Cyberwarfare and Its Damaging Effects on Citizens

Thursday, February 17, 2011

In order to analyze the real damage that a hypothetical cyberwar or individual act of cyberwarfare could do to the citizens of any nation coming under attack, it is fundamental to begin with some reflections which will help us reach a full understanding of the phenomenon and its related practical implications.

The first of these is surely linked to the difficulty faced in defining the difference (which in the realm of cyber-space can be very subtle) between common criminals committing IT crime and so-called ‘cyber warriors’, by which I mean those individuals with a high level of technical skill who are paid by a State to commit acts of cyberwarfare. This is because on a fundamental level, acts of cyberwarfare are often completely identical – technically speaking – to those acts which common criminals might commit over the internet, only the aims of these acts change (although sometimes even the targets are the same) along with those who conduct them or order them to be carried out...

Stefano Mele is a lawyer specializing in Technology Law, Privacy, Security and Intelligence, and he holds a PhD at the University of Foggia. Stefano lives in Milan, Italy, and works at the law firm "Italy Legal Focus", which provides consultancy services to large companies, including multinationals. He is also an expert in security, cyber-terrorism and cyber-warfare. He is senior researcher of the “Strategic Intelligence and Security Studies Department” of the Link Campus University in Rome, as well as a lecturer for their “Master Degree of Intelligence and National Security Studies” on the subjects of cyber-terrorism and cyber-warfare. Stefano maintains the website "Diritto delle Tecnologie" (Law Technology) http://www.stefanomele.it/ .

  Cyberwarfare and its effect on citizens.pdf -->

Share This! |

-->

Rating:
Views:	1272
Categories:	Security Awareness
Industries:	Federal Military Municipal State/County
Tags:	Cyber Warfare

Post Rating:

• Currently rated 4 star(s) on 5
• Rate it 1 stars
• Rate it 2 stars
• Rate it 3 stars
• Rate it 4 stars
• Rate it 5 stars

(Rate this Post)

Comments:

J. Oquendo According to this document: "in which it was acknowledged that in the last two years computer attacks on the military sector have averaged over 5,000 per day, and also by the words of General Keith" ...

I smell something fishy, I'll just call it a typo for now. In the cited document where this statement comes from, (Quadrennial Defense Review) I decided to search the term: "5,000" and "5," to see who was quoting this number and how it was being quoted. "Where did this number come from, how did they come to this conclusion... After all everything I've heard contradict this, gov estimates millions of attacks... 5000? WTH..."

We are becoming too reliant on "cyberwarfare experts" and it seems that rarely is anyone even checking the credibility of what is being stated in the media. So let's roll with this... "The US government is attacked 5,000 per day. So what? I run about 30+ public VoIP servers which suffer about 300,000 attacks per day. Should I classify every attempt those attackers make as an attack? My number would be 300,000,000 attacks per day.

Furthermore, I read: "in fact, meant that, after a scan was carried out using the Nessus vulnerability scanner, 1,085 instances of 202 bugs pegged as ‘maximum risk’ - which could easily have been exploited for malicious purposes - were reported. "

The reality of relying on vulnerability scanner output is that false positives are almost always problematic in these scanners. I know this first hand since I have partaken in more vulnerability assessments that I can even estimate. Validating whether a vulnerability exists is another story. I've had GFI classify MySQL vulnerable simply because it was running. Was it a threat? Should I have left it on my output report and asked for more budget money?

I don't want to get too far into discourse on this document until facts are checked otherwise it becomes obvious that people aren't taking things serious and solely fudging information for whatever reasons: be it looking for "cyberwarfare seed money", "making a name", etc.

via infosecisland.com

Posted via email from Whistleblower