On August 8, 2008 Nino Doijashvili, CEO of Atlanta-based hosting company Tulip Systems was paying a visit to her home town in Tsiblinki, Georgia, thus putting her at the nexus of the first modern use of cyber attacks in conjunction with an invasion. While
Knowing something about bandwidth and server hosting Doijashvili offered the services of her hosting facilities to the Georgian government who agreed. Now attacks targeted against Georgian government websites were finding their way to
In retrospect, the damage done to innocent bystanders was minimal. But if there is one thing I have found to be true—in the universe of cyber threats paying attention to early harbingers of trouble is the best way to prepare for what eventually becomes the status quo. That said, and based on this example, the new threat to prepare for is a network outage caused by warring nations.
It may or may not come as a surprise that there is yet another threat to your IT infrastructure looming on the horizon. If you are not surprised it is because you are a veteran IT professional who has seen the escalation of threats from casual hacking all the way through the current chaos of cyber criminals going after credit cards and identities. I am one of those veterans so I am not surprised. I have been presenting on cyber threats since 1994.
Up until now it has been easy to illustrate why each threat was something the typical IT department should worry about: insider hacking is common, vandalism and hacktivism will evidence themselves on your webpages, and cyber crime gave rise to drive-by downloads, worms and viruses as well as targeted attacks against data stores of banks and retailers.
Yet, the mounting evidence that nations are engaging in cyber attacks against each other’s data, communications and infrastructure is harder to depict as a threat to the typical IT department. A hospital, insurance firm, or university may claim they are not targets and cyber warfare is something only the defense department should be concerned with. They are wrong. There is a real and present danger that real-world shooting skirmishes can boil over into network outages that impact everyone.
Best Practices
Some of the things you should already be doing include multiple hardened DNS servers on separate netblocks; burstable bandwidth contracts with multiple providers; load balanced servers; and DoS defense products that can handle large amounts of syn-floods, and get-floods.