It most certainly is, but as I understand it TCP/IP isn't, and for all the hype that surrounds these cyberattacks it's often easy to underestimate the defensive value of long lead times in fulfillment, the human eye for detail and the power of the telephone. DDoS is an occasional fact of life for anyone spinning vital operations on TCP/IP networks; sure, script kiddies can do damage but that's what they pay the white hats the big bucks to deal with.Originally Posted by selil
Compartmentalization in both the private and public sectors should mitigate much of the damage, and to my knowledge divvying up secret data and processes across a number of machines in various security realms has already reduced the risk of compromise to an acceptable degree. At least there's no report of any game changing hacking that's brought down a private company or annihilated a government office's ability to do work.You don't think of it that way but you use it that way. Imagine if somebody could see all of your operational orders, all of your logistics, all of your communicaitons with command entities. That is the capability of an attack against your confidentiality mechanisms. This is an aspect of cyber warfare that is not considered often.
Fulfillment is already pretty inefficient, and most logistics operations I've seen in the private sector expect non-trivial screw ups anywhere along the delivery chain. Also, this is only a concern if you're sole means of communicating and verifying requests and responses are via TCP/IP. The game immediately changes once you add in an office manager or supply officer with a phone, a Rolodex, and a gruff, go-get-it demeanor.Now imagine if somebody could enter your systems and change data around. Instead of ordering bullets from the rear you order up potatoes. What if somebody was to change your operational and mission type orders so that you decrease the watch in particular areas at a particular time thereby giving opportunity to the enemy? That is an attack against the integrity mechanisms.
Beware the l33t speaking anarchist, but don't be too fearful of him. He doesn't have the money, wherewithal or talent to pull off something immediately and intensely damaging (like knocking a communications satellite out of orbit or jamming multiple square klicks). For the most part, he's got some skill with PHP and VB and an account at various cracker sites and IRC channels where he can run through a HOWTO detailing the best way to recruit friends and spread malware. He might even know how to wardrive and take advantage of folks still using weak WEP. He can even do thousands of dollars of damage or compromise critical secrets. But he can't force you to react in narrowly predictable ways, and more importantly he can't disguise the fact your system's been penetrated for very long.
Bookmarks