First Physical Retaliation for a Cyberattack

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Israel has acknowledged that its recent airstrikes against Hamas were a real-time response to an ongoing cyberattack. From Twitter:

CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work.

HamasCyberHQ.exe has been removed. pic.twitter.com/AhgKjiOqS7

­Israel Defense Forces (@IDF) May 5, 2019

I expect this sort of thing to happen more — not against major countries, but by larger countries against smaller powers. Cyberattacks are too much of a nation-state equalizer otherwise.

Another article.

EDITED TO ADD (5/7): Commentary.

I doubt that this is actually the first “kinetic” retaliation to a cyber attack; however it’s probably the first one to be openly acknowledged by either of the parties involves. Schneier’s observation that cyberwarfare is an equaliser is correct and it’s exactly why a savvy nation-state would consider this kind of response… but let’s not forget that such cyberattacks are only as viable as they are because nation-states favour cyber-offense over cuber-defence in the first place: they’re interested in building 0-day weapons that they can use against their enemies (and their own citizens) and this entire approach runs counter to the idea of improving defensive security.

Towards an Information Operations Kill Chain

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Cyberattacks don’t magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps. This framing has led to something called the “cybersecurity kill chain”: a way of thinking about cyber defense in terms of disrupting the attacker’s process. On a similar note, it’s…

Bruce proposes a model to apply the cybersecurity kill chain to the problem of thwarting information operations of the types that we’re seeing day-to-day in the cyberwar landscape. Or at least, to understand it. Interesting reading, but – and call me cynical – I don’t know if it’s possible to implement some of the kill-stops that would be required to produce a meaningful barrier.