Did you know that we were attacked by North Korea last week?
To hear the media tell it, the United States suffered a major cyberattack last week. Stories were everywhere. “Cyber Blitz hits U.S., Korea” was the headline in Thursday’s Wall Street Journal. North Korea was blamed.
Where were you when North Korea attacked America? Did you feel the fury of North Korea’s armies? Were you fearful for your country? Or did your resolve strengthen, knowing that we would defend our homeland bravely and valiantly?
My guess is that you didn’t even notice, that – if you didn’t open a newspaper or read a news website – you had no idea anything was happening. Sure, a few government websites were knocked out, but that’s not alarming or even uncommon. Other government websites were attacked but defended themselves, the sort of thing that happens all the time. If this is what an international cyberattack looks like, it hardly seems worth worrying about at all.
Bruce Schneier is right, God bless him. Someone has to say it. The Big Media have blown this attack all out of proportion. It would have been even worse if Michael Jackson hadn’t died this quarter. It’s certainly not a laughing matter, but cyberwars just aren’t that damaging. Websites and internet facing services are under near constant attack, no different than the assault from a cyberwar. Please stop hyping this issue. Let’s all spend our time securing our networks instead. Even President Obama couldn’t resist a little bit of FUD:
In May, President Obama gave a major speech on cybersecurity. He was right when he said that cybersecurity is a national security issue, and that the government needs to step up and do more to prevent cyberattacks. But he couldn’t resist hyping the threat with scare stories: “In one of the most serious cyber incidents to date against our military networks, several thousand computers were infected last year by malicious software — malware,” he said. What he didn’t add was that those infections occurred because the Air Force couldn’t be bothered to keep its patches up to date.
This is the face of cyberwar: easily preventable attacks that, even when they succeed, only a few people notice. Even this current incident is turning out to be a sloppily modified five-year-old worm that no modern network should still be vulnerable to.
Securing our networks doesn’t require some secret advanced NSA technology. It’s the boring network security administration stuff we already know how to do: keep your patches up to date, install good anti-malware software, correctly configure your firewalls and intrusion-detection systems, monitor your networks. And while some government and corporate networks do a pretty good job at this, others fail again and again.
Enough of the hype and the bluster. The news isn’t the attacks, but that some networks had security lousy enough to be vulnerable to them.
