Anyone who might underestimate the skills and resources of today’s cyber attackers does so at their own risk. That was one of the takeaways from a recent appearance on IEEE Radio Spectrum by Dr. Justin Cappos, an associate professor of computer science and engineering at NYU Tandon School of Engineering. Describing malware as,  “something that used to be things that people would just write to show what they could do,” he noted that once it was clear there was money to be made, “there was … a lot of incentives to write really good malware,” and the criminal enterprises behind them became “like software companies.” He points out that the most recent evolutionary turn is the involvement of nation-states. “What’s been scarier and come along more recently is when governments get involved and start to fund it,” he observes, “because then it starts to look a lot more like a military operation, like it is something with some very, very serious resources.”

In the 20-plus minute interview, Cappos, whose research work has included developing the TUF and Uptane software update security frameworks, commented on why the update process is a particularly vulnerable step in the supply chain, and weighed in on whether cyber attacks can be considered acts of war. His sentiments on the latter are as follows,”Well, it can certainly cause a lot of damage. It can potentially cause a lot of deaths. One thing that I think tends to be quite different is in war… you know who’s behind it. And you know somewhat about how to strike back.” He concludes, “whether it’s war or not, I’m perhaps not the right one to judge, but it’s certainly very damaging.”

The full interview, as well as a transcript, is available at https://spectrum.ieee.org/podcast/telecom/security/is-cyberwar-war.