Inside Cyber Warfare - Jeffrey Carr [0]
Jeffrey Carr
Editor
Mike Loukides
Copyright © 2011 Jeffrey Carr
O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or corporate@oreilly.com.
Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Inside Cyber Warfare, the image of light cavalry, and related trade dress are trademarks of O’Reilly Media, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a trademark claim, the designations have been printed in caps or initial caps.
While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
O'Reilly Media
* * *
Foreword
Since the first edition of Jeffrey Carr’s Inside Cyber Warfare: Mapping the Cyber Underworld was published, cyber security has become an increasing strategic and economic concern. Not only have major corporations and government agencies continued to be victimized by massive data thefts, disruptive and destructive attacks on both public and private entities continue and show no signs of abating. Among the publicly disclosed targets of cyber attacks are major financial institutions, entertainment companies, cyber security companies, and US and foreign government agencies, including the US Department of Defense, the US Senate, and the Brazilian and the Malaysian governments.
Many of these cyber penetrations are aimed at theft of identity or financial data for purposes of criminal exploitation. These cannot simply be regarded as a “cost of doing business” or tolerable losses; such episodes undermine the public trust, which is the foundation for business transactions over the Internet. Even more significant is the threat posed by cyber theft of intellectual property. Every year, economic competitors of American businesses steal a quantity of intellectual property larger than all the data in the Library of Congress. As a result, these rivals are gaining an unfair advantage in the global economy.
Also gaining in seriousness are organized efforts to disrupt or even destroy cyber systems. Anarchist and other extremist groups, such as Anonymous and LulzSec (and their offspring), seek to punish those with whom they disagree by exposing confidential data or disrupting operations. Recent breaches of cyber security firms such as HBGary and EMC’s RSA SecurID division demonstrate a strategic effort to undermine the security architecture on which many enterprises rely. And the multiplication of social media and mobile devices will create many more opportunities for cyber espionage, social engineering attacks, and open source intelligence collection by nation-states, terrorists, and criminal groups.
Since the formation of the Comprehensive National Cybersecurity Initiative in 2008, the US government has unveiled a series of security-related strategies, including legislative proposals. These are useful and important steps, but they’re not enough to keep pace with the growing and diversifying threats. The private sector in particular must take ownership of much of the burden of defending the networks they own and operate. Moreover, while technology and tools are key to the solution, human beings are at the heart of any security strategy. Unless those who use the Internet observe good security practices, defensive technologies will merely be a bump in the road to those who seek to exploit cyberspace.
Finally, while defense against cyber attacks is important, it is not enough. When cyber attacks damage critical infrastructure or even threaten loss of life, sound strategy calls for preventive and