Dailydave mailing list archives
Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki
From: "Jim O'Gorman" <jim () elwood net>
Date: Fri, 25 Mar 2011 11:45:25 -0500
On Wed, Mar 23, 2011 at 12:17 PM, Michal Zalewski <lcamtuf () coredump cx>wrote:
The real tragedy of infosec is that we simply don't have the tools to secure large and complex organizations particularly well - not against governments, but against bored kids with an agenda. Security vendors are partly to blame for perpetuating a myth that a secure organization can be built on top of the commercial AV or IDS tools that said vendors happen offer. It does not come as a surprise that this model does not work well, and "the world of cyber" has very little to do with it.
From my POV, much of this has to do with most models of infosec rely on the
concept of "you don't have to run faster then the bear, you just have to run faster then the guy next to you". That model may work against opportunistic criminals that are looking for a good ROI and have no interest in targeting a specific target, but rather is more focused on obtaining assets with no concern where those assets come from. But what do you do when the bear decides you are the pretty one? Very few programs are built to sustain a targeted attack by any adversary. And the more determined and funded that adversary is, the worse for the defender. This might be a kid at home, or a state sponsored "cyber solider". Does not really matter. Could unemployment checks to a disgruntled former employee be considered funding? It seems like the a lot of more modern defensive models are more similar to retail's loss management programs then anything else. Yeah you will get shoplifting, but lets just try to make it the stuff that is not that big of deal. Make the important products better protected, and budget for the shrink that is sure to happen. Jim
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki, (continued)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Yiorgos Adamopoulos (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dave Aitel (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki dave (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dominique Brezinski (Mar 25)
- Message not available
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dominique Brezinski (Mar 27)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 27)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Jim O'Gorman (Mar 27)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki beenph (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Yiorgos Adamopoulos (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Nate Lawson (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Kevin Noble (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Marsh Ray (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Nate Lawson (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Miles Fidelman (Mar 27)
- Message not available
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Nate Lawson (Mar 27)
- Message not available
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki delchi delchi (Mar 25)