Siber saldırılar: bize ne
Uzmanların buluştuğu yer
Sadece İngilizce

Siber saldırılar: bize ne gibi zarar verebilirler?r?

What damage can cyber attacks actually do? NATO Review asks the White House's former director of cyber infrastructure protection what we should be worried about - and how knowledge of cyber attacks' potential may be more limited than portrayed.

Cyber attacks: how can they hurt us?

Cyber attacks are

increasingly common,

but what damage can they really do?

NATO Review asked

the White House’s former director

for cyber infrastructure protection

what he thought.

We asked what would happen

if a focused malware

like Stuxnet got out of control.

Stuxnet did get loose from the

networks it was supposed to be in.

And you know what?

Even after it got loosed,

it caused no damage

in those systems

because it was so finely engineered

so that it broke out of its cage

and no one got hurt.

But we have no reason to expect

that the other guys that do

their own autonomous weapon

will be nearly as careful

as the designers of Stuxnet.

You’ve mentioned

the possible connection

of the electrical grid to the Internet

and what that may open up

in terms of extra threats.

How much is

that being taken seriously?

Within the United States,

with other OECD countries

that are looking at smart grid, they

are taking standards pretty seriously

to say: before we do this,

let’s make sure it gets done well.

On the downside we’ve seen

when we rush out a new technology...

Because it’s fun, it’s cool,

where for smart grid,

that it's both green,

it’s environmentally sound

and saves money in the long term,

for so many countries in austerity,

they are going to rush towards that

and the standards we're working on,

might not be ready

by the time we've rushed them out.

You’ve mentioned that the countries

that have been attacked,

for example Estonia.

The effect was minimal.

You mentioned

it is less than 1% of GDP.

Is there a danger that the economic

impact of some of these attacks

will be longer term rather

than within the year of the attack?

So, for disruptive attacks it’s true.

We haven't found

any disruptive attack

that has had

a significant impact on national GDP.

In one of the very first

incidents in cyber space,

it’s called the Morris worm,

in 1988, an expert said:

this cost anywhere from a 100,000

to 10 million dollars in damage.

Two orders of magnitude in his guess.

Is the loss in the fact that many years

many millions often invested

in R&D to reach that point and

therefore sharing that means a loss?

Yes, I’ve heard

anecdotes of companies

that have known

the information was taken

and decided

not to pursue R&D leads.

There are other examples

where the stolen information

was not some kind of plan or trade

secret, it was a negotiating strategy

for oil and gas lots for example.

And the company was bidding

against a Chinese company

that bid one dollar more.

So in those,

that’s a more directly measurable,

but it’s still difficult to find out

if this is a tens or hundreds

of millions of dollars problem

or a tens or hundreds

of billions of dollar problem.

Do the private and sector coordinate

enough on cyber responses?

No, not at all, but it’s largely...

I see that as largely

a government fault.

Because when it comes

to stopping cyber attacks

or resolving cyber conflicts

the government has very few levers

that it can use to make it better.

And the levers it does have,

course of power,

it’s extremely reluctant

to use those levers.

So most of the problems

are solved by the private sector

and they need

more government support to help

especially

the non-state volunteer groups

that are key to responding to conflicts

and helping them respond better.

You have said

that there’s been too much silence

on these issues,

especially by the governments

and that is not particularly healthy.

How has the recent meeting between

the US and the Chinese leaders,

where cyber was on the list of

agendas discussed, changed things?

The last six months has seen

the Obama administration take off

and take this on directly.

It’s astounding to see

what Xi and Obama discussed

and how much cyber featured.

So, I’m quite optimistic

that this might lead

to changes in Chinese behaviour.

There are good reasons to believe

that this might have an impact.

Certainly, it’s going to have

more impact than being silent did,

which only saw this get

much worse over time.

Cyber attacks: how can they hurt us?

Cyber attacks are

increasingly common,

but what damage can they really do?

NATO Review asked

the White House’s former director

for cyber infrastructure protection

what he thought.

We asked what would happen

if a focused malware

like Stuxnet got out of control.

Stuxnet did get loose from the

networks it was supposed to be in.

And you know what?

Even after it got loosed,

it caused no damage

in those systems

because it was so finely engineered

so that it broke out of its cage

and no one got hurt.

But we have no reason to expect

that the other guys that do

their own autonomous weapon

will be nearly as careful

as the designers of Stuxnet.

You’ve mentioned

the possible connection

of the electrical grid to the Internet

and what that may open up

in terms of extra threats.

How much is

that being taken seriously?

Within the United States,

with other OECD countries

that are looking at smart grid, they

are taking standards pretty seriously

to say: before we do this,

let’s make sure it gets done well.

On the downside we’ve seen

when we rush out a new technology...

Because it’s fun, it’s cool,

where for smart grid,

that it's both green,

it’s environmentally sound

and saves money in the long term,

for so many countries in austerity,

they are going to rush towards that

and the standards we're working on,

might not be ready

by the time we've rushed them out.

You’ve mentioned that the countries

that have been attacked,

for example Estonia.

The effect was minimal.

You mentioned

it is less than 1% of GDP.

Is there a danger that the economic

impact of some of these attacks

will be longer term rather

than within the year of the attack?

So, for disruptive attacks it’s true.

We haven't found

any disruptive attack

that has had

a significant impact on national GDP.

In one of the very first

incidents in cyber space,

it’s called the Morris worm,

in 1988, an expert said:

this cost anywhere from a 100,000

to 10 million dollars in damage.

Two orders of magnitude in his guess.

Is the loss in the fact that many years

many millions often invested

in R&D to reach that point and

therefore sharing that means a loss?

Yes, I’ve heard

anecdotes of companies

that have known

the information was taken

and decided

not to pursue R&D leads.

There are other examples

where the stolen information

was not some kind of plan or trade

secret, it was a negotiating strategy

for oil and gas lots for example.

And the company was bidding

against a Chinese company

that bid one dollar more.

So in those,

that’s a more directly measurable,

but it’s still difficult to find out

if this is a tens or hundreds

of millions of dollars problem

or a tens or hundreds

of billions of dollar problem.

Do the private and sector coordinate

enough on cyber responses?

No, not at all, but it’s largely...

I see that as largely

a government fault.

Because when it comes

to stopping cyber attacks

or resolving cyber conflicts

the government has very few levers

that it can use to make it better.

And the levers it does have,

course of power,

it’s extremely reluctant

to use those levers.

So most of the problems

are solved by the private sector

and they need

more government support to help

especially

the non-state volunteer groups

that are key to responding to conflicts

and helping them respond better.

You have said

that there’s been too much silence

on these issues,

especially by the governments

and that is not particularly healthy.

How has the recent meeting between

the US and the Chinese leaders,

where cyber was on the list of

agendas discussed, changed things?

The last six months has seen

the Obama administration take off

and take this on directly.

It’s astounding to see

what Xi and Obama discussed

and how much cyber featured.

So, I’m quite optimistic

that this might lead

to changes in Chinese behaviour.

There are good reasons to believe

that this might have an impact.

Certainly, it’s going to have

more impact than being silent did,

which only saw this get

much worse over time.

ALINTILAR
Michael Glenn Mullen
Deniz Kuvvetleri Emekli Amiral
HABER BÜLTENİ
BUNU KAÇIRMAYIN
Varlığımızı tehdit eden en büyük tehlikenin
siber tehdit olduğunu düşünüyorum.
NATO DERGİSİ HAKKINDA
Go to
NATO A to Z
NATO Multimedia Library
NATO Channel
BUNU PAYLAŞIN  
Facebook
Facebook
Twitter
Twitter
Delicious
Delicious
Google Buzz
Google Buzz
diggIt
Digg It
RSS
RSS
You Tube
You Tube