tag:blogger.com,1999:blog-4088979.post3017388834695628378..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Thoughts on Cyber CommandRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4088979.post-9285448561094568832009-05-08T10:39:00.000-04:002009-05-08T10:39:00.000-04:00Man, I have been waiting for someone to point this...Man, I have been waiting for someone to point this stuff out.<br /><br />The two CRITICAL points: <br /><br />1. "They let the hackers have free range to do whatever they want." <br /><br />Vulnerabilities are, by nature, random. The more skilled the attacker, the more random "luck" they have. But still ultimately random. You can't set objectives in the same way, it's like a flea market.<br /><br />2. "The first thing is that you have to stoke some sort of nationalism in the way that Russia and China do." <br /><br />Exactly the problem. Hackers in Russia are nationalist, in the U.S. they tend to be either leftist or anarchist. This is a really serious issue for the future of American intelligence. As security becomes more popular in the US I forsee a rise in nationalist involvement, but the best way to accelerate that is to tacitly consent. But how do you do that, other than through some high profile acquittal of an American accused of attacking assets within a country with hostile network presence? 21st century foreign relations are too sensitive to publish a new version of mark and reprisal. <br /><br />Maybe the best way would be to invert the consent and publish a list of "networks of consequence" to which current computer crime statutes will be applied (.mil, .gov, most allied .com, .uk, etc.) And in so doing, the implication is that those networks which are left off the list are of no issue, just as stealing something off the shelves at a store carries consequence, whereas picking something out of a trash can does not. <br /><br />"We're not telling people to attack your networks...we're just not going to waste our time, effort, and money doing your job for you."Hidden Muscle BJJhttps://www.blogger.com/profile/06399606602249781402noreply@blogger.com