{"id":660494,"date":"2013-05-28T08:59:33","date_gmt":"2013-05-28T12:59:33","guid":{"rendered":"http:\/\/gigaom.com\/?p=649655"},"modified":"2013-05-28T08:59:33","modified_gmt":"2013-05-28T12:59:33","slug":"chinese-compromise-of-u-s-weapon-designs-drives-home-painful-lesson-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/660494","title":{"rendered":"Chinese compromise of U.S. weapon designs drives home painful lesson in cybersecurity"},"content":{"rendered":"

For anyone paying attention, the fact that Chinese hackers apparently accessed key U.S. weapons designs may be unsettling but hardly surprising. Previously undisclosed findings by the Defense Science Board show that more than two dozen major weapons designs were breached, according to a\u00a0Washington Post<\/a><\/em>\u00a0report on Tuesday.\u00a0Affected projects range from U.S. missile defenses to combat aircraft — including the F-35 Joint Strike Fighter — and ships.\u00a0(The Post<\/em> compiled a list of the affected weapons\u00a0here<\/a>.)<\/p>\n

Dan Geer,<\/a> a superstar among computer security and risk management experts,\u00a0spoke to me about just this sort of risk last week. The most sobering part of the conversation was Geer’s stated belief that the game has definitively shifted from prevention of attacks to mitigation of their consequences.<\/p>\n

In short: if you have something worth accessing, it will be accessed. The only realistic goal now is to make sure you know when that breach happens as fast as possible.\u00a0\u00a0I quoted him on this topic earlier<\/a>, but his words ring even more eerily true now:<\/p>\n

\n

\u201cIf your\u00a0enemy really is the\u00a0People\u2019s Liberation Army<\/a>, what can you do? We can sputter about it but they\u2019re serious and they\u2019re good … The most serious attackers will probably get in no matter what you do. At this point, the design principal, if you\u2019re a security person working inside a firm, is not no failures, but no silent failures.\u201d<\/p>\n<\/blockquote>\n

Of course security vendors have latched onto these threats as a way to sell more stuff and are increasingly glomming onto big data analysis<\/a> as a way to shorten the time between an attack and stopping it in a high-stakes game of whack-a-mole.<\/p>\n

As RSA executive chairman Art Coviello said a few months ago: “It’s not about perfect security; its all about ratcheting down risk as much as you can.\u201d<\/p>\n

And it’s not just huge government contractors, agencies and suppliers at risk. “No industry is immune,” \u00a0cautioned Geer<\/a>, who is also\u00a0an advisor to\u00a0In-Q-Tel<\/a>, the investment arm of the CIA and other security agencies, and to Verdasys, a security vendor.\u00a0Almost anyone can see why hackers target gigantic players like Boeing that spend billions on designs which could be used to build similar products at much lower cost. But don’t forget that any grocery store chain that uses credit cards is also a target for someone, Geer said.<\/p>\n

Feature photo courtesy of<\/a>\u00a0 Flickr user\u00a0Dysanovic<\/a><\/em><\/p>\n

\"\"<\/p>\n

<\/a><\/p>\n

Related research and analysis from GigaOM Pro:<\/strong>
Subscriber content. Sign up for a free trial<\/a>.<\/p>\n