For those who did not see the beginning of the movie Die hard 4, it starts with a high tech assault team invading the home, better, room of what looks like a student running some computers. Bullets fly, normally everyone would die, but Bruce Willis comes out alive. Of course.
Yesterday, at the NL IGF meeting on Internet regulation or trust, someone asked a panelist, whether we would need cyber commandos to take down malicious activities on the Internet. This sounded very tough and in my mind’s eye I could see the commandos go.
Invade an ISP?
Then I asked myself, where would they go? To the domain name reseller who registered some bogus domain names? To the IP address organisation to revoke the IP block? To the hosting company that rents out a server? To the ISP? To a bank? To an international money transfer service? To an organisation announcing an ASN? To the company routing traffic? The long distance carrier? To a money mule? To … And all in different nations?
Or discuss safer software?
I’m sure this is not what the person asking the question was thinking of, at least I hope so, but these are the very different parties cyber defence or offence officers run into. A country, just like an organisation, will want to know who is behind an attack, but as we know on the Internet it is easy to mask that. Maybe it’s time that those responsible for agendising topics on cyber defence should start to look at rooting out obfuscation possibilities in software. Pushing back anonymity where it is not necessary, may be a way forward towards a true solution. I am glad to say that, albeit in a generalised form, it did entered the discussion, as someone remarked that software vendors have to come up with better products. There are many small silver bullets that can make one big one.
So I’m afraid for now cyber commandos will remain active in the virtual world only. Sitting in a bunker, behind a lap or desktop defending the nation.
Wout de Natris, De Natris Consult
Leiderdorp, Thursday 26 May 2011