On 3/23/2011 12:37 PM, Yiorgos Adamopoulos wrote: > On Wed, Mar 23, 2011 at 6:21 PM, beenph <[email protected]> wrote: >> So i think all theories only applies until a conflict reach certain a >> breaking point, where the real world take over the *cyber*. > > Oh but it gets better: If a cyber warfare action is an act of war, > expect missiles pulling the plug in return. After all "cyber" is just > another (the newest) dimension of battlespace. > > Which brings me to a question: If one physically takes out a > datacenter, or its power suppliesr (all of them), or its connecting > cables (all of them) and thus rendering it non existent in cyberspace, > is this a cyber warfare action or a hybrid?
This is exactly why "cyber" is not needed as a separate distinction. In any threat model, adversaries can be expected to use all options that are available that meet the cost vs. risk constraints. This holds true whether your adversaries include bored teenagers, insurgents, or governments. If you have particularly valuable assets, you need to allocate commensurate spending on defense. This holds true whether you are a home user, bank, Google, or Libya. I don't like that "cyber" implies the need for a new approach, either on attack or defense. If your adversaries have technology means available within their cost constraints, then you have to defend against technology-based attacks. If they have missiles or IEDs, they'll use those as appropriate. The real story is how much of modern life, including warfare, depends on such fragile off-the-shelf software and hardware. The barrier to entry today (fuzzer + protection bypass) is so much lower than in the 1960's (physical access to machine room). Meanwhile, the number and value of targets you can compromise with that minimal effort is astoundingly high now. -- Nate _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
