http://www.nature.com/news/the-best-time-to-wage-cyberwar-1.14502
An important
question when it comes to cyberwar is the question of timing. Should the hacker
launch a cyberattack right at the moment he succeeds to enter the target’s
computer or should he wait for an even better opportunity to attack? The problem
in waiting too long is that the target could become aware of the intruder and
fix the vulnerabilities in his computer system.
A new
mathematical model that allows users to calculate the ideal timing of a
surprise cyberattack has already been invented. An example for this is the
Stuxnet worm, which infected an Iranian nuclear enrichment plant and went
unnoticed for almost one and a half years. For Stuxnet a immediate attack was
not the more rational approach.
If we compare
cyberwar to convential warfare then a nation should wait patiently for the
right occasion to use cyberweaponry. Terrorists, however, might think quite
differently as this and just want to cause as much damage as possible at a
random point of time. If the attackers are quite sure that the vulnerabilities
in a security system are unlikely to be discovered and patched any time soon,
then it would be quite reasonable for them to save their cyberweapons for a
high-stake situation. At other times a zero-day cyberattack, in which the
target has zero days to prepare for the attack, might be preferable. Stuxnet,
for example which relied in four computer vulnerabilities being open at the
same time, had to be dispatched as soon as possible.
The important
question is whether the use of offensive cyber technology is productive or not.
Keine Kommentare:
Kommentar veröffentlichen