The Business-Technology Weave

Oct 11 2011   8:17AM GMT

Security Postures: Time to start pedaling faster

David Scott David Scott Profile: David Scott

 

Back in my misspent youth, us kids used to ride our bikes as fast as we possibly could, trying to leave group members behind.  The slowpokes invariably whined… “Hey!”… “Wait up!”… and if we could actually get someone to cry, so much the better!  We’d laugh maniacally, looking back over our shoulders at our hapless slower counterparts.  Oh, the inhumanity! 

 

My father once saw a group led by me, leaving my little brother behind – and he heard my brother’s protestations.  Upon return to home, I was punished – banished to my room for some measure of time – with the stern counsel of my father, “Never leave your brother behind.”

 

Some folks and organizations are pedaling pretty fast these days, in trying to stay up with, and ahead of, the pack in matters of security:  Trying to keep up with best and burgeoning practices, and trying to stay ahead of new threats and potentials of harm.  But many surprising entities are at the back, and if they ain’t cryin’ yet, they soon may be.

 

Consider this:  “Cyber-cops” in the U.S. were surprised, caught off-guard, by a case of cyber-espionage thought to be unprecedented in scope and size.  It’s been described as a five year hacking scheme (five years!), as mounted and exercised by a single “state actor.”  The espionage targeted computer systems of the U.S. government, United Nations, defense firms and private industries.  The state actor is thought to be China, but that info hasn’t been released.

 

Hmmm… did some measure of government agency discover the hacking?  Perhaps some U.N. security expert?  Or surely one of those leading defense or private industries had some proactive, forward thinking, cybercop scanning and discovering the breaches (after five years!)?  Sorry to report, but it was McAfee.  According to Fox News, McAfee’s vice president of threat research, Dmitri Alperovitch, said “Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators.”

Mr. Alperovitch’s report indicated 72 victims of the spying, 49 of which were American agencies and firms, during which massive losses of information occurred – there is potential for a huge economic threat.  We must recognize too that state actors don’t rest – just because this five year effort has been busted, they’re constantly evolving their spying means and mechanisms.  A U.S. official has confirmed the espionage and theft, and as pertains to McAfee’s report, told Fox “The report is fairly accurate.”

If McAfee’s report is correct, our government didn’t learn of a successful multiyear cyber-spying effort from its own internal cyber-police, but from McAfee.  What’s embarrassing, and scary, is that Janet Napolitano, head of the Department of Homeland Security, became aware of the McAfee report – and large scale breach – only on the same day the report was released to the press.  She further said, “We obviously will evaluate it and look at it and pursue what needs to be pursued.”  Obviously.  The White House has been briefed, so too has the U.S. Cyber Command at Ft. Meade, MD, and on and on…  lotsa people pedaling on this block, you see. 

Just not very fast:  National Security Agency director General Keith Alexander serves as the head of the Pentagon’s new Cyber Command.  He has stated that our military may not have the present capability to safeguard Pentagon networks from cyber-attack.  “The Department has a shortfall of cyber force capacity to plan, operate, and defend its networks and ensure freedom of action and maneuver for our nation in cyberspace.  Additionally, we are still discussing across the Administration how to best defend against a ‘Cyber 9/11′ that affects our critical infrastructure and beyond.”

Private industry is vulnerable too:  Lockheed Martin was the victim of a cyber hack earlier this year, as well as others. 

What does this mean for you?  Beyond “state actors” (such as China), and dedicated teams targeting private industry (such as the insiders referenced in yesterday’s article), there are malicious hackers who are simply out for fun.  They’re looking for websites and networks to hack just for the opportunity to wreak havoc.  All of these levels are pedaling at a fast clip, looking to breach, steal, and harm – and likely… laughing maniacally with each success, at the expense of those at the back of the pack.

How fast are you pedaling?

On this day (Oct. 11th):  The Juliana, 1st steam-powered ferryboat, begins operation in 1811.

 

 

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: