Home page logo

securecoding logo Secure Coding mailing list archives

Chinese Hacking, Mandiant and Cyber War
From: Gary McGraw <gem () cigital com>
Date: Wed, 20 Feb 2013 09:34:47 -0500

hi sc-l,

No doubt all of you have seen the NY Times article about the Mandiant report that pervades the news this week.  I 
believe it is important to understand the difference between cyber espionage and cyber war.  Because espionage unfolds 
over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty.  During 
the fog of a real cyber war attack, which is more likely to happen in milliseconds,  the kind of forensic work that 
Mandiant did would not be possible.  (In fact, we might just well be "Gandalfed" and pin the attack on the wrong enemy 
as explained here: 

Sadly, policymakers seem to think we have completely solved the attribution problem.  We have not.  This article 
published in Computerworld does an adequate job of stating my position: 

Those of us who work on security engineering and software security can help educate policymakers and others so that we 
don't end up pursuing the folly of active defense.


company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]