U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber warfare

Is US really thinking to preemptive cyber attacks as deterrent?

Cyberspace is abuzz with activity. Governments are secretly conducting cyber operations. Everyday, we read about malicous code used to steal information; or about cyber attacks that target critical infrastructure. The principal question raised by these fervent activities are rules of engagement and proportionality of defense – the operative limit of country that discovers an attack […]

Is US really thinking to preemptive cyber attacks as deterrent?

Cyberspace is abuzz with activity. Governments are secretly conducting cyber operations. Everyday, we read about malicous code used to steal information; or about cyber attacks that target critical infrastructure. The principal question raised by these fervent activities are rules of engagement and proportionality of defense – the operative limit of country that discovers an attack against its network. Can we envisage an automated decision making process in defence?

Recently many cases have highlighted intense cyber espionage activity against US Government and private industries with intent to steal information. The principal suspect is China, due to characteristic techniques adopted by hackers. Obviously this is just tip of iceberg.

The Obama administration has discovered that the President has power to order preemptive cyberattack to discourage those who    violate the US network, especially China, which is unresponsive to US efforts to mitigate attacks.

 Last Sunday ‘The New York Times published an interesting article on the possibility of President Obama ordering a strike to respond to imminent cyber threats against critical national infrastructures.
 The measure is limited to Homeland security menaced by threats that affect assets critical for the country and does not cover attacks on private industry like cyber espionage.

New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.”

The alert level has increased after the recent attacks on media agencies. Security experts are convinced that they are state-sponsored operations due the means and methods adopted.

The discussion on a possible preemptive attacks is in my opinion a provocation; it’s clear that that both US and China are pursuing their cyber strategies and are respectively conscious of the cyber capabilities of their adversaries; the declarations are a public admission of failure of diplomatic efforts.

US could increase pressure on China requiring for example major purchases of Chinese goods to go through national security reviews, according to the Council on Foreign Relations (CFR), but  that is very different from the organization of a cyber attacks for demonstrative purpose.

Is Obama’s administration really willing to give up so prolific commercial relationship?

“Adam Segal wrote in a blog post that China has responded by saying through the People’s Daily that the administration’s position could trigger a worldwide arms race.”

The U.S. threat of a pre-emptive strike could increase risk overall, and preemptive attack could be addressed against the wrong targets due the difficulty in locating the origin of attack

We must also consider that governments will continue to operate secretly in cyber space also on the offensive front and that statements of a pre-emptive attack are only a warning to the world about cyber capabilities of the country.

Cyber weaponry is the most complex arms race under way.  Declaration of preemptive cyberattack are useless.

cyber war is much more subtle and dangerous than preemptive cyber attack!

Pierluigi Paganini