Information Technology Reference
In-Depth Information
Chapter 8
CONCLUSIONS OF THE WORKSHOP
General Mateus da Silva
with contributions from all participants
Mateus da Silva
: Thank you all for taking part in our discussions. Now we are ready
for conclusions.
Handy
: I thing we came to a close conclusion that there is a concept of cyberwarfare
out there. That was the real thrust of this workshop. We do understand some kind of
cyberwarfare, and I think we have throughout all the discussion understood some of the
possible acts of cyberwarfare and in some cases some of the possible consequences. But
we also talked about ways to secure our societies against the threat of cyberwarfare,
through different types of sources and every type of automatic tool. We talked about
different types of information infrastructure and knowledge infrastructure and how those
can help in our ability to be better protected.
Stanley
: I would like to take a different approach. What struck me about this
particular discussion was the trend of using commercial practices in a military
environment. In the past the military used to do everything better than industry.
DarkerNet was the first Internet. The US decided that DarkerNet was the safest thing in
the world, so separate networks were created. And this created a most bizarre situation.
We are all in a situation where the NATO secret network is not connected to anything
from outside, so the threats that we talk about, in Internet and from cyberterrorism, are
outside threats. The protection in the past was always this separate network. Monoculture
was talked about as the distinction of what makes us vulnerable. Attacks developed
outside can also be used against us inside. I personally know that it is going to get worse.
I think that the next peak is going to be the GSM 3G. I already participate in conferences
where we discuss GSM hacking but I predict a worm attack against the GSM network in
the future.
I would like to address what I call the industry crossover. NATO is now studying risk
assessment, looking at a formal policy in information security. That is new to NATO. In
the past it was always minimum standards applied and as they are always set by the
nineteen nations they tended to be the less common denominator. I think that the right
direction is for NATO'S CERTs to be just for NATO, but it can also act as the co-
ordination centre. I know that the EU is setting up a similar thing, so now there is money
to set up an EU CERT capability, so I think they will co-ordinate. I think co-ordination
has been caught as something that needs to be improved in the future.
I must say that this is the first conference I have attended this year where Examel has
not been talked about as the solution to everything, so I am pleased you did not mention
it. But Examel could solve a lot of your problems of interoperability, etc. A colleague
talked about decision supports in industry over the last ten years, moving decisions to the
operational level; now the military have also followed in that direction. We can put
warfare in all of our terminology. So we really are falling behind as opposed to the old
paradigm where industry follows the military. And this one I have to cite. I like
Search WWH ::
Custom Search