You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!

Results 1 to 3 of 3

Thread: Advice to Governments Developing Cyber Weapons

  1. #1
    Join Date
    Oct 2016
    Folsom, California
    Thumbs Up
    Received: 5
    Given: 2

    Advice to Governments Developing Cyber Weapons

    Governments are the biggest investors in developing offensive cyber capabilities and collecting technical exploits. Such digital arsenals are an asset but also a potential liability. Security and protection is crucial to these highly transferable and reusable resources. Strategic planning and steps must be taken to avoid or minimize unintended consequences against government services, allies, businesses, and individuals.

    In a recent report, the UK Government Communications Headquarters (GCHQ) stated they “over-achieved” and delivered almost double the number of offensive capabilities they were aiming for. This has likely repeated itself across many nations who have invested billions into cyber defense/offense programs over the past several years. The result is a number of governments who now oversee growing cyber ‘zoos’ of dangerous digital beasts.

    Nation states developing offensive cyber weapons is necessary in the digital landscape of our politically charged world. It would be negligent not to, just as it is unwise to allow military postures to degrade to levels of ineffectiveness. But in doing so, it is important to acknowledge such investments contribute to an overall increase to the global risks. Therefore, it is prudent to act with necessary foresight.

    Here is my advice to responsible governments:
    1. Protect the cyber weapons and exploits you own with all vigor and diligence. Others want to use what you have spent considerable resources developing and will apply all manner of effort to obtain them. Handle them as you would any conventional, biological, genetic, or nuclear stockpile with both physical and digital controls.
    2. For every offensive tool created, you best develop a detection capability and antidote in parallel. Eventually, adversaries and criminals will obtain and dissect them, using components for their own purposes, turning them back on you and targeting your allies.

    Regardless if exposure is due to theft or when the weapon is used, at some point adversaries will get access to your investment. Unlike traditional weapons, which are expended at the time of use, digital arsenals can be reused. The effects could be catastrophic.

    Businesses, organizations, and individuals must also be concerned. Organized criminals have found favor in harvesting nation-state quality cyber tools for use in ransomware, network attacks, denial-of-service, and extortion schemes.

    It is the responsibility of governments to think ahead and be prepared for the eventuality that the very weapons they create will be re-purposed and could target anyone, causing unintended damage and potentially be attributed back to the government who created them. It is the duty, as caretakers of such arsenals, to keep control of these weapons and be ready to respond if they are misused.

    Proper forethought is necessary to secure and protect all weapons, including cyber.

    Interested in more? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, and Steemit

    1 Not allowed!

  2. #2
    Join Date
    Jan 2011
    The land of beer and chocolate
    Thumbs Up
    Received: 254
    Given: 336
    Best way to neutralize all cyber weapons is to make all exploits public; of course in a responsible matter.

    1 Not allowed!
    Trust me ...
    I know what I am doing.

  3. #3
    Join Date
    Apr 2013
    East SF Bay Area
    Thumbs Up
    Received: 605
    Given: 450
    Staf, I agree completely, wish I had thought of it myself. I agree that exposing all exploits public and maybe a reward or public acknowledgement of the best solutions would be the fastest, most effective way to deal with the problem. I see this as having to be a multi company and university body to oversee this as a solution that would give rapid peer review of exploits and solutions.

    0 Not allowed!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts