Defending against the cyber cold war

Stephen Withers
Thursday, 02 June 2011 17:01

Business IT - Security

If you supply someone who supplies the government, are you the weak link in the security chain? Could your organisation be a stepping stone to an attack on a government or military target?

Brett Wahlin, chief security officer and vice president of IT at McAfee, reckons we could already be in the midst of a cyber cold war.

Wahlin, who has worked in security in both the public and private sectors, told iTWire that while there is a widespread threat from organised groups with purely financial goals (credit card theft, etc), the growth in specific attacks points to a different set of players.

Pointing to attacks on Google, RSA and Lockheed Martin, he asked "what's the motivation?" These companies were not the ultimate targets, he suggested, but merely stepping stones to reach another goal.

"We're starting to figure out what the end games are," he said, suggesting that it involves supply chains. Is it easier to attack the US government directly, or via its suppliers, he asked.

Wahlin pondered that the attack on RSA may have been a stepping stone to reach Lockheed Martin, echoing similar suggestions from other quarters. And there have been other reports that an attempted hack attack on US Department of Defense contractor L-3 Communications involved the use of RSA tokens.

Page 2: zero-day vulnerability + social engineering = advanced persistent threat.