I wrote about this last May, namely that so-called cyberwar events are not for the domain of the private sector to defend against. I made an argument that cyberwar perpetrators are in the upper percentiles of attackers (95% +) and that outside of building our organization’s control strength up to that level, let’s just leave cyberwar to governments.
With that a backdrop, I was fascinated by this article that identifies that this exact thing I outlined was actually happening. The bank BB&T has sought help from the government in warding off DDoS attacks believed to be from state-sponsored attackers. This line in particular seemed to reflect my posture on these types of attacks:
“BB&T…and others now say they have spent millions in warding off the attacks and can’t be expected to fend off such attacks from another government.”
If I read between the lines, they have spent a lot of money to raise their control strength, however against attackers in the 95th percentile, its just really outside of their responsibility to defend against it. Like in warfare of earlier times, its time for the generals to step up and keep the farms of the countryside from being destroyed lest they be unable to feed their armies in times of need.
The Risk Dr ® 