• United States




White House Blowing Smoke?

Apr 07, 20102 mins
Business ContinuityIT Leadership

The White House Cybersecurity Coordinator Howard Schmidt wants us to believe that breaches into national infrastructure are simple acts of hactivism.  The following is based on a recent CSO interview with Schmidt:

As far as he’s concerned, this isn’t an online version of East against West or Allies against Axis. What we’re seeing, he believes, is more about online riots and hacktivism, where a ragtag band of malcontents express their displeasure over government policy by launching distributed denial-of-service attacks like of the sort that pounded the networks of Estonia in 2007 (CSOOnline).

While I don’t buy into the idea that we are on the verge of cybergeddon, I do believe governments around the world are integrating Internet espionage with their traditional intelligence gathering activities.  In addition, there is evidence that countries like China are adding defensive and offensive Internet attack training and testing to strategic military planning.  For example, according to a U.S. D.O.D. 2009 report on China military power:

In 2008, numerous computer systems around the world, including those owned by the U.S. Government, continued to be the target of intrusions that appear to have originated within the PRC. Although these intrusions focused on exfiltrating information, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks. It remains unclear if these intrusions were conducted by, or with the endorsement of, the PLA or other elements of the PRC Government. However, developing capabilities for cyberwarfare is consistent with authoritative PLA military writings on the subject.

Examples of attacks against U.S. strategic infrastructure include:

Even small events may be significant.  Many quick in-and-out events may be cyber versions of military perimeter probes, which look for information about defenses. 

While I agree that security efforts by private organizations are crucial to strengthening national infrastructures, I disagree that DoS attacks against major Internet providers should be dismissed as cyber-vandalism.  It may be that most of these attacks are just that.  However, it is naive to accept all major events are just hacktivism.

I have a hard time believing Schmidt believes what he is saying about these attacks.  If his comments were not simply political rhetoric designed to avoid “insulting” other governments, we have a problem.


Tom Olzak is an information security researcher and an IT professional with more than 34 years of experience in programming, network engineering and security. He has an MBA and a CISSP certification. He is an online instructor for the University of Phoenix, facilitating 400-level security classes.

Tom has held positions as an IS director, director of infrastructure engineering, director of information security and programming manager at a variety of manufacturing, healthcare and distribution companies. Before entering the private sector, he served 10 years in the U.S. Army Military Police, with four years as a military police investigator.

Tom has written three books: Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide. He is also the author of various papers on security management and has been a blogger for, TechRepublic, and Tom Olzak on Security.

The opinions expressed in this blog are those of Tom Olzak and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.