OPINION / Are we prepared for cyber war?

By Steve Shillingford
 

Those of us who work in cyber security arena understand what the future could hold for cyber warfare. We see how technology, like any asset, in the wrong hands can be used for inappropriate, even evil, purposes.

Cyber war is not far off and in fact is occurring even today. Recently, when Google announced they were the target of sophisticated attacks from China, we were notified that a war had begun.

China had a plan to attack and steal Google intellectual property and compromise Gmail. Google was not alone. Coordinated attacks were also organized targeting Adobe and nearly 20 other corporate and government sites.

The attacks, known now as “Operation Aurora,” took advantage of a Microsoft Internet Explorer vulnerability. But this is not the first time that war has broken out. Be assured, this is not the last.

In fact, Jim Lewis, director of the Center for Strategic and International Studies, told 60 Minutes in a recent interview that in 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor.

Some unknown foreign power, and honestly, we don’t know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high-tech agencies, all of the military agencies, and downloaded terabytes of information.
 
This is why President Obama has made cyber war defense a top national priority.

Cyber threats are one of the most serious economic and national security challenges we face as a nation. Every major defense agency, including the Departments of Defense, State, Commerce, Energy and NASA, has been infiltrated.

What happened to Google, Adobe and others can never be completely prevented, but the extent of the attack could have been minimized. What does this latest attack tell us?

Quite simply, you cannot fight a global cyber war without sufficient weaponry. Would we expect our military to enter into Iraq with just knives? Absolutely not. Similarly, we cannot expect our flagship brands in American enterprises and our government to face cyber war without the proper tools and ability to respond.

With active network forensics solutions in place at appropriate points in the network, these organizations impacted by Operation Aurora could have instantly investigated all the network traffic and swiftly identified suspicious activity at the first sign of an attack.

This recorded data could have been replayed to determine the exact scope and extent of the attack, including compromised systems and data. This record could have also proved what systems were not compromised, allowing these organizations to effectively remediate and protect against further exposure. With active network forensics, network traffic and information could have been retrieved in seconds, reducing the exposure window from weeks to hours.

Today, the update code for the patch is available, but what if something got in while the door was open? You may have closed it with a patch, but what about the time between exposure and patching?
It is unwise for organizations today to rely on prevention tools alone and assume they are prepared for an attack. Being able to record your traffic, review attack information and immediately respond to an enemy is an absolute must.

Today, every CSO and security administrator in both the public and private sector must realize that without measures to instantly remediate an attack, they are in jeopardy. Operation Aurora has taught us a very necessary lesson indeed. After all, who brings a knife to a gunfight?

Steve Shillingford is the CEO of Solera Networks. He can be reached at: sshillingford@soleranetworks.com.