Welcome!

Government Cloud Authors: Elizabeth White, Pat Romanski, Dana Gardner, Liz McMillan, Gopala Krishna Behara

Related Topics: Government Cloud, Cloud Security

Government Cloud: Blog Feed Post

Beware Cyber Threat Amnesia!

Awake Yet? The list of cyber security “wake up calls” grows, as predicted...

There are several certainties in computer security. One is that when adversaries have intent they will always find a way to get what they want. Another certainty is that leadership in government and industry is quick to forget the lessons learned in cyber security, especially those dealing with adversary action. This situation is known as Cyber Threat Amnesia.  I believe there are cures for Cyber Threat Amnesia, and I think those cures might come with education, training and awareness, but that is just a theory, one that I hope is tested one day.

Till then, resolve yourself to this observable fact: Our history indicates cyber security events frequently cause action and remediation and those can get widespread attention. But soon after the attempt to remediate, organizations collectively forget about the threat.

Here is an updated list of major events. This is not all major events, just those widely reported to be “wake up calls” for the nation.

  • 1970 and 1971 – The Defense Science Board publishes what will be known as the “Ware Report” highlighting the potential dangers to department information in the coming age of connected computing. This report was widely seen as a “wake up call” for computer security and caused changes at institutions like the National Security Agency to enhance the departments security posture.
  • Nov 1988 – The Morris Worm was released and propagated throughout internetworked systems including those of the federal government. This “wake up call” resulted in establishment of computer response organizations throughout DoD and also resulted in increased funding for computer security research being provided to academic organizations and institutions. The CERT/CC at Carnegie Mellon University was funded.
  • 1995 – The President’s Commission on Critical Infrastructure Protection (PCCIP) was widely regarded as a “wake up call” for the entire federal government and since it was extensively coordinated with industry and academia was also seen as a way forward in cybersecurity for the entire nation.
  • 1997 – Deputy Secretary of Defense John Hamre was quoted as saying “Solar Sunrise was a wake up call for DoD.” This activity resulted in increased funding to cyber defense organizations and the creation of a new joint activity called DoD’s “Joint Task Force Computer Network Defense” or JTF-CND (Gourley was first Director of Intelligence (J2) there).
  • 1998 Assistant Secretary of Defense Art Money was quoted as saying “Moonlight Maze was a wake up call for DoD.”  This activity resulted in enhanced counterintelligence resources and more information sharing across the DoD law enforcement and counterintelligence.
  • 2009 Director of National Intelligence Admiral Blair testified that “Buckshot Yankee was a wake up call” for the government. This activity resulted in more awareness and more funding for cyber security throughout the federal government.
  • 2010 Deputy Secretary of Defense Lynn writes that “Google’s Aurora attacks were a wake up call for us all.”  This wake up call resulted in stronger, deeper coordination across the federal space and underscored need for a DoD strategy.
  • 2011 Deputy Assistant Secretary of Defense Bob Butler says “Wikileaks was a wake up call for DoD.”   This wake up call resulted in significant activities and planning across the federal space aimed at enhancing security of information from disclosure.
  • 2012 Sep, In one of the most destructive attacks against computers noted against any company to date, Saudi state-owned ole company ARAMCO had data destroyed on over 3/4 of their companies computers. The NY Times reports this as a “wake up call” and attributes intelligence officials with that assessment.
  • 2012 Oct, South Carolina Gov Nikki Haley announced a massive hack into state websites. The Gov offered the excuse that these attacks are increasingly common. Reporters suggested this be her “wake up call”.
  • 2012 Oct, Secretary of Defense Pannetta issues what he said is a “clarion call” for American’s to “wake up” to the growing cyber threat.
  • 2012 Nov, Former Director of National Intelligence provides “wake up call” warning of a potential 9/11 type attack via cyber.
  • 2012 Sep, Department of Energy issues a report on internal cybersecurity practices. This report by their internal inspector general was reportedly seen as a “wake up call” for the agency’s cyber security group.
  • 2013 Jan, New York Times acknowledges hacks into its papers by Chinese sources. This was widely reported as a “wake up call” for security experts in media.
  • 2013 Jan, Twitter was hit by a major hack in what security experts called a “wake up call” for the ecommerce and social media community.
  • 2013 Jan, Attacks on US banks called a “wake up call” for the industry by cyber security professionals.
  • 2013 Feb, Anonymous attacks against Federal Reserve investigated by FBI. Compromise, called a “wake up call” compromised data from the Fed’s Emergency Communications System.
  • 2013 Feb, Chairman of the House Intelligence Committee expressed confidence that the hackers recently targeting newspapers and other companies would soon “wake up” Washington on cybersecurity.
  • 2013 Feb, Mandiant releases a report exposing one of China’s Cyber Espionage Groups. This report, widely considered one of the best articulations of the threat, resulted in significant positive awareness on the seriousness of the threat and was widely called a wake up call. We believe this is one of the best pieces of cybersecurity research ever produced by an independent company, and we know it is making positive, virtuous change. We hope this goes a long way to really being the wake up call we all need.

Of course the reason to publish this list is not to make fun of people for using the term “wake up call.”  The reason to publish the list is to get your brain deeper into the game. Maybe there is something you can do to prevent Cyber Threat Amnesia.  Maybe you can suggest action to current community or government or business leaders? Or maybe you can find ways to educate policy makers or Congress or the American public? Or maybe you have other ideas for stopping this madness of forgetting about the threat.

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in development and launches of disruptive technologies to create new market opportunities as well as enhance enterprise product portfolios with emerging technologies. His most recent venture was Octoblu