COMMENTARY:
Writing, blogging and speaking at conferences exposes you to a very broad base of viewpoints and also opens you up for non-constructive criticism.
Recently, I received some feedback on a position I have consistently taken on the subject of cyber attack and cyber attribution. This week I will address one of the two issues.
The first issue that I have with that individuals comments is about the difference between a cyber intrusion and a cyber attack. While it is true there are no widely accepted definitions for the two terms, most of those that are truly involved in cyber incidents see the difference between the two.
The best way to illustrate the difference is by example. If someone puts a piece of code on your system that tracks what web sites you go to and reports that information back to some individual or organization – that would be considered an intrusion.
If someone puts a piece of code on your system that exfiltrates data or information, disrupts, destroys or otherwise harms your computer, device, network, applications or data–that would be considered an attack.
The know-it-all attitude of this individual is very dangerous. We must stop calling everything that happens that we do not authorize a cyber attack.
When someone puts spray paints graffiti on the side of a building, is that an attack on the building–and those inside? Of course not, so why is it when someone defaces a web page it is called an attack?
A sampling of those involved with real cyber attacks found that they recognize the difference between cyber intrusions and real attacks. The CISO that made that comment went as far to call most of the incidents “noise.” Let’s hope we are not so distracted by the noise we miss an important attack.
Next week we will address the same individual’s comment that infers “we know for a fact” who are behind the cyber attacks.
Kevin G. Coleman is a long-time security technology executive and former Chief Strategist at Netscape. He is Senior Fellow with the Technolytics Institute, where he provides consulting services on strategic technology and security issues.