Slashdot Mirror
Europe Simulates Total Cyber War
Tutter writes with this quote from the BBC:
"The first-ever cross-European simulation of an all out cyber attack was planned to test how well nations cope as the attacks slow connections. The simulation steadily reduced access to critical services to gauge how nations react. The exercise also tested how nations work together to avoid a complete shut-down of international links. Neelie Kroes, European commissioner for the digital agenda, said the exercise was designed to test preparedness and was an 'important first step towards working together to combat potential online threats to essential infrastructure.' The exercise is intended to help expose short-comings in existing procedures for combating attacks. As the attacks escalated, cyber security centers had to find ever more ways to route traffic through to key services and sites. The exercise also tested if communication channels, set up to help spread the word about attacks, were robust in the face of a developing threat and if the information shared over them was relevant."
Find it here.
So that explains it now.
The ISPs in my country have obviously been preparing us for years of cyberwar.
Love to. How about Global Cyber Internet War?
Since cyber attacks are launched from pwned machines, what is needed is:
(1) More diversity. We need around 5 major OS families with roughly equal market share, not one with 90% and a few others begging for scraps. Lack of genetic diversity makes life much easier for botnets and malware.
(2) We need people to start taking ownership for their machines. Running random shit that random untrusted web sites thrust at you (whether exes or just scripts used as an attack vector) is just idiotic, and people have got to start realizing this. I'm not sure how to do that. Any possible way I can think of seems inherently evil because it would do things like cut infected people off the net until they fix their box. And *that* means granting more control and central authority over the net to powers that can use it for evil as well as good. Anyway *everyone* surfing the web should be whitelisting scripts from important and trusted sites and running *no others*. Not doing that is a primary reason there are so many pwnd boxes.
Maybe we need a cultural change. We (tech geeks) need to start exerting pressure on our non-tech friends and family to not fall into the digital tragedy of the commons. No one feels like securing their own machine because, well, it's just one infected machine, and alone can't cause great harm. But when it's millions of them, they *can* piss in our collective cheerios.
How is a mock cyberwar different from a DDoS simulation from the outside and other points, combined with a thorough penetration test?
A thorough pen test doesn't just scan ports and call it a night, the testers call employees pretending to be IT or managers and demand/browbeat for access, either to be handed a password for "auditing" reasons, or because the main IT people are supposedly gone for the day and a remote OEM needs access. I have even seen some thorough pen tests actually drop U3 USB flash drives in the parking lot that if autorun, would note which machine got "compromised".
I just don't see anything here that is different from hiring a thorough tiger team to test every piece of an organization's security (which companies should do at random times throughout the year.)
I think you replied to the wrong post.
Might want to check on that.
About 4 years later, and after Russia's done 75% of the work...
Make cyber-sex, not cyber-war!
Sure would save a lot of lives, materials and money. Oh, wait, they tried that on Star Trek and it ended in tears, until Captain Kirk shutdown the simulation.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
the whole cyber- prefix is getting old and useless.
cyber-crime (it's crime)
cyber-war (it's war)
cyber-stalking (it's stalking)
cyber-bullying (it's bullying)
you get the picture.
WEB 0.1, Cyberspice, Saturday (NTN) — The European Union has run a simulated "cyber attack," in which simulated outsourcing companies strike mortal blows upon national budgets for consulting fees for "cyber security" while still using Windows.
The simulation steadily reduced access to critical services to gauge how nations react, removing access to working email, letting loose old viruses and charging €300 callout fees to look at why you can't log in.
Neelie Kroes, European commissioner for the digital agenda, said the exercise was intended to help expose short-comings in existing procedures for combating attacks on funding. "It is an important first step towards working together to combat potential online threats to essential infrastructure and the consulting fees therefrom."
The exercise also tested how nations work together to avoid a complete shut-down of international links when internet service providers charge £50/month for a "super-fast" connection with a 20GB bandwidth cap.
The exercise was overseen by bouncing new baby quango the European Network Security Agency. "We considered just bombing Redmond, Washington from orbit, which simulations showed would have pretty much solved all attacks over the network itself," said Dr Udo Helmbrecht, most recently of outsourcing firm EDS Capita Goatse. "But we're not so silly as to put ourselves out of a job."
http://rocknerd.co.uk