“Advanced Persistent Threats” has become a euphemism for state sponsored cyber threats. The kind the US has legitimized with cyber sabotage, like stuxnet and follow on cyber attacks. I wonder if enterprises (especially multinational and financial services), might be considering their own “plausibly deniable” skunk works that at best are looking at defensive postures beyond firewalls and threat identification, medium case consider preemptive or equalizing strikes against threats or even competitors (think denial of service) and worst case are involved in deep corporate espionage.
Some of you amateur historians may be aware of the United State’s posture during the first few decades of its existence. The US made extensive use of Privateers for physical defense and warfare.
This article in Wired gets perilously close to the concept of cyber-privateers (Cyberteers??).
In the period of 1776 thru 1800 the majority of the US sea-fighting force was made up of privately owned and operated ships that attacked, boarded, and claimed foreign ships. Normally they would be called pirates, but if sponsored by a government, they would be called privateers. The line was often very gray. Privateers would get to keep the spoils of their capture, and gain a reputation as a Patriot if the object of their attack was clearly a government enemy. In fact, some privateers would carry “A Letter of Marque” – in essence official recognition that the ship and crew was working on behalf of a country. An early form of outsourcing or, dare I say, privatization.
The practice fell by the wayside in the 1800s with new rules of engagement and global treaties. More recently, the Letter of Marque concept was resurrected as a possible precedent for US policy regarding the war on terrorism.
Clearly, history is repeating itself; And in the wild frontier of cyber threats, gun for hire may become the norm – possibly with governments – and less obviously with corporations. Anonymous, at first apolitical (LULZ), has become politicized — and ideas and allegiances are again available, either thru shared goals or to the highest bidder.
It’s going to get interesting. What would be the cyber-corollary to a “Letter of Marque””? I am looking for suggestions – add them to comments….
Our Catalyst conference in San Diego August 20-23 will have a lot of security and identity content, and probably more than a few discussions on “Advanced Persistent Threats”. And if Erik Wahl, the Keynote speaker, doesn’t look like Guy Fawkes, I don’t know who does. Maybe he’ll bring his anonymous buddies. See you there!