Samstag, 7. August 2010
Cyberwarfare
Dass diese These Substanz hat, dafür sprechen Zahlen und Fakten: Neben den Russen sind die USA, China und Israel derzeit führend in Sachen Cyberkrieg. Insgesamt laufen in 140 Staaten weltweit Datenkrieg-Programme. Vor allem die USA sind massiv eingestiegen: Vergangenes Jahr wurde ein eigenes Cyber-Kommando eingerichtet, dem der Chef des Geheimdienstes NSA, der Vier-Sterne-General Keith Alexander, vorsteht. 55 Mrd. Dollar werden investiert, tausende Hacker in Staatsdienste übernommen - vor allem deshalb, "weil wir weltweit am verwundbarsten sind, das Ziel Nummer 1" , so der CSIS-Experte James Lewis, der für die Regierung Obama ein Strategiepapier geschrieben hat (Securing Cyberspace for the 44th Presidency). Täglich soll es hunderttausende Angriffe auf US-Einrichtungen geben.
Abonnieren
Kommentare zum Post (Atom)
3 Kommentare:
http://www.usccu.us/
Know How Factory
he first exercise is focused on identifying the organization’s key critical information systems. These include not only (1) the systems that are most fundamental and widely used, but also (2) the systems that are key to value creation, and (3) the systems that have the potential to create the greatest liabilities, such as those that regulate dangerous processes. This exercise draws heavily on the Value Creation Analysis methods that are central to the US-CCU’s approach.
The second exercise explores the likely effects of the four basic categories of cyber-attacks identified by the US-CCU’s director. These four categories of cyber-attacks are those that: 1) interrupt business operations, 2) cause businesses to operate defectively, 3) discredit business operations, and 4) remove the information differentials that allow businesses to create value. It’s important during this exercise to put aside the question of whether a given attack seems feasible. The point is simply to get some idea of what would happen if these different types of attack were run for different lengths of time on the critical systems identified in the first exercise. This results in a preliminary “attacks-to-worry-about” list.
The third exercise assembles a well-motivated in-house “red team” and has them devise attacks on their own systems. This red team makes a special effort to see whether it can discover ways of accomplishing the items on the attacks-to-worry-about list. The methods discussed are not limited to those that would use the internet. The attack methods that the red team comes up with are then rated according to the levels of expertise they would require in order to succeed. This provides one indication of how likely the attacks discussed in the second exercise might be. In the course of these discussions, the red team will also usually identify new attack possibilities that weren’t spotted in the second exercise.
The fourth exercise brings in the financial and business operations people to help evaluate what these various cyber-attacks would cost the organization. The key to organizing and quantifying their observations is once again the Value Creation Analysis method. This results in a list of cyber-defense priorities that can be refined further, where necessary, using open source intelligence.
The third exercise assembles a well-motivated in-house “red team” and has them devise attacks on their own systems. This red team makes a special effort to see whether it can discover ways of accomplishing the items on the attacks-to-worry-about list. The methods discussed are not limited to those that would use the internet. The attack methods that the red team comes up with are then rated according to the levels of expertise they would require in order to succeed. This provides one indication of how likely the attacks discussed in the second exercise might be. In the course of these discussions, the red team will also usually identify new attack possibilities that weren’t spotted in the second exercise.
The fourth exercise brings in the financial and business operations people to help evaluate what these various cyber-attacks would cost the organization. The key to organizing and quantifying their observations is once again the Value Creation Analysis method. This results in a list of cyber-defense priorities that can be refined further, where necessary, using open source intelligence.
Kommentar veröffentlichen