My brother who made his engineering Bachelor in Munich told me that his institute of the TU (technical university) had no troubles to find internships for their students but for the Chinese. It seems as if certain things, especially espionage happened rarely with other nationalities but relative often with the latter.
... "We need officers capable of following systematically the path of logical argument to its conclusion, with disciplined intellect, strong in character and nerve to execute what the intellect dictates"
General Ludwig Beck (1880-1944);
Speech at the Kriegsakademie, 1935
Defense Security Service: Targeting US Technologies: A Trend Analysis of Reporting From the Defense Industry
....Overall, the majority of collection attempts in FY10 originated from the East Asia and the Pacific region; commercial entities were the most active collector affiliation category for the second year in a row; targeting of information systems (IS) technology more than doubled from FY09; and collectors continued to most commonly use requests for information (RFIs) to elicit information from cleared contractors.
Even as the total suspicious contact reports from industry more than doubled from FY09 to FY10, the East Asian and Pacific region accounted for an even larger percentage of the total in FY10, increasing from 36 percent to 43 percent. East Asia and the Pacific accounted for as much of the total as the next three regions combined. Despite the dramatic increase in the number of reported cases attributed to the second most active region, the Near East, its share of the total actually declined slightly, due to the even greater increase in incidents attributable to East Asia and the Pacific.
As with the East Asia and the Pacific and Near East regions, Europe and Eurasia’s reported collection attempts more than doubled from last year, causing it to displace South and Central Asia as the third most active collector region. Together, East Asia and the Pacific, the Near East, and Europe and Eurasia accounted for over three-quarters of the world-wide total reported collection attempts against the U.S. cleared industrial base.....
Heading for defeat?
This is rather balanced piece of advocacy on the threat from PRC cyber activity, from April 2012 by Jason Healey, Director of the Cyber Statecraft Initiative at the Atlantic Council of the United States (so a 'Beltway Pundit').
In brief a major challenge to the economic sustainability and health of governments and businesses alike.
Link:http://www.acus.org/new_atlanticist/...cyber-silencesThe threat of Chinese espionage is so critical that the commander of our military cyber defenses has called it the “the biggest transfer of wealth through theft and piracy in the history of mankind.” But the threat is not bad enough to go on the record about the threat, to take risks to share needed information, or even to be willing to tell the Chinese to back off.
These are the government’s Three Silences. Added together I fear they are driving us to defeat.
First: Silence about the threat we face....Second: Silence about practical information which could help the private sector....This leads us to the last silence: Silence to the Chinese about our increasing fury.... By refusing to speak, either to our own people or to the Chinese, we are fighting on an asymmetric battlefield of our adversary’s own choosing. Going public, through naming and shaming those involved, is a winning strategy.
davidbfpo
Balanced? I don't read it as such. Hell, he even advocates a position where if an incident even appears as if it came from China, then we don't bother trying to track it - just hold the Chinese government accountable, regardless. And Healey's piece focuses only on the Chinese, which, although China may be the origin of the majority of cyber espionage, the threat is active in all corners of the world.Originally Posted by davidbfpo
However, I do agree with Healey about declassification of malware signatures for private sector security. Overclassification is a serious obstacle to efficiency in too many key areas - a problem clearly identified post-911, but still nowhere near adequately addressed.
But back to the issue - Any realistic and practical advocate of cyber-defense should be stressing the growing potential global threat, not scare-mongering against one particular actor - especially when that characterization builds the perception that China is the sole threat. The threat is real, and although espionage originating from China makes up the largest proportion (Russia is a major, sophisticated player as well), that does not excuse minimizing or ignoring the global nature of cyber espionage. And the global threat will only expand and build with the growth and development of technological capabilities - in effect, the cyber threat is the 21st century's arms race, but with a potentially unlimited number of state and non-state players.
Fortunately, those at the dirty-boots level of cyber defense (who are never actually in a position to get their boots dirty) have been well aware of the growing nature of the threat for a long time, and have been actively engaged in the evolutionary and innovative development of counter-measures for just as long. The mouthpieces at the national public level are simply players engaged in what is to be a bureaucratic spillage of blood over securing future funding, as we approach a defense drawdown and cuts that may resemble the immediate post-Cold War era.
1. File under "Quid Pro Quo, Clarice".
2. SWJ needs a "This Thread Useless Without Pics" smiley.
http://www.bbc.co.uk/news/world-asia-china-18299065
Hong Kong-based Oriental Daily quotes the monthly New Way as saying on 25 May that the official "fell into a pretty woman trap" set up by the CIA.
After the two were photographed in secret liaisons, he was blackmailed and agreed to supply secret information to the US, the reports say.
"The destruction has been massive," a source told Reuters.
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
Jed:
I don't know that much about how this stuff works exactly which is why I am asking. There was a post over at Information Dissemination a few weeks ago and the author advocated allowing individual targets, companies basically, to take active measures (trons dueling trons kind of) to defend themselves if they are the target of cyber attacks or spying. From the tone of the post this does not happen now. What do you think of that? Are they permitted or encouraged fry an attackers machine now and if they aren't, should they be?
"We fight, get beat, rise, and fight again." Gen. Nathanael Greene
I'm no expert on current corporate countermeasures either, but as far as I know its as you stated: US corporations are tightly focused on defensive measures, but they tend to be passive (at least with those that will discuss or publish security countermeasures in anything resembling a public venue appear to be that way). Some that would like to take active measures are deterred by concerns about legal liabilities resulting from the potential impacts of active measures along the lines of the counterattack type that you suggest - with liability being a constant concern of corporate lawyers in any case.
Sam may have better knowledge of current private sector defensive actions, if he wants to jump in.
Also, there is a government-private sector information sharing entity that has been in existence for a few years now, the Domestic Security Alliance Council, which is intended to facilitate the sharing of critical information between corporations and the FBI and DHS. A substantial part of that is focused on the cyber threat. I'm not saying its really effective, but its there and can be leveraged by the private sector.
And Dayuhan and Ken's remarks about education are also important in the context of an evolving long-term cyber threat - for at least the past two years there have been intermittent reports about the number of computer science grads being too small to meet economic demands, which may or may not also factor in cyber security demands. Hell, just last month the University of Florida was about to eliminate its Computer Science department - while increasing the athletic budget by around $2 million - until a huge outcry resulted in the reversal of that decision. But it remains clear that focus is lacking too many institutions of higher education, let alone our weak and damaged primary education system.
Posting Permissions
Reply With Quote
Bookmarks