As long as I have been lecturing on security I have used the “Threat Hierarchy” that lists threats in ascending order of seriousness. It goes like this:
1. Exploratory hacking
4. Cyber crime
5. Information Warfare
It turns out that this hierarchy is also a predictive time line. Obviously we are well in to the era of cyber crime- have been for about two years.
But what about information warfare? When are we going to see that? Well folks, we are engaged in Information Warfare. Alan Sipress’ article in the Washington Post today is a must read. It details the ongoing attacks against the Commerce Department bureau in charge of licencing exporters to China. The attacks emanate from China. Put these recent attacks together with the “industrial scale” attacks of Titan Rain, and the targeted attacks against Sandia Labs, and you have what looks like information warfare to me.
My contention: China has been waging war with the United States and other western countries for years. The first shot fired was in May of 2001 during the so-called “hacker war” between the US and China that culminated in the release of Code Red, the IIS targeting worm that dibilitated thousands of servers in the US.
This is a very one sided war. The US has lost *all* of the battles with hardly a retaliatory shot fired. Government facilities are very poorly prepared to fight this war and the private sector cannot expect any protection whatsoever. My advise is to look to your own defense. As you invest in security think beyond viruses, worms, and Russian identity thieves. Think about massive state sponsored attacks targeting your information, your infrastructure and your people.