Two recent NPR stories highlighted the continuing potential for cyber attacks. One focused on the threat that China poses and the other story on what we should be doing in general to legislate cyber defenses for the private sector and our critical infrastructure--the vast majority of which is owned and operated by private business.
It is clear to me that China is actively working to determine the how best to attack our military and industrial complexes. The cyber war of the future has already begun. Going back to my military training let's consider what it is that they are doing.
Patrolling: This is an age-old technique to find out what the enemy is doing. These are not attacks per se, but rather intelligence gathering missions that look to find out about an enemy's defenses and capabilities. Hacking into a system to determine the level of defenses, or lack of them, is the type of activity that you could equate to patrolling. Most of the time you do not want them to even know that you have been there. Just looking around and taking notes.
Probing: This is another type of attack that looks to find out more about defenses and weaknesses. In this case it is a small assault on a specific unit or organization to obtain actionable intelligence. A cyber attack that is clear to make its impact known to the the infrastructure owner is this type of incursion.
Raid: A raid is conducted as a demonstration of force to destroy specific targets or show the specific threat that you can pose to the enemy. It is meant to keep them off balance and perhaps cause them to spread their defenses thinly across too much territory as they try to protect "everything." An all out cyber attack could take on this type of mission. It might be specifically looking for how America will respond to a cyber attack both from a technical and political stand point.
Patrolling, probing and raids have already been conducted. You can expect them to continue by China and other rogue nation or criminal interests. the 12 year old hacker in the basement should be the least of our worries at this point in cyber history.
