Cyber attacks media wake up
Thread Starter
Cyber attacks media wake up
Interesting that Cyber attacks seems to be the flavour of the week in media in highlighting the threat of attacks.
Where have they being hiding.
Sad to say that unless people use closed systems where no access to email / net / no disk drive / no usb port then every system you can think of is vulnerable.
Gets kinda scary when you think what a post computer society could be like where all aircraft and defense systems are corrupted.
Battlestar Galactica was fiction ...........or was it ?
Where have they being hiding.
Sad to say that unless people use closed systems where no access to email / net / no disk drive / no usb port then every system you can think of is vulnerable.
Gets kinda scary when you think what a post computer society could be like where all aircraft and defense systems are corrupted.
Battlestar Galactica was fiction ...........or was it ?
Join Date: Apr 2004
Location: Lincolnshire
Posts: 543
Likes: 0
Received 0 Likes
on
0 Posts
Trying to get the system interested in Cyber threats is like trying to stir treacle. Maybe we're finally waking up. Sadly it's not sexy stuff so it has taken a long time
I don't own this space under my name. I should have leased it while I still could
The problem with computer security is perceived to be the User. The Sy guys therefore place more and more restrictions on computer use to the extent that many systems are so crippled as to be useless.
The users then try to circumvent the security features sometimes to the extent of using their own machines.
What is needed is good personnel training and improved ease of use but draconian sanctions for leaving laptops in car boots, pubs or trains.
One 'system' of use was told to me by an RAF Provost officer. He would email his diary home. He would synch his PDA with his home computer and then reverse the process the ext day. That the PDA was banned was something else.
I was at one location and discovered that the site contract manager had an unauthorised and unsecured wireless network by the simple expedient of logging in with my PDA. Had I not used my PDA, a minor breach, we would not hve detected hs insecure network, a major breach.
Th ereason that cyber warfare seems to be the flavour of the month os probably the same reason that the RN successes at catching pirates and drug runners has been in the press. GCHQ is fighting for its slive of the cake too.
The users then try to circumvent the security features sometimes to the extent of using their own machines.
What is needed is good personnel training and improved ease of use but draconian sanctions for leaving laptops in car boots, pubs or trains.
One 'system' of use was told to me by an RAF Provost officer. He would email his diary home. He would synch his PDA with his home computer and then reverse the process the ext day. That the PDA was banned was something else.
I was at one location and discovered that the site contract manager had an unauthorised and unsecured wireless network by the simple expedient of logging in with my PDA. Had I not used my PDA, a minor breach, we would not hve detected hs insecure network, a major breach.
Th ereason that cyber warfare seems to be the flavour of the month os probably the same reason that the RN successes at catching pirates and drug runners has been in the press. GCHQ is fighting for its slive of the cake too.
Join Date: Jul 2006
Location: bristol
Age: 56
Posts: 1,051
Likes: 0
Received 0 Likes
on
0 Posts
An interesting thread, and with some fairly normal 'military' replies.
IT systems are usually let down by their human operators, and this dates back to the enigma machine of WW2 with many typists selecting 'Adolf' or Hitler' as code words, thus making deciphering easier.
There are also encryption programmes that would make the risk of lost laptops giving secret away almost redundant, yet they are expensive (in terms of unit purchase) and so are not used, despite their use preventing major loss of secret data (at a high financial cost).
It is also unwise to follow the sole idea that another country will use cyber attack against us purely in military terms (even though this would be devastating), and very worth studying the options for terrorist/criminal cyber attack on the UK.
Five years ago, it was reckoned (but I have forgotten by whom) that at least ten groups/governments were competent enough to launch full scale cyber attacks on a nation state, so surely this number is now far higher.
In the same way that WW2 commandos would blow up power stations/sub stations, it is now easier to simply undo the bolts to the coolant tanks, and allow the heat built up to blow the sub stations by themselves (no explosives needed, and much quicker/easier to do).
