Re: cyber-9/11

[Jon Kibler <Jon.Kibler () aset com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Graham wrote:
> > > Begging the question, well documented where?
> > I was going to ask the same question.

Well, I don't consider this as "well documented" as I like (and as I
told Gadi off list, I would have to track down the public information I
consider well documented, as the links I had to it are now broken), but
consider this from Fergie ("[funsec] Fwd: [ISN] Electricity Grid in U.S.
Penetrated By Spies"):
        http://online.wsj.com/article/SB123914805204099085.html


> I don't understand the question. The power critical infrastructure is no more vulnerable to cyberattack than it is to 
> a physical attack, such as bombing selected power substations, or holding an engineer's family hostage while he flips 
> the appropriate switch on a nuclear reactor. State actors or well-funded terrorist organizations do not like hacking. 
> The reason is that the results are unreliable. They'd rather go the physical route and get the desired result in a 
> predictable timeframe.

> If China were to go to war against us, they would more likely bomb carefully selected power stations than hack in our 
> systems. It's easier, and more assured of success. (Causing a power blackout either through hacking or bombing is 
> equally an act of war).


Robert,

More to the point, the maybe the real question should be, "Why would a
State actor initiate a cyber attack instead of a physical attack?"

Well, the first reason that comes to mind is: Plausible Deniability. It
is a heck of a lot easier to cover your tracks in a cyber attack than in
a physical attack. It easily could be a lot harder to figure out where
all those bits over the Internet are actually originating from (even
ignoring botnets), than it would be to figure out where all the incoming
missiles on the radar screen are coming from! (That is, it is much
easier to forge packet headers than to change the fundamental laws of
physics.)

Also, what if the objective is to cause disruption or distraction, and
not to do actual permanent damage? As I gave in my example, if China
wanted to attack Taiwan, but wanted to get an advantage to reduce the
possibility of early U.S. intervention, what better tactic could they
have than to launch a cyber attack against the U.S. that appeared to
come from around the world? An attack that could disrupt power,
communications, and possibly military operations? Or (and this is the
one what I am waiting for North Korea to do) launch an attack against
our satellites, sending them bogus commands that send them out of
control, causing loss of communications, GPS, reconnaissance, etc.?

I can see a lot of advantages to a State actor where a cyber attack has
advantages over physical attacks. Even if the attacks were not 100%
successful, disruption and distraction can give an enemy a strong
advantage at a lower risk than a physical attack.

(If I wasn't basically brain dead from the worst virus I have had in
over 25 years, I could probably think of even more reasons. But now that
my fever is again down, its back to bed.)

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924 (NEW!)
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkncW9UACgkQUVxQRc85QlP6SgCcCZ3Ks8HVVXLtDJ0q1MNPs2f0
btEAniLBufMUPYR32F8UYkXv3SroxGlt
=1z1u
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.