As part of my job as an industry analyst, I end up reading a lot of content produced by technology vendors. A lot of it isn’t very good — either blatant advertorial schlock or poorly written hyperbole.

That said, I read an excellent paper published and distributed by McAfee while flying home from Chicago. In my opinion, the paper titled, “Virtual Criminology Report 2009, Virtually Here: The Age of Cyber Warfare,” is a must-read for CISOs, CIOs, and business executives as it does a great job of articulated state-sponsored and cybercrime threats to critical infrastructure. The report is available from McAfee’s homepage. (Writer’s note: The title is a bit goofy and works way too hard to tie cybersecurity to virtualization but don’t let that dissuade you from reading it.)

The high quality of this report is directly related to its author, Paul Kurtz of Good Harbor Consulting. McAfee commissioned Good Harbor and Paul, who served in various security roles in the Clinton and Bush administration, to really get to the heart of the issues.

Rather than summarize the report, I’ll leave it to the security and business community to come to their own conclusions. My take-aways are as follows:

1. The report clearly illustrates a number of cyber warfare examples. I know about these incidents but most people have no clue. In this way, the report is very educational.

2. Why should American citizens and businesses care about cyber warfare? Because we are all targets. Asymmetric warfare (i.e. random physical and cyber attacks) has no rules other than surprise, terror, and financial consequences. An attack on our power grid, financial systems, or telecommunications infrastructure could disrupt our lives for weeks or months and cause billions of dollars in damages. Worse yet, any one of these incidents could be accompanied by a physical attack — the asymmetric warfare equivalent of 1+1= some number greater than 2.

3. Cyberwar and cybercrime are tough to distinguish. A terrorist group or political enemy could simply pay cyber crooks to attack us. This is more likely than a state-sponsored attack. Think of cybercriminals assuming the role of the Hessian mercenaries whom the British paid to fight Americans in the American Revolution.

4. Kurtz correctly points out that there hasn’t been nearly enough public discourse on the issues surrounding cyber warfare. Since the private sector owns about 85% of critical infrastructure, we can’t leave all the decisions, strategy, and oversight in the hands of the military.

Again, I strongly encourage others to peruse this well-written and thought-provoking piece. Kudos to McAfee on this one.

Related posts:

1. Note to Washington: Read and react to Richard Clarke’s new Book, “Cyber War!”
2. New ESG Research Report Points To Security Vulnerabilities In the US Critical Infrastructure
3. WikiLeaks, Critical Infrastructure, and Cyber Security
4. Does McAfee’s Sales Program Highlight A Morality Problem in the Cybersecurity Industry?
5. Fatal System Error: A MUST read for IT professionals, legislators, and law enforcement

Tags: cyber warfare, Cybersecurity, Federal Government, Good Harbor Consulting, McAfee, Paul Kurtz