Welcome!

Linux Authors: Pat Romanski, Ignacio M. Llorente, Peter Velikin, Hurricane Labs, PR.com Newswire

Related Topics: Virtualization

Virtualization: Article

i-Technology Opinion: Will Cyber Storm "Break the Internet"?

"I Hate Cynics" – Information Storage & Security Journal Co-Editor-in-Chief Speaks Out
By Patrick Hynds
Article Rating:
February 7, 2006 11:30 AM EST
Reads:
 19,817
Information Storage & Security Journal Co-Editor-in-Chief Patrick Hynds writes: The U.S. deparment of Homeland Security is performing a readiness test this month called Cyber Storm, after rescheduling. The Cyber Storm exercise is about ensuring and testing against a computer based attack or hack against public infrastructure targets as well as some parts of the private sector. This has caused some (on Slashdot.org for example) to decry it as idiocy that will only "break the Internet". These are likely the same people who would apportion blame if an attack came and we found ourselves unprepared.

You can't have it both ways. Either organizations should prepare for and test against potential attacks or they should not. Anyone who understands security knows that what does not get checked does not get done (that also applies to pretty much everything else in the world as well).

A point brought up in the critical banter on Slashdot was that by announcing the exercise, they were providing a perfect time for hackers to mask their activities. Had a detailed schedule and list of targets been provided then I would agree, but to expect a hacker to gain an advantage from the vagueness of the announcement would show that the speaker does not understand either side of the game.

During the course of my career, I have participated often in security audits, some of which included overt hacking attempts. In every case, I am certain that the exercise has greatly improved the security of the organizations involved and in some cases has headed off what would certainly have been devastating losses. Security is like any system maintenance that must be done. It can be done well or it can be done badly. More than once a misguided administrator has brought down a critical server with an error in scheduling or other configuration. To assume that the Cyber Storm will produce a negative result is cynical and if the cynics predict doom often enough they will certainly be correct eventually.

I say we avoid criticizing organizations that take steps to improve systems and hold the apportioning of blame until after there is something worthy of blame. I hate cynics.

Published February 7, 2006 – Reads 19,817
Copyright © 2006 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Patrick Hynds

Patrick Hynds, MCSD, MCSE+I, MCDBA, MCSA, MCP+Site Builder, MCT, is the Microsoft Regional Director for Boston, the CTO of CriticalSites, and has been recognized as a leader in the technology field. An expert on Microsoft technology (with, at last count, 55 Microsoft certifications) and experienced with other technologies as well (WebSphere, Sybase, Perl, Java, Unix, Netware, C++, etc.), Patrick previously taught freelance software development and network architecture. Prior to joining CriticalSites, he was a successful contractor who enjoyed mastering difficult troubleshooting assignments. A graduate of West Point and a Gulf War veteran, Patrick brings an uncommon level of dedication to his leadership role at CriticalSites. He has experience in addressing business challenges with blended IT solutions involving leading-edge database, Web, and hardware systems. In spite of the demands of his management role at CriticalSites, Patrick stays technical and in the trenches, acting as project manager and/or developer/engineer on selected projects throughout the year.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
InfoPoint 02/07/06 11:53:22 AM EST

The DHS will not be firing cyber bullets at your networks this coming week. The exercise is scenario-driven and is designed to test the intercommunication capabilities and response procedures for several agencies and some private sector companies.
an0n 02/07/06 09:32:46 AM EST

Steps to prevent an attack:

1. Turn off the router
2. Turn off the computer
3. Turn on the tv and watch the next episode of "Another day"
4. Open a couple brew and relax

Isnt that in everyone's computer emergency manual ?