Cyber Warfare is Warfare

It can be easy to consider cyber warfare to be less serious than traditional warfare.  But let’s be clear: cyber warfare is warfare.  Information disruption and theft may not be physically obvious but experience shows that attacks on information, wherever they come from, have very serious consequences, both immediate and long-term.  The world has less experience with cyber-physical warfare, but its effects are dramatic.  Keep in mind that even small-scale damage to infrastructure can take months to fix, given the long replacement cycles for such equipment.   You don’t run down to Home Depot and pick up a substation transformer.  This type of equipment is built to order, with weeks or months of wait time, even in the best of circumstances.  A large scale attack against physical infrastructure could overwhelm repair abilities and lead to huge delays restoring capability.

Cyber Civil Defense Isn’t Easy

Unfortunately, network configuration and computer security aren’t easy.   Even a relatively small home setup requires a great deal of care.  We really need better methods to set up and maintain secure computer networks.  We need better methods to set up new networks.  And since the existing networks won’t go away, we need better methods to monitor and fix networks.  These methods need to be very easy to use and friendly to non-experts.

Civil Defense for Home Computing

The past several years have brought us news reports of computing systems being used aggressively against infrastructure:

We have also seen security problems in home IoT devices.  Security problems have allowed spying as well as using these devices as bots in attacks against others.  I think it is time that we start to apply some simple civil defense principles to our home computing systems, both our general-purpose computers as well as embedded.  I have increased my work to protect my home information and devices for a few months and I plan to continue and step up my efforts.

Backups have always been important to protect information.  Given threats from ransomware and other techniques that attempt to compromise devices on a machine or a network, I keep copies of my files offline, making them harder to attack.

The recent reports of router vulnerabilities caused me to review my router configurations.

I continue to check my device passwords: I use non-trivial passwords, a wide range of passwords, and I do my best to be sure that passwords are enabled and non-default.

I am also careful about what devices I put on my network—if I don’t need it, I don’t add it to my network.  More devices make for more points of vulnerability.