The Guardian reports that countries are preparing to cyber-fight back against hack attacks. Read the full story here. An excerpt:
According to well-placed sources, work on “strikeback” has already begun in the UK, with the Serious Organised Crime Agency (Soca) and the Metropolitan police’s e-crime unit working to deploy teams. The measures are being adopted because of the unprecedented level of attacks being suffered from hacking groups in China, Russia and North Korea, which are suspected of being state sponsored. Among intelligence circles in Washington, DC, the idea of hitting back at foreign hacking groups is being described as the hottest topic in cyberspace.
“This is considered to be a key activity,” said a former CIA officer actively involved in the debate. “We are being penetrated and it is not in our tradition to sit back and do nothing.”
It’s good they are fighting back. It is, indeed, about time. But . . .
. . . frankly (I do everything frankly), I think there’s some truth and a lot of hooey in the cyber-paranoia.
No, I’m not denying that attacks happen and that sites get penetrated. Heck, I get oodles of probes every day. The few that get through the router don’t get through the firewall, but the logging tells me so. Most of them are random.
Beyond that, though, almost all the scare talk about attacks on the electric grid and other stuff like that there is just that–scare talk. It is based on so many “what-ifs” that its primary result is jobs creation for talking heads on television.
This is not to say that threats don’t exist. It is to say they are likely overblown. If they were all that easy, they would have already happened.
(And, yes, I know what happened to Georgia. (No, not that Georgia. The other one.) It was a garden-variety Distributed Denial of Service attack, not some sophisticated hacker penetration.)
Why do I say that? I’m a longtime reader of Rob Rosenberger. For dispassionate analysis of cyber threats and separation of myths from reality, I recommend his site.