Blogger: Dan Blum
The debate is ongoing about whether the Chinese government is behind the Operation Aurora cyberattacks. Certainly Google believes China launched the Hydraq trojan used to breached its defenses and compromise intellectual property. And it was that determination, plus an apparently principled decision to resist Internet censorship, that motivated Google’s strong response, in which the company publicly threatened to quit China.
One can agree or disagree with this response. But let’s suppose the allegations are probably correct. If so, an attack by a nation state requires a different response than one by an external hacker, an insider, or other parties. And organizations with valuable intellectual property for the taking need to think about how they might deter, prevent, or respond to such attacks.
In my research on the threat landscape and threat assessment, I’ve found that security vendors and IT security staff spend too little time focusing on the “people” or “political” aspects of the threat. Threat reports from the vendors cover malware and vulnerabilities, but they don’t always discuss the threat’s capabilities and intents, nor why one type of organization is targeted and another goes free. Ignoring these factors may create a significant blind spot.
On February 17 at 2:00 ET and again on February 18 at 9:00 AM my “Threat Assessment in Dangerous Times” telebriefing will discuss my findings that organizations need to do a better job of assessing threats and developing defensive strategies. I’ll provide guidance on developing a threat assessment strategy and factoring threat intelligence into protection programs to avoid common mistakes and gain ground against adversaries.
I’ll also convene a small panel of experts to discuss threat assessment and the recent "Operation Aurora" attacks.