In my recent blog posts Limitations of EU Cyber Warfare Planning Part 1 and Part 2 I have drawn attention to the limitation of relying on managing a DDoS attack for assurance of a nation states or even the EU ability to defend itself against cyber attacks. Quite simply DDoS isn’t the only attack we should be planning to manage and assurances to politicians, governments, business and citizens need to be taken with a pinch of salt if the scope of testing continues to be limited in scope.
Yesterday’s BBC report that China has, without permission, re-directed traffic, some of which may belong to sensitive US web sites including the US Senate, the Office of the Secretary of Defence, NASA and the Commerce Department, illustrates my reservations about assurances given about any nation state or the EU’s ability to understand and manage cyber threats.
It is not known whether the re-routing of traffic was intentional. However security experts claim that the re-routing of traffic could be used to introduce malware. I would also ask the question whether traffic confidentiality could have been compromised. Even heavily encrypted traffic could be vulnerable. What better subject matter to try China’s new super computer out on, decrypting US government traffic.
I’ll be writing about limitations in planning for defending against cyber attacks in following posts. Please leave a comment if of interest and register for my blogs updates if your interested in non technical observations about the role and impact of information security in today society.