Cybersecurity : Is it impossible to effectively de...

正文

请到「今天看啥」查看全文

Internet Protocol (IP) is vertically penetrating (because the telecomm and routing systems rendered data virtual, and simultaneously, IP is connecting general computer science with factory control and management software (for example, using SAP packages to monitor production). Onboard computers are now also coupled with industrial data processing. The “suit-case” which enables repairs to onboard data processing devices forwards the data to the vehicle manufacturer’s technical centre, can download repair software patches and even order spare parts. Another example; each Airbus has 7 IPs that can be connected “at the gate” to handle catering logistics, upload the next flight schedule and once in flight send back status data. It is easy to see here that the worlds I mentioned earlier are now closely intermeshed.

What is happening today can remind us the development of international trade four centuries ago. What had been up till then coastal port-to-port trips became globalized and fabulously huge treasures began to circulate on maritime routes. This traffic brought with it boarding attacks and ship cargo capture by pirates and corsairs and, naturally, creation of military naval fleets. And viruses, occasionally lethal, began to spread.

What we are observing on Internet is exactly the same, except that the asymmetry between attackers and defenders is even more striking. For the former, it is not expensive at all to recruit 2 000 Chinese, 500 Russian or 300 Bulgarians, all of whom are excellent computer scientists. It costs far less than building a ballistic missile, a fighter jet or a nuclear reactor. Building the equipment needed for an attack and the price to “pay” for an attacker is practically zero. Moreover, they can operate almost everywhere: at half-a-dollar to hire a server station, for one million $US you can dispose of two million servers. Who has the possibility to locate the origin of an attack when two million servers, spread all round the world are involved with, say, 14 decoy countries too? Impunity is also guaranteed since very few of the institutions coming under attack opt to launch a court proceeding, given the obvious adverse effect this will have on their reputation.

We must defend ourselves, right?

Even if you want to attribute a cyber-attack, you do not have the legal means to pursue since there are practically no international laws that apply to the Internet. One of the rare international treaties in the field, the Budapest Treaty, refers to Internet in the fight against paedophilia. This is nowhere near the volumes of texts that regulate air traffic, space exploration or the seas and oceans. Victims today are in the same sort of situation as Spanish galleons in yesteryears. More and more wealth is being transported over the Net. Private persons ‘reveal’ their banking data. Design offices exchange their intellectual property. Industrialists even have their production tools on the net, with interconnected factories and suppliers connected via the e-supply chain and e-storage, their clients through e-commerce, manpower resources are managed via e-Manpower packages. Victims are static and try to make themselves known with an attractive portal web site! For the assailants the number of doors before them is growing exponentially. In year 2003, there were 500 million IP addresses in the world. In 2014, we now have 13 billion IPs and it is forecast that in 2020, the figure will no be less than 80 billion given the numbers of connected objects and industrial computerized devices and tools … Therefore nothing is easier than to attack a company via its suppliers or its external, mobile staff.

So what is a cyber-criminal seeking?

Some simply want to get rich, for example by selling ID codes of stolen credit cards. Other motivations can be sabotage or State level terrorism, or NGOs wishing to “punish” a given company, industrial espionage or theft of business data. Behind all such manoeuvres, we find not the romantic Robin Hoods but more often organized crime and what we must now refer to as an “advanced persistent threat.” For 20 euros, you can purchase a complete and valid credit card number with a withdrawal limit set by the thieves at 100 euros. If the attack has stolen some of your industrial design drawings, you must know that there is a parallel market for such intellectual property items, with which documents the follow-on purchaser can make a profit or value-add by using the contents.

How much is this war costing?

请到「今天看啥」查看全文