I read the last book (“Confront and Conceal”) of the New York Times reporter, David Sanger. Actually the chapter 8 only. This famous chapter focuses on “Olympic Games” and reveals that Stuxnet was a part of a one of the most secret program conducted jointly by American and Israeli to cripple Iran’s nuclear progress (and to convince some Israelis that a cyberattack would be smarter than an airstrike). What a surprise…
Source : thedailybeast.com
Stuxnet was a partial success. The cyber attacks were able to delay a year or two of Iran’s nuclear program. But the U.S. did not they open Pandora’s box? With these leaks (probably authorized by the Obama administration), the U.S. officialize their programs of cyber weapons and their cyber attacks. It’s a game-changer. This new context could lead other countries to be less reticent to communicate about the development of their offensive cyber capabilities. And to use it.
The next time the Chinese are confronted with evidence that they are launching cyberattacks against the US or its allies, Beijing is bound to offer up an easy one-liner: “So? Explain how what we may be doing is different from what you did in Iran.” David Sanger - Confront and Conceal
I’m beginning to wonder what’s going on over at Kaspersky Labs. Eugene Kaspersky has begun sounding like Richard Clarke with his warning about mega-cyber disasters during his keynote address at the AUSCERT IT security conference. Then there’s his repeating of the Russian government mantra that a cyber weapons treaty is needed (it’s not). Now Kaspersky Labs has called a virus whose only purpose is to steal data a “cyber weapon”.
Come on, guys. You’ve done some terrific research in the past with DuQu. Now all of a sudden, it seems like you’ve become evangelists for a Russian government strategy to raise the stakes in cyber war rhetoric. Espionage is not warfare and never has been. Hence a tool created solely to conduct cyber espionage cannot also be legitimately called a cyber weapon.
Everybody knows the Godwin’s law: “As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches”.
In cybersecurity or cyberwar scope, I think we can now create a Richard Clarke’s law : “As an cyberattack discussion grow longer, the probability to designate chinese hackers or government as responsible and refer to cyberwar becomes unavoidable”. What do you think about this?
Richard Clarke is a former presidential advisor on cybersecurity. Now he’s the chairman of Good Harbor Consulting, a strategic planning and corporate risk management firm. The favorite Richard Clarke’s topic is cyberwar.
Hype or reality? In his mouth, China is blamed for every cyber attacks against every company in the US. When medias or many cybersecurity “experts” start talking about hacking, China (or Russia sometimes, cyber cold war is back…) is always designated as source of cyber attacks or cyber espionage. And then we got cyberwar mention… Yes China or Russia have offensive cyber capabilities and exploit them daily to launch cyber attacks and spy on us but so do many other countries like USA, Great Britain, Germany, India, Israel (and even France)…
Cyberspace is not in state of war. It’s just the new espionage playground even if the military are interested in very closely.
Remember some Richard Clarke’s declarations:
“I’m about to say something that people think is an exaggeration, but I think the evidence is pretty strong. Every major company in the United States has already been penetrated by China”
If Congress will not act to protect America’s companies from Chinese cyberthreats, President Obama must.
In his 2010 book, Cyber War, former White House counterterrorism czar Richard Clarke invokes the specter of nationwide power blackouts, planes falling out of the sky, trains derailing, refineries burning, pipelines exploding, poisonous gas clouds wafting, and satellites spinning out of orbit — events that would make the 2001 attacks pale in comparison. From Think Again: Cyberwar by Thomas Rid - foreignpolicy.com
No, I don’t like very much Richard Clarke. Why? Because I think the apocalyptic tactic is not the best solution to mitigate cyber threats. To sell fear is good for business and mainly for former government officials (now working in private sector), who expect to profit from cybersecurity boom. Anti-China and cyberwar marketing will not protect American or European critical infrastructures from cyber threats… Cyber attacks are reality but… come on… stop referring to cyberwar every time and start thinking differently about cybersecurity.
Few relevant articles: