QOTD - Cyber Spies Are Winning

Business leaders are waking up to the new reality that cyber adversaries, from hacktivists to nation-state adversaries, can gain almost unlimited access to their networks. Corporate boards are now demanding answers from befuddled Chief Information Security Officer who frequently only have their compliance lists instead of real solutions to counter the threat.

The reality is we have all collectively been too complacent in the face of a determined adversary for too long. We have let our technology stagnate for a decade using reactive defenses developed in the 2oth century against a 21st century threat that produces over 70,000 new attacks every day. All the while there is a constant, methodical, silent, systemic hoovering of our nation’s secrets and our corporations’ intellectual property, eroding our ability to compete against emerging economies. The intellectual wealth of our nation is being stolen out from underneath us, hastening the flattening of the world faster than even Thomas Friedman predicted. For the nation that invented the Internet and built billion dollar businesses like Google and Facebook, it’s time to re-invent security for the digital economy.

-- Anup Ghosh,founder and CEO of Invincea

Src: Cyber Spies Are Winning: Time To Reinvent Online Security - Forbes

QOTD on Cyber Attacks

Nowhere is the need to act today rather than tomorrow more evident than in this area. A well orchestrated cyber attack can turn off the power in your house, your city, your country. It can shut down air traffic control. It can shut down banks. In short, a cyber attack can bring a country down without a single soldier having to cross its borders.

This is not science fiction. It is the real world.

-- Anders Fogh Rasmussen, NATO Secretary General

Note: emphasis is mine.

Src: Meeting Future Challenges Together - Speech at the Bucharest University | Facebook

QOTD on Cyberwar

Traditional war is more like a bullet to the chest. Cyberwar is like a cancer -- just as dangerous and deadly, but far more torturous over the long term. And like cancer, we've yet to find a cure for cyberwar.

-- David Gewirtz, Editor-in-Chief of the ZATZ magazines, Cyberterrorism Advisor for the International Association for Counterterrorism and Security Professionals, and faculty at UC Berkeley.

Src: The coming cyberwar (Page 2)

QOTD - FBI Director on Cyber Terrorism

The FBI, with our partners in the intelligence community, believe the cyber terrorism threat is real and is rapidly expanding. Terrorists have shown a clear interest in pursuing hacking skills. And they will either train their own recruits or hire outsiders, with an eye toward coupling physical attacks with cyber attacks.

-- Robert S. Mueller, Director of (US) Federal Bureau of Investigation

Src: Mueller to U.S. Congress: FBI’s focus has shifted - National Law Enforcement | Examiner.com

QOTD on Cyber-War

The odds are we'll wait for a catastrophic event, and then overreact.

-- Mike McConnell, former director of National Intelligence (US)

Src: Virtual war on U.S. a very real threat, experts say - Wire - Lifestyle - bellinghamherald.com

QOTD - USDoD on CyberWarfare

First, cyberwarfare is asymmetric.The low cost of computing devices means that U.S. adversaries do not have to build expensive weapons, such as stealth fighters or aircraft carriers, to pose a significant threat to U.S. military capabilities. A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States' global logistics network, steal its operational plans, blind its intelligence capabilities, or hinder its ability to deliver weapons on target. Knowing this, many militaries are developing offensive capabilities in cyberspace, and more than 100 foreign intelligence organizations are trying to break into U.S. networks. Some governments already have the capacity to disrupt elements of the U.S. information infrastructure.

-- William J. Lynn III, US Deputy Secretary of Defense

Src: Cybersecurity - Defending a New Domain

QOTD on Stuxnet

Stuxnet is like the arrival of an F-35 fighter jet on a World War I battlefield.

-- Ralph Langner,of Langner Communications GmbH

Src: Analysis: Stuxnet: A new weapon for cyber insurgents? | Reuters

QOTD on Stuxnet-like weapons

A cyberweapon like Stuxnet threatens nation-states much more than it threatens a non-state actor that could deploy it in the future. [...]

In short, like every other major new weapons system introduced since the slingshot, Stuxnet creates new strengths as well as new vulnerabilities for the states that may wield it.

-- Caroline B. Glick, writing for The Jerusalem Post

Src: Column one: The lessons of Stuxnet | JPost.com

QOTD - Hayden on The Cyber World

You guys made the cyber world look like the north German plain, and then you bitch and moan because you get invaded. We all get treated like Poland on the web, invaded from the west on even-numbered centuries, invaded from the east on odd-numbered centuries.

