[repost] Cyberespionage, and the Need for Norms

This is a quick one, but I wanted to call out a piece shared with me by a peer in the industry:


A truly key point here:
[C]onsider how almost every recent cybercrime is called a “cyberattack” by the media. North Korea’s hack into Sony Pictures, China’s theft of American personnel records, and Russia’s attack on Estonian online infrastructure were all dubbed "cyberattacks," despite their significant differences. The repeated use of this simplistic label has muddied dialogue surrounding this issue by obscuring the unique qualities of different cybercrimes—making it difficult to keep track of what actions warrant retaliation.
This has been a pain-point of mine for a few years now, but I have yet to convince many others in my field that computer/network espionage (CNE) is explicitly NOT an attack.

Also, I hate the prefix cyber. It has no meaning. For more info on this, see: http://willusingtheprefixcybermakemelooklikeanidiot.com/


Popular posts from this blog

Yara and Rich Headers are full of win

Operation Cloud Hopper

"WannaCry Is North Korea!" or "Rich Headers Win Again!"