A report titled Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States by Charles Billo and Welton Chang of the Institute for Security Technology Studies at Dartmouth College makes interesting reading. The following is from the Executive Summary.
IT dependence in the United States is evolving into a strategic center of gravity. This represents an inviting target to a potential adversary. While intrusions and hacks are not the exclusive province of large, hierarchical organizations, military and intelligence services possess an advantage over terrorist units for example in terms of resources, depth of personnel, and longer time-horizon reconnaissance and probes.
Moreover, as advanced industrial states such as the United States outsource their programming of software to countries such as India, Pakistan, China, Philippines, and Russia, the risk of rogue programmers using their access to commit cyber attacks rises. The possibility of abuse by hackers, organized crime agents, and cyber terrorists in countries not necessarily allied with the United States is great, and grows as more programming is sub-contracted to these countries for economic reasons.
We believe that scientific and engineering prowess in the United States and elsewhere, when properly harnessed and directed, can lead to improved security measures and better defenses (such as attack “indications and warnings”) against malicious intrusions. Technology, however, is no panacea.
In conclusion, we recommend improved vigilance on the part of our homeland defense authorities against ever more sophisticated and numerous cyber attacks and probes. Given the significant economic and other interests at stake, we recommend a more systematic and sustained effort to raise awareness at the grass roots level regarding security loopholes and vulnerabilities. These efforts, led by local and national political leaders and responsible officials in the United States, will be important in changing the way the populace currently views network security. Finally, we propose greater urgency be given to the recommendation in the U.S. National Strategy to Secure Cyberspace calling for an effective public/private partnership to develop realistic software security and related standards that manufacturers will accept.