The inherent geography of this domain – everything plays to the offense. There's almost nothing inherent in the domain that plays to the defense. That really affects how you think about it when you're a GI.

-- Michael Hayden, retired General, former head of the CIA & NSA

Src: Fog of cyberwar: internet always favors the offense • The Register

QOTD - Hayden on Cyber

Cyber is a domain like land, sea, air, and space. The difference is that God made four and you made the last one. God did a better job.

-- Michael Hayden, retired General, former head of CIA & NSA

Src: US flank exposed on cyber war front: Hayden - Yahoo! News

QOTD on Cyber Defense

A static cyber defense can never win against an agile cyber offense. You beat me 99 times, I will come after you 100 times. Beat me 999 times, I will come after you 1000 times, and we will beat you.

-- Bruce Held, Intelligence Chief for the US Department of Energy

Src: How To Stop Cyberattacks: Diplomacy. Well, Maybe. | Danger Room | Wired.com

QOTD on Cyber Insecurity

Cyber-terrorists have turned Internet technology into a weapon capable of unimaginable destruction. The result is that everyone is a target. -- Josh Zachry, associate director of research operations at the Institute for Cyber Security at the University of Texas at San Antonio

Src: Cyber espionage threatens global security (part 2) | Troy Media Corporation

QOTD - Lieberman on cyber bad-guys?

Our economic security, our national security, and our public safety are now all at risk as a result of new kinds of enemies, with new kinds of names like cyberwarriors, cyberspies, cyberterrorists, and cybercriminals. -- Joseph Lieberman, independent Senator for Connecticut

Src: Senators tackle Internet security - The Boston Globe

QOTD - Brian Snow on Trust

Our society has become too complex. There's too many interwoven, inter-dependencies between national players, corporate players, individuals, around the world, to really be able to sort out, and untangle, all these inter-dependencies for actual trust relationships to evolve that you can work with. -- Brian Snow, former technical director, National Security Agency (US). RB 140 podcast, around minute 30

Src: Risky Business #140 -- Former NSA tech director, info assurance, Brian Snow | Risky Business

QOTD by Paller

There is reasonably good evidence that nation-states have been taking remote control of computers and power companies for years. If you were a country that might have to go to war with another country, you would put spies in place to map the power systems, identify the weaknesses, and pre-place weapons so that if and when you go to war, you are prepared to do real damage. -- Alan Paller, Director of Research at the SANS Institute

Src: Critical condition: Utility infrastructure - SC Magazine US

QOTD - Mueller on Cats & Mice

"We are playing cat and mouse and, unfortunately, the mouse seems to be one step ahead most of the time" said Robert Mueller, Director of the FBI, regarding the threat of cyber-terrorism
Src: AFP: Cyber-terrorism a real and growing threat: FBI

QOTD - Mueller on 1,000 cuts

If hackers made subtle, undetected changes to your code, they could have a permanent window into everything you do. Some in industry have likened this to death by 1,000 cuts. We are bleeding data, intellectual property, information, source code, bit by bit, and in some cases terabyte by terabyte. -- Robert Mueller, FBI Director (US)

Src: FBI Director: Hackers have corrupted valuable data | ComputerWorld

QOTD on Cyberwar

We grew up fearing the mushroom cloud, now we should fear a roomful of hackers with their electricity and internet bills paid for by a government. -- Raimund Genes, Chief Technical Officer of Trend Micro

Src: Britain applies military thinking to the growing spectre of cyberwar - Times Online

QOTD on Cyberwar

But what many have failed to realize is that cyberwar is already here and the battle is already being waged. At the frontlines are corporate assets: intellectual property, research, schematics, sensitive proprietary data, and confidential customer and employee information.

Src: Cisco/ScanSafe 2009 Annual Global Threat Report (PDF)

QOTD on Cyberwar

It [cyber warfare] is a cheaper, less risky form of spying. Consider the risks and costs of training spies and getting them placed in positions in which they are able to steal information versus social engineering, breaking into systems, and/or installing malware in systems while the perpetrator works from home. The risks-rewards ratio of the later is much more favorable. -- Eugene Schultz, CTO of Emagined Security

Src: SANS NewsBites Vol 12 Num 12