in the middle of a standoff between the United States and Iraq, and policymakers faced uncertainty over whether the intrusion was part of the geopolitical drama. Long range cyber-reconnaissance can identify weak points. The ability to cause damage to civilian and military infrastructure may not coerce on its own but can cause cumulative damage when combined with other sources of national power. Zero-day markets and a vigorous underground may not challenge the dominance of custom-designed single shot weapons built by states but add an unstable element to the mix. Knowledge that one’s networks are vulnerable to other powers may help tilt the overall balance in larger peacetime strategic competitions. While no piece of malware has yet killed anyone, military cyberpower has helped states coordinate and employ fearsome conventional weapons.

Stuxnet, while unique, also is at times underrated. As Jason Healey noted, Stuxnet had features of autonomy and mirrors an environment in which computational agents are delegated increasingly broad cognitive powers. The way we make war often mirrors the way we make wealth, and future cyberweapons are being dreamt up in an environment characterized by the rise of a “Second Economy” built on a vast and increasingly automatic infrastructure. Cyberspace, once the humble child of the 19th century telegraphic revolution, is increasingly conquering almost every aspect of everyday life and even reaching inside the human body. It’s not surprising that many cybersecurity ideas are drawn from science fiction, even if they often mislead. Science fiction is, after all, a vehicle for commenting on destabilizing changes in the present.

The ground is shifting. DARPA’s Plan X heralds the rise of military-industrial cyber weapon complexes with streamlined cyberweapon acquisition and deployment, and potentially new kinds of cyber weapons that move beyond the network base of contemporary cyber offense and defense. Trends in computing may shift towards biological and analog computing, complicating current technical assumptions. Big data as a form of cyberpower can aid in uncovering patterns of vulnerability that targets may be entirely unaware of. New methods of password cracking challenge old assumptions about password strength and the user vector for targeting. Finally, if the operational repertoire of cyber warfare in and of itself is limited, cyberpower’s capacity to intersect with other operational environments and modify their features makes attack endlessly customizable.

The idea that the offense is dominant should be held to rigor. But so is the idea that eternal principles of cyber conflict and geopolitics can be derived from the study of an extremely limited set of cases. History is important, and is sadly overlooked in the information security and warfare fields. The Cyber Conflict Studies Association, thankfully, is seeking to remedy this. Certain essential aspects of security and war never change, and a disruption-focused tech industry ignores this at its own peril. But assumptions based on modern Internet Protocol technologies will fail to be of strategic value when attackers bypass them or the technologies change. Want an example? Take a gander at the vulnerabilities inherent in your own car. The answer is not an “everything is new” attitude, but a richer and more detailed effort to think about what precisely cyberspace is. A solid understanding of cyberspace, separate from the domination of any one kind of technology, can not only inform about the nature of cyberpower and cyber threat but also hedge against technological change. That conversation is far from finished, and hopefully 2013 will auger a more useful debate about war and other forms of conflict in cyberspace.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com

@BigDataExpo Stories
SYS-CON Events announced today that FalconStor Software® Inc., a 15-year innovator of software-defined storage solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. FalconStor Software®, Inc. (NASDAQ: FALC) is a leading software-defined storage company offering a converged, hardware-agnostic, software-defined storage and data services platform. Its flagship solution FreeStor®, utilizes a horizonta...
Silver Spring Networks, Inc. (NYSE: SSNI) extended its Internet of Things technology platform with performance enhancements to Gen5 – its fifth generation critical infrastructure networking platform. Already delivering nearly 23 million devices on five continents as one of the leading networking providers in the market, Silver Spring announced it is doubling the maximum speed of its Gen5 network to up to 2.4 Mbps, increasing computational performance by 10x, supporting simultaneous mesh communic...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, will provide an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profes...
Eighty percent of a data scientist’s time is spent gathering and cleaning up data, and 80% of all data is unstructured and almost never analyzed. Cognitive computing, in combination with Big Data, is changing the equation by creating data reservoirs and using natural language processing to enable analysis of unstructured data sources. This is impacting every aspect of the analytics profession from how data is mined (and by whom) to how it is delivered. This is not some futuristic vision: it's ha...
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts...
Let’s face it, embracing new storage technologies, capabilities and upgrading to new hardware often adds complexity and increases costs. In his session at 18th Cloud Expo, Seth Oxenhorn, Vice President of Business Development & Alliances at FalconStor, will discuss how a truly heterogeneous software-defined storage approach can add value to legacy platforms and heterogeneous environments. The result reduces complexity, significantly lowers cost, and provides IT organizations with improved effi...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
It's easy to assume that your app will run on a fast and reliable network. The reality for your app's users, though, is often a slow, unreliable network with spotty coverage. What happens when the network doesn't work, or when the device is in airplane mode? You get unhappy, frustrated users. An offline-first app is an app that works, without error, when there is no network connection.
Data-as-a-Service is the complete package for the transformation of raw data into meaningful data assets and the delivery of those data assets. In her session at 18th Cloud Expo, Lakshmi Randall, an industry expert, analyst and strategist, will address: What is DaaS (Data-as-a-Service)? Challenges addressed by DaaS Vendors that are enabling DaaS Architecture options for DaaS
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed...
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, will discuss the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filte...
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies adopt disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevO...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Avere delivers a more modern architectural approach to storage that doesn’t require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbuilding of data centers ...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 ad...
The Quantified Economy represents the total global addressable market (TAM) for IoT that, according to a recent IDC report, will grow to an unprecedented $1.3 trillion by 2019. With this the third wave of the Internet-global proliferation of connected devices, appliances and sensors is poised to take off in 2016. In his session at @ThingsExpo, David McLauchlan, CEO and co-founder of Buddy Platform, will discuss how the ability to access and analyze the massive volume of streaming data from mil...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
In most cases, it is convenient to have some human interaction with a web (micro-)service, no matter how small it is. A traditional approach would be to create an HTTP interface, where user requests will be dispatched and HTML/CSS pages must be served. This approach is indeed very traditional for a web site, but not really convenient for a web service, which is not intended to be good looking, 24x7 up and running and UX-optimized. Instead, talking to a web service in a chat-bot mode would be muc...
When building large, cloud-based applications that operate at a high scale, it’s important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. “Fly two mistakes high” is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee...