[ISN] US government has no idea how to wage cyberwar: Ranum

http://www.zdnet.com/us-government-has-no-idea-how-to-wage-cyberwar-ranum-7000015840/ By Michael Lee ZDNet.com May 24, 2013 Military strategies and tactics that may work in the physical world do not have a place in guiding “cyberwarfare”, and those that attempt to use them demonstrate a key lack of understanding, according to Tenable Security’s chief of security Marcus Ranum. Ranum, who spoke at AusCERT 2013 at the Gold Coast, Queensland, on Friday, highlighted several methods that strategists and tacticians use that simply do not work in the online world. The concept of castle defence, for example, is commonly used as a metaphor for firewalls, but many of the strategic reasons that castles were useful in terms of defence don’t apply. Perimeter defence has long been dismissed by security experts as ineffective, he said, and the advantages of “high ground” to see attackers coming from a long way off — tactical surprise — simply don’t apply online. “The term tactical surprise is completely meaningless in cyberwar, because you will always be surprised. Even if Anonymous says, ‘I’m attacking you on Wednesday’, they’re probably not going to tell you, ‘and it’s coming from this IP address on this port, why don’t you put a block in’.” […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org