Follow Slashdot stories on Twitter


Forgot your password?
Privacy Security Technology Your Rights Online

Cyber War Mass Hysteria Is Hindering Security 75

jhernik writes "International cyber threat initiatives are in danger of becoming overblown, the US government's security chief told the RSA Conference in San Francisco. 'Cyber war is a terrible metaphor,' said the US government's cybersecurity czar Howard Schmidt. 'Don't make it something it's not.' Internet attacks from hackers, spies and terrorist groups deserves serious attention, he said, but this should not be 'to the extent of mass hysteria.'"
This discussion has been archived. No new comments can be posted.

Cyber War Mass Hysteria Is Hindering Security

Comments Filter:
  • by mlts ( 1038732 ) * on Thursday February 17, 2011 @12:14PM (#35232938)

    An intrusion attempt is an intrusion attempt, be it by a dedicated tiger team doing a pen test, some guy living in Elbonia testing his skillz, an enemy country with their intel arm probing for weaknesses, a criminal organization looking for organizations with their fly open to use as staging points for botnet C&C servers.

    An attack is an attack, and an exploit check is an exploit check. Who is doing it matters less than handling it, be it someone checking if the ssh daemon is buggy, or someone calling the front desk pretending to be the CEO and demanding a password.

    Ideally, people need to not focus on *who* is doing the attacks as the primary concern, but the attacks themselves.

    Since there is no good definition of a cyberwar, if one defines it as a country's military or intel forces attacking another site to find a way in, it can be said that there are plenty of cyberwars going on around the globe with almost every country going against everyone else.

  • That's easy. (Score:4, Informative)

    by khasim ( 1285 ) <> on Thursday February 17, 2011 @01:32PM (#35234032)

    Protection requires 10% of ISP's to adopt a routing policy change. Let me know when that's done, ok?

    It would be done within 24 hours of such an attack actually succeeding. More likely within an hour.

    That's the core problem with all of these "disaster" scenarios.

    They depend 100% on all-of-the-interested-parties doing nothing at all to resolve or mitigate the problem(s) during / after an attack.

    There are lots of idiots out there who would not be able to fix their systems. But there are also a lot of smart people who know how to fix the problem but just haven't gotten management to buy off on it yet. That will change when there is a real problem.

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk