What do Chinese Generals Fear?
By Scott Andersen
http://docandersen.podbean.com
http://docandersen.wordpress.com
http://scottoandersen.wordpress.com
My Amazon author page!!!!
http://www.safegov.org
You hear it all the time a phrase normally uttered as a “cautionary tale” regarding cloud security in particular in the public cloud. A warning sign uttered that applies to the solutions of many Cloud Service Providers. Your VM, the person says to you, may be sitting on the same host as that of a Chinese General. I would like to point out before we go any further that for this blog and most likely in the real world these are mythical Chinese Generals.
· Sirens
· Lights flashing
· Danger warning, Danger warning
Bad things are going to happen. Due to the horrible twist of fate you have been selected as the winner of the wrong place wrong time sweepstakes and now your solution is at risk. The simple reality is that things are going to go wrong. It’s how we handle bad things that determine success or failure.
So we stop, breathe again.
Yes things are bad. Someone we don’t to share information with is sitting right there at the lunch table. It’s not the kid playing with the Ketchup sadly. They blend in, in fact they may actually be the table. The more I think about it the more I have come to realize three things. The first is that it isn’t a Chinese General I am afraid of. For the most part that person wouldn’t engage directly in anything he or she would have people that conducted the activities that would endanger my solution. No what I am worried about most is what is it that keeps that mythical Chinese General up at night.
A friend of mine calls it the scary complex. Why be afraid of the scary people if there are people that scare them. In the end they, the second batch are more scary than the first anyway. Now we circle back to Cloud solutions. People often use “data” and “solution” security as reasons not to move their solutions to a cloud. Based on the above lurking presence in the next VM you can begin to understand the “what” and “why” of that.
First off nation states are concerned with a number of hacker organizations. Both the organizations that we know of, and the ones that operate on the dark net and we don’t know about them. Many of the hacker groups focus on human rights and other violations perceived or real. That Mythical Chinese General is looking over his should at other “attackers” that are out there.
Who else scares that general? It certainly isn’t me. There are however other nation states in this Cyber War that are also looking for vulnerabilities. They are in the end looking for vulnerabilities in their own armor and those of the other warriors on the Cyber Battle field. You may not be an enemy today but just in case you become one tomorrow I would like to know where you are weak.
The cold war isn’t over it just moved into Cyber Space. Mapping that battlefield and understanding what and how your enemies are weak is a full time job. I think for now we can turn off the sirens. We should, however, understand standard security measures when building our solutions. It isn’t just in the cloud that the Cyber War is occurring. Sometimes they have already broached your firewall.
Scott Andersen
IASA Fellow
Senior Solutions Architect Unisys