I understand Mr. Coleman’s concerns about cyberwarfare aspects and how the PRC’s cyber-defence could hinder US cyber cababilities against their systems. But, we should not deem overall attempts to have more secure operating systems as “warfare” in a sinister sense per se. Improving cyber-security is something that we all should be doing. Being “peaceful” in the networked world does not mean having servers running unpatched Windows. The US, UK, etc. should be encouraging their government, corporate, and infrastructure systems to be better secured. (The US has done projects such NSA’s work on Security Enhanced Linux. Some might call that as an example of US cyber-warfare.)
Upon exploitation of the Web applications, they were able to gain unauthorized access to a Traffic Flow Management Infrastructure system, Juneau Aviation Weather System, and the Albuquerque Air Traffic Control Tower, an ATC system used to monitor critical power supply at six en route centers, and had the capability to install malicious code on users’ computers part of FAA’s network. How did they do that? By exploiting the basic insecurities that every ‘secure’ OS has, in this case exploiting the insecurely configured web applications allowing them to gain access, next to exploiting the unpatched ones or the usability and complexity altogether.The bottom line – are secure operating systems the cornerstone for a hardened critical infrastructure, or is a misconfigured ‘secure’ operating system just as insecure as the supposedly insecure one in general, managing assets through a flawed and outdated risk assessment process? Talkback.