“We, as far as I’m concerned, are in an arms race. It’s the same old thing as the good old days of the Cold War,” says Dick Bussiere, principal architect for Tenable Network Security in the Asia Pacific region. “The Russians would come up with something, the Americans would come up with a countermeasure, the Russians would come up with something else, and it never ends. I think we’re kind of in a situation like that.”
We’ve heard the Cold War analogy before, of course, and in many ways it’s apt. Despite this year’s constant cyberwar hype, no-one has been killed yet. So far it’s all been about espionage and, in the few incidents when there has been damage — such as Stuxnet’s impact on Iran’s nuclear weapons program, or the hit on Saudi Aramco’s computer infrastructure — it’s more appropriate to categorise it as sabotage rather than something more warlike.
The Cold War analogy is appropriate in another way, too. Unlike the almost gentlemanly pace of the arms race in the more leisurely age of horse, steam and steel, in 2013 new digital threats evolve overnight — and countering those threats requires systems administrators to adopt a new operational pace.