The lesson of Titan RainThe lesson of Titan Rain: Articulate the dangers of cyber attack to upper management

Published 14 December 2005

Last year the debate raged over whether Titan Rain was sponsored by the Chinese government or was the work of hackers, but either way one lesson is clear: IT administrators should talk to top management

You may not remember Titan Rain, but this was the code name U.S. analysts gave to a series of 2004 cyber attacks in which Chinese Web sites targeted computer networks in the U.S. Department of Defense and other U.S. agencies, compromising hundreds of unclassified networks. Classified information has not been taken, but officials worry that even small, seemingly insignificant bits of information may offer an enemy a valuable picture of a U.S. strengths and weaknesses when pulled together. The only thing analysts are divided over is whether or not the attacks were a coordinated Chinese government campaign to penetrate U.S. networks or the work of other hackers using Chinese networks to disguise the origins of the attacks. The debate over the role of the Chinese government in the attacks continue, but if the Titan Rain attacks taught the information security community anything, it is that IT administrators need to know how to articulate the dangers of cyberspace to upper management. This is how SANS Institute research director Allan Paller put it earlier this week during a press conference to announce SANS Institute’s Master of Science degree programs in Information Security Engineering and Information Security Management (see story below).

The story of Titan Rain broke out last summer, but Paller said it has been going on for a couple of years. “The American strategy in the last couple of years has been to keep it secret,” Paller said. “That may make people feel good but it doesn’t help you defend things. [Secrecy] benefits the attackers, not the victims.” He added ominously that the attacks come from individuals “with intense discipline,” adding that “no other organization could do this if they were not a military organization.” The perpetrators “were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?”

-read more in Bill Brenner’s SearchSecurity report; for more on Titan Rain read this report