I agree - and grow increasingly frustrated with those who insist on confusing "cyber war" with "cyber espionage" (and vice versa). But I've found it's quite easy to get them to understand the difference by simply asking them to drop the prefix "cyber" from each. Cyber war is simply war fought on an electronic battlefield with digital weapons. The general objectives are the same as physical warfare: disable/destroy the adversary's capabilities.
In cyber espionage, by contrast, the objective is to obtain information that is held secret by the adversary. This said, espionage is never an end in itself - information must be used for something to have any value. Thus the (possible) source of confusion (other than that pesky "cyber" tag): one may undertake cyber espionage in aid of cyber war - just as one sends out spies to learn secrets to give one's side a strategic advantage in warfare (or soldiers to do reconnaissance before battle - which is a form of tactical espionage). The problem is that the origin of the cyber attacks involved may be the same, and the timing of the cyber attacks may be (near) simultaneous, so that in the heat of the moment, one might be forgiven for misconstruing as "cyber war" what is in fact "cyber espionage in aid of cyber war". But as the objectives of the two are quite different, the attack patterns are also very likely to be different. So there is no excuse for anyone with more than the most superficial level of understanding of "things cyber" to confuse one with the other. === Karen Mercedes Goertzel, CISSP Lead Associate Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com "If you're not failing every now and again, it's a sign you're not doing anything very innovative." - Woody Allen ________________________________________ From: sc-l-boun...@securecoding.org [sc-l-boun...@securecoding.org] on behalf of Gary McGraw [g...@cigital.com] Sent: 20 February 2013 09:34 To: Secure Code Mailing List Cc: Bruce Schneier; Ross Anderson Subject: [External] [SC-L] Chinese Hacking, Mandiant and Cyber War hi sc-l, No doubt all of you have seen the NY Times article about the Mandiant report that pervades the news this week. I believe it is important to understand the difference between cyber espionage and cyber war. Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of forensic work that Mandiant did would not be possible. (In fact, we might just well be "Gandalfed" and pin the attack on the wrong enemy as explained here: http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare.) Sadly, policymakers seem to think we have completely solved the attribution problem. We have not. This article published in Computerworld does an adequate job of stating my position: http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9 Those of us who work on security engineering and software security can help educate policymakers and others so that we don't end up pursuing the folly of active defense. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________