The data center industry is highly competitive as Google, Microsoft, Amazon, Yahoo, and others fight for market share. In a conversation with a data center executive he made a point about the infamous attacks on Google and others that few have an offensive strategy with almost all the effort spent on defense.
Researchers identify command servers behind Google attack
By Ryan Paul | Last updated January 14, 2010 8:45 AM
VeriSign's iDefense security lab has published a report with technical details about the recent cyberattack that hit Google and over 30 other companies. The iDefense researchers traced the attack back to its origin and also identified the command-and-control servers that were used to manage the malware.
The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents, but the company declined to speculate about the identity of the perpetrator.
The defensive move by Google is good.
Hours after announcing the intrusions, Google said it would activate a new layer of encryption for Gmail service. The company also tightened the security of its data centers and further secured the communications links between its services and the computers of its users.
The point the data center executive made was "How can you win when you have no offense?"
Data Centers are currently designed mostly with defense capabilities for cyberattacks. What are the offensive capabilities that should be designed in?
Sun Tzu's Art of War may help give you some ideas on how you could take offensive positions.
The Art of War is one of the oldest and most successful books on military strategy. It has had an influence on Eastern military thinking, business tactics, and beyond. Sun Tzu suggested the importance of positioning in strategy and that position is affected both by objective conditions in the physical environment and the subjective opinions of competitive actors in that environment. He thought that strategy was not planning in the sense of working through an established list, but rather that it requires quick and appropriate responses to changing conditions. Planning works in a controlled environment, but in a changing environment, competing plans collide, creating unexpected situations.
One interesting strategy is what is discussed by Moeletsi Mbeki talking to Africom
'If I were the head of AFRICOM, I would identify the critical countries in Africa that have regional influence, which can influence their neighbours and then try and find a way to stabilise those countries, so that they can exercise hopefully a more positive influence on their neighbours, which will then mean that AFRICOM itself doesn't have to be involved in each and every country. We have 54 countries in Africa. You can't possibly be involved in all 54 countries. So you have to identify the countries, which make a difference to other countries,' Mbeki said.
What would happen if the top data centers operated collaboratively to take the offensive in cyber attacks?