Gary McGraw warns against conflating cyberwar and cyberespionage

SAN FRANCISCO -- When security vendor Mandiant Corp. first detailed how the Chinese military had been involved in a sophisticated hacking operation aimed at The New York Times, politicians in Washington D.C. and corporate executives around the country were prepared to call the incident an act of cyberwar, even though no physical harm was committed.

However, according to Cigital Inc. CTO Gary McGraw, Mandiant actually uncovered a cyberespionage campaign, though the two terms are often thrown around interchangeably. So what is the difference between cyberwar and cyberespionage?

In this video interview, recorded at the 2013 RSA Conference, McGraw distinguishes between cyberwar and cyberespionage, warning against the dangers of conflating the two. Chief among the issues with mixing the terms is the attribution problem. In the case of The Times hack, Mandiant had plenty of time to do forensics analysis on a cyberespionage campaign that had spanned years. In contrast, a cyberwar scenario will happen in a fraction of the time and won't always have easily attributable characteristics.

McGraw also highlights the dangers involved with hyping cyberwar, especially when so many politicians and military leaders emphasize offensive security tools over building out defensive capabilities. Ultimately, McGraw believes building secure software will be a more effective deterrent to both cyberwar and cyberespionage than any offensive capabilities and explains why he feels that way in this video.

View All Videos

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...