There have been quite a few headlines recently regarding various aspects of cyber war. A number of folks in the information security community have contributed to the discussion. I happen to like the comments from Ben Tomhave and Richard Bejtlich. There is an interesting crossover between the military domain and the commercial world. In the military sector one often thinks that victory is all about killing more of the other guys. But this raises some questions – who are the other guys? Sometimes it is hard to tell in modern warfare. The real issue is how the will of a particular adversary can be overcome.
In the commercial world the issue is not so different. In most cases it is not so much about stopping the external threats (you can’t do much about those anyway), but it’s more about minimizing risk and decreasing liability. Surprisingly, many don’t often get this. Compliance is the challenge that stares organizations in the face. Sure, you have to get the compliance process done, but in my view compliance is right up there with counting body bags. You may think that you are winning, but you should also probably check your assumptions.