If someone disabled RAF radars and all Typhoons for 24 hours, hardly anyone would notice, but if ALL UK water, electricity and gas were remotely turned off for 24 hours, the whole world would take notice. Think not of losing your wifi/net, but more likely of having no electricity or water (they are both fairly easy to do, as supplies are controlled by remote telemetry).
Although there are very easy steps that can be used to counter cyber warfare (as the USA found out RE: their lack of Pentagon secure passwords), there are equally cunning and devious chaps and ladies who are intent on defeating security too.
There have been a few major examples of malicious internet/cbyer hacking or disabling, but the biggest and most public has to be that used on Georgia a few years back.
IT systems are usually let down by their human operators, and this dates back to the enigma machine of WW2 with many typists selecting 'Adolf' or Hitler' as code words, thus making deciphering easier.
There are also encryption programmes that would make the risk of lost laptops giving secret away almost redundant, yet they are expensive (in terms of unit purchase) and so are not used, despite their use preventing major loss of secret data (at a high financial cost).
It is also unwise to follow the sole idea that another country will use cyber attack against us purely in military terms (even though this would be devastating), and very worth studying the options for terrorist/criminal cyber attack on the UK.
Five years ago, it was reckoned (but I have forgotten by whom) that at least ten groups/governments were competent enough to launch full scale cyber attacks on a nation state, so surely this number is now far higher.
In the same way that WW2 commandos would blow up power stations/sub stations, it is now easier to simply undo the bolts to the coolant tanks, and allow the heat built up to blow the sub stations by themselves (no explosives needed, and much quicker/easier to do).
If someone disabled RAF radars and all Typhoons for 24 hours, hardly anyone would notice, but if ALL UK water, electricity and gas were remotely turned off for 24 hours, the whole world would take notice. Think not of losing your wifi/net, but more likely of having no electricity or water (they are both fairly easy to do, as supplies are controlled by remote telemetry).
Although there are very easy steps that can be used to counter cyber warfare (as the USA found out RE: their lack of Pentagon secure passwords), there are equally cunning and devious chaps and ladies who are intent on defeating security too.
There have been a few major examples of malicious internet/cbyer hacking or disabling, but the biggest and most public has to be that used on Georgia a few years back.
I don't own this space under my name. I should have leased it while I still could
There was also a recent DNS attack; the target was a large bulletin board system which was off the ether for 24-36 hours and partially crippled for about a week.
Translate that attack to a major ISP. Even if alternative ISP could carry the load the mere process of individuals transferring to a new ISP would screw address books and passworded accounts. As you say BS, it is not a purely military issue but a national and international one.
While my initial comments were indeed related to military application the same is true for many non-military users - open wifi is one - use of easy password systems is another. I have dozens of passwords but in a password protected vault. I know only 2-3 passwords the rest are secure in the vault, passwords such as 56FeMhA4zB. Only the computer literate use good password security and even then not all of them. The real weakness lies with the illiterate.
Translate that attack to a major ISP. Even if alternative ISP could carry the load the mere process of individuals transferring to a new ISP would screw address books and passworded accounts. As you say BS, it is not a purely military issue but a national and international one.
While my initial comments were indeed related to military application the same is true for many non-military users - open wifi is one - use of easy password systems is another. I have dozens of passwords but in a password protected vault. I know only 2-3 passwords the rest are secure in the vault, passwords such as 56FeMhA4zB. Only the computer literate use good password security and even then not all of them. The real weakness lies with the illiterate.
Thread Starter
Must have been Clancy in one of his books who showed how Economic system could be brought down very quickly.
Financial systems use rational thought and that buyers and sellers will act in a rational manner where reality is think along the lines of suicide programmer.
Financial systems use rational thought and that buyers and sellers will act in a rational manner where reality is think along the lines of suicide programmer.
I don't own this space under my name. I should have leased it while I still could
Must have been Clancy in one of his books who showed how Economic system could be brought down very quickly.
Financial systems use rational thought and that buyers and sellers will act in a rational manner where reality is think along the lines of suicide programmer.
Financial systems use rational thought and that buyers and sellers will act in a rational manner where reality is think along the lines of suicide programmer.