Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Protecting countries from attack
Posted by: rsnake
Date: August 22, 2006 10:39AM

I was reading this article over at http://www.gcn.com/print/25_25/41716-1.html and it occured to me that I've never heard a strategy to defend a country from another country under cyber attack conditions. Having worked for the companies I've worked for you'd think I'd know about something like this if it existed, but I don't. Is anyone working on this? Missle defense is great, but what if the power grid goes off line for a month? That's got the same catastrophic effect as droping a bomb on the economy and to people's lives (look at the people who died in California during the summer heat wave).

It seems like we as a community should be working on this as well. Ways in which to defend against the next warhol worm: http://ha.ckers.org/blog/20060728/cross-site-scripting-warhol-worm/

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Protecting countries from attack
Posted by: Legionnaire
Date: August 22, 2006 10:58AM

Like 5 years ago I remember seeing a show about seminars held in the U.S. where IT security officers were faced with imaginary attacks in the country's infrastructure. I remember seeing shots of them all sitting in the "briefing" room where the situation was layed out. So I guess something is being done, don't know if it's any good though.

My personal opinion is that in these cases prevention is pretty much it. If the power grid goes down there isn't a lot you can do. On the phsyical part, law enforcement agencies should do their job as if they were dealing with any other crimical/terrorist threat. As far as electronic systems are concerned, key-installations like power plants shouldn't use their core server as a web browser :P

Options: ReplyQuote
Re: Protecting countries from attack
Posted by: rsnake
Date: August 22, 2006 11:08AM

We know for a fact that almost everything has a web based interface now. And it's not just a matter of them having a web based interface, so much as how web based interfaces can allow us deeper into networks.

I sat on a very high level comittee at one point and we discussed the attack scenarios involved with large scale countries, but that was only at the corporate level. Key "critical infrastructure" is what it was designed to help protect, however, that doesn't deal with the entire country at all once. You could make an argument that since we've completely privatized the infrastructure itself (arguably with the exception of DNS) that those assets are known and protected as they can be, but I'm skeptical.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Protecting countries from attack
Posted by: FR3DC3RV
Date: May 19, 2007 12:10PM

-

-------------------------------
http://fr3dc3rv.blogspot.com



Edited 1 time(s). Last edit at 05/28/2007 11:10AM by FR3DC3RV.

Options: ReplyQuote


Sorry, only registered users may post in this forum.