For hackers, timing is key. At least that’s according to a group of University of Michigan based researchers that authored a paper on hacking and how timing could factor into the decisions and decision making processes engaged in by cyber criminals.
The paper, which was published in the Proceedings of the National Academy of Sciences of the United States of America, establishes a mathematically based model which considers multiple variables, including timing. Timing is of extreme importance due to the fact that once an attack is launched, patches designed to defend against and/or repel the attacks could go into development immediately after the strike is launched. Then there are efforts taken by software companies to repair holes in their products by offering rewards for zero-day exploits. Other variables considered in the paper include the stakes at hand, as well as stealth and persistence. Case studies included examinations of Iranian cyber attacks on Saudi Arabian oil pipelines, as well as cyber attacks carried out by the Chinese military.
The researchers, Robert Axelrod and Rumen Iliev, also indicated that “nations are accumulating cyber resources in the form of stockpiles of zero-day exploits as well as other novel methods of engaging in future cyber conflict against selected targets.” Yikes.
For Axelrod and Iliev, the purpose of this paper was to provide “some concepts, theory, applications, and distinctions to promote the understanding of this new domain of cyber conflict. The goal is to mitigate the harm cyber conflict can do, and harness the capabilities it can provide.”
Whether this and future research papers actually do so, however, will remain to be seen. Time will tell.
What do you think? Sound off in the comments below.