Disarming Exploits: Stop Trying to Make “Weaponized” Cyber Happen

Everywhere I look, I’m constantly besieged with news stories using terms like “weapons-grade exploits” and “weaponized malware” to describe the latest malware outbreak. The narrative constructed that results from this colorful language is detrimental to the progress of securing our computer networks, because it seeks to categorically apply the metaphor of military conflict to cybersecurity – and not every incident in cyber conflict qualifies as a military-style “attack.”

I’d like to argue that the words we use in this industry matter and set the tone and context of our public discussion about cybersecurity. The problem with applying loose and imprecise terminology to the world of cybersecurity is that it constrains our thinking; if everything is a weapon, then its use is an attack, therefore we must detect the oncoming attack, and respond to the attack.

This is the OODA Loop (observe, orient, decide, act) in action. A poor language choice leads to a bad framework for discussion, and will ultimately result in poor policy decision-making, such as thinking it’s appropriate to respond to a computer network intrusion with a kinetic weapon.

All we’re left with is deterrence, which observers such as Peter Singer note hasn’t been effective and instead has created incentives for other nation-states to break into private networks and steal sensitive information.

To consistently describe all exploits and malware as “weapons” contributes to the mistaken thinking that only nation-state backed actors are capable of developing cyberweapons. We now know this isn’t the case.

For example, the Mirai botnet that caused a massive amount of disruption with record breaking distributed denial of service (DDoS) attacks was initially speculated to be the work of a nation-state. But eventually, it was revealed to be the work of a few college kids. In other words, a botnet with the capability to (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Jeffrey Tang. Read the original post at: https://threatvector.cylance.com/en_us/home/disarming-exploits-stop-trying-to-make-weaponized-cyber-happen.html