Posted By thestatedtruth.com on December 1, 2010

This excerpt from Art Cashin on the floor of The New York Stock Exchange

Cyber Warfare – Maybe because of the apparent success of the Stuxnet virus on the Iranian nuclear efforts, there has been a lot of floor chatter about the new age of cyber warfare.  The chatter got a lot more active with the latest issue of Foreign Affairs.  It contains an essay on the topic and a terrific interview with William Lynn.  He is the deputy secretary for defense.  He describes some of the unique features of cyber-security.

The first is that we use the word “asymmetric” fairly frequently now in warfare, but it is particularly true in cybersecurity. It requires a very low cost for people to develop cyberthreats, malware that can intrude on information technology systems.

On the other hand, defending against those threats requires a substantial investment. And let me just give you one nugget as an example of that. Some of the most sophisticated integrated defense software that is commercially available now have 5–­­10 million lines of code, and they are massive, work-intensive, difficult products to develop. The average malware has stayed constant over the last decade, and it’s about 175 lines of code.

So the disproportion there between the offense and the defense is substantial and will, I think, remain so for a while. I want to talk about how we might change that toward the end.

A second characteristic of cyberthreats is the difficulty of attribution. A keystroke can travel around the world twice in about 300 milliseconds. That is as long as it takes you to blink your eye. Yet the forensics of identifying an attacker can take weeks, months, or even years, and that is if you can do it at all. Going back and figuring out where an attack came from is extremely, extremely difficult and by no means a sure thing.

That has some real importance in that it starts to break down the paradigm of deterrence that was the undergirding of nuclear forces in the Cold War. If you don’t know who to attribute an attack to, you can’t retaliate against that attack, so you can’t deter through punishment, you can’t deter by retaliating against the attack. This is very different, of course, than, you know, with nuclear missiles, which, of course, come with a return address. You do know who launched the missile.

This is, I think, further complicated by the third attribute I’d talk about in terms of cyberthreats, which is that they are offense-dominant, that the Internet was not developed with security in mind. It was developed with transparency in mind; it was developed with ease of technological innovation; it was developed with openness in terms of the system design. But it was not developed with techniques of security management, like secure identification. Those kinds of techniques were not built into the networks.

Secretary Lynn recounts how the U.S. Defense system was invaded and compromised by a cyber attack in 2008 and how that was resolved.  It is an instructive interview but not one to let you sleep easier.

Categories: Commentary, Economy, National News, National Security, Wall Street, World News
Tags: cyber warfare