Cyberwarfare and Cybersecurity are same thing and in future these two are going to overlap each other. In a cyber-warfare, not everything is going down because cyberwar is more tactical and have one specific target or objective due to which these wars might be localized. In case of this, every company needs a backup plan or cyberwar doctrine which differs from company to company. The common doctrines are Intelligence Gathering, Network Defense and deny personnel. This situation is not good for companies during Cyberwarfare. So the goal is to work to find a single cyber warfare doctrine which is free of biasness, applicable to all companies and holds the full spectrum of action without restricting full use of assets.
When it comes to information Security, there is a pyramid of things to act upon for proper security. And the base is “vulnerabilities” which is threat to a system and is infinite in number around internets which might and might not affect the system. Then there are “threats” are the vulnerabilities which could actually put harm into the company or system. But even if there are threats, it does not mean that someone is attacking the system but there might be some threats that could “attack” the system. Within those attacks, there could only be 1 to 50 people who could actually be attacking the system. The bottom to part of pyramid, infinite vulnerabilities and threats, are the part where companies are focusing mostly. However, companies should be focusing more on Attacks and Actors. Companies should focus on who is attacking and why they are attacking. Companies should be closely watching these attacks and find people behind them and find their motive of attack.
The requirement for common security doctrine are that it should be based on security goal of identifying and responding to Actors, using every interaction weather it is attack or not as intelligence and basing response on behavior not identity.
Three things I learned from the Defcon video are as follows:
- If cyber ware takes place, network is important for both parties who are involved in attack because the network should run properly for both parties to attack.
- There is no reliable way of finding weather attacks are hobby, criminal or military in nature and we may never know that no matter how much information we gather. Something that is identified as hobby could turn out to be criminal. Hence these attack should be responded same way no matter who they are.
Vulnerabilities and Threats are problem to cyber security but our focus should be more on finding the attacker and reason of attack if someone is attacking us. This is because there are many vulnerabilities circulating around the internet and very few are threats and among those threats very few are the attacker who want something from our system and companies.