Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : I had the distinct privilege to attend a keynote by retired Air Force General Michael Hayden, most recently CIA director and previously NSA director. NetWitness brought Gen Hayden to its user conference this week, so I was really pleased to attend that event. I worked for Gen Hayden when he was commander of Air Intelligence Agency in the 1990s I served in the information warfare planning division at that time. Gen Hayden offered the audience four main points in his talk. 1. Cyber is difficult to understand, so be charitable with those who don't understand it, as well as those who claim expertise. Cyber is a domain like other warfighting domains land, sea, air, space , but it also possesses unique characteristics. Cyber is man-made, and operators can alter its geography -- even potentially to destroy it. Also, cyber conflicts are more likely to affect other domains, whereas it is theoretically possible to fight an all-air battle, or an all-sea battle. 2. The rate of change for technology far exceeds the rate of change for policy. Operator activities defy our ability to characterize them. Computer network defense CND , exploitation CNE , and attack CNA are operationally indistinguishable. Gen Hayden compared the rush to develop and deploy technology to consumers and organizations to the land rushes of the late 1890s. When ease of use, security, and privacy are weighed against each other, ease of use has traditionally dominated. When making policy, what should apply Title 10 military , Title 18 criminal , Title 50 intelligence , or international law Gen Hayden asked what private organizations in the US maintain their own ballistic missile defense systems. None of course -- meaning, why do we expect the private sector to defend itself against cyber threats, on a point basis 3. Cyber is difficult to discuss. No one wants to talk about it, especially at the national level. The agency with the most capability to defend the nation suffers because it is both secret and powerful, two characteristics it needs to be effective. The public and policymakers rightfully distrust secret and powerful organizations. 4. Think like intelligence officers. I should have expected this, coming from the most distinguished intelligence officer of our age. Gen Hayden says the first question he asks when visiting private companies to consult on cyber issues is who is your intelligence officer Gen Hayden offered advice for those with an intelligence mindset who provide advice to policymakers. He said intel officers are traditional inductive thinkers, starting with indicators and developing facts, from which they derive general theories. Intel officers are often pessimistic and realistic because they deal with operational realities, as the world is. Policymakers, on the other hand, are often deductive thinkers, starting with a vison, with facts at the other end of their thinking. No one elects a politician for their command of the facts. We elect politicians who have a vision of where we should be, not where we are. Policymakers are often optimistic and idealistic, looking at their end goal, as the would should be. When these two world views meet, say when the intel officer briefs the policymaker, the result can be jarring. It's up to the intel officer to figure out how to present findings in a way that the policymaker can relate to the facts. After the prepared remarks I asked Gen Hayden what he thought of threat-centric defenses. He said it is not outside the realm of possibility to support giving private organizations the right to more aggressively defend themselves. Private forces already perform guard duties police forces don't carry the whole burden for preventing crime, for example. Gen Hayden also discussed the developments which led from military use of air power to a separate Air Force in 1947. He said no one in cyber has sunk the Ostfriesland yet, which was a great analogy. He also says there are no intellectual equivalents to Herman Kahn or Paul Nitze in the cyber thought landscape.Copyright 2003-2009 Richard Bejtlich and TaoSecurity taosecurity.blogspot.com and www.taosecurity.com






Les derniers articles du site "TaoSecurity" :

- So Much for China's Peaceful Rise
- Review of The Book of Xen Posted
- APT Presentation from July 2008
- Answering APT Misconceptions
- Google and NSA Fulfilling 2008 Predictions
- DFRWS, VizSec, and RAID 2010 Calls for Papers
- DNI Blair Leads with APT as a Wake-Up Call
- Traffic Talk 9 Posted
- Two Dimensional Thinking and APT
- Example of Threat-Centric Security

---

S'abonner au fil RSS global de la revue de presse

---