Cyber espionage: Learn to live with it
Some threats in cyberspace just aren't going away
Defending yourself in cyberspace is difficult because it's so hard to determine who's attacking you and why they are doing it. Attackers with widely divergent motives use the same techniques for different ends.
“The shared and integrated domain of [of cyberspace] creates a great problem,” Scott Charney, Microsoft’s corporate vice president of trustworthy computing, said at last month’s RSA Security Conference. Solving the problem of attribution won’t stop the attacks, but it could make it much easier to filter out noise and concentrate on the threats that really matter, he said.
Charney identified four types of attack, and the appropriate high-level responses to them.
- Cyber crime. Although technology can help, the best results come from effective laws and law enforcement.
- Cyber warfare: This is “the most complicated of all,” he said, because there are no rules for it, and we don’t yet know how to identify and spot our enemies in cyberspace.
- Economic espionage: This is encouraged because of differing national standards of what is appropriate. In the United States, we consider it a crime. Other countries consider it good economic policy. The answer is to establish international norms of behavior.
- Military espionage. This one is simple. “Get over it,” Charney said. It’s been going on for thousands of years. “Complaining about it won’t make it stop.”
William Jackson is a senior writer of GCN and the author of the CyberEye blog.