In today’s New York Times there was an article entitled “In Digital Combat, U.S. Finds No Easy Deterrent.” This article discusses simulations run by the Pentagon of how to respond to systematic cyberattacks. The simulations were run in a response to the hacking against Google and 30 other U.S. companies that have been in the news recently. The result of the simulation?

The results were dispiriting. The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What’s more, the military commanders noted that they even lacked the legal authority to respond — especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war.

The implications for national security are scary. One participant in the game admitted,

“The fact of the matter,” said one senior intelligence official, “is that unless Google had told us about the attack on it and other companies, we probably never would have seen it. When you think about that, it’s really scary.”

But there are smart people working on this problem, and so eventually I believe (ok, I hope) it will be solved.

However, what no one is discussing is the implications of this to cloud computing. The idea behind cloud computing is that you keep your data and programs and such residing on someone else’s computer, or “in the cloud.” The data, the programs and all else is available through the internet. OK, sounds like a plan. BUT, what happens if these cyberterrorists attack your company or attack the cloud. Then everything that you need to run your business is suddenly unavailable. Isn’t that scary too? Are companies prepared to take this risk — especially after the Google incident? Are cloud companies planning for this kind of problem? How are people responding? I think this needs to be part of the planning process — especially in light of the dire results of the simulation.


3 Responses to “Cybersecurity”

  1. Jeremy Brugger Says:

    I read some articles a while back, and it was my understanding that:

    – The information is stored on the host’s servers which are much more protected than ‘someone’s computer’ (though still not 100% safe).
    – Also, that the information saved in ‘the cloud’ (a word document, video, picture, etc) is encrypted and stored on many different servers and in multiple pieces. So if one is hacked they will only have partial information (like one piece to a puzzle).

    Just some thoughts…

    • vlsauter Says:

      Ah, that part is partially true. I think google’s cloud was part of what was hacked.

      But part of my point (which I did not clarify) is what happens if they don’t hack the information, but rather hit the source with denial of service attacks to “jam” the connection. The information still would be safe, but it would be unavailable.

    • Vicki Sauter Says:

      True. But it is unlikely that people are going to work real hard to hack into my computer. It is far more likely that lots of people will try to hack into one of the clouds. By analogy, one can be robbed anywhere, but if you stand in certain places, you increase the likelihood that you would be robbed.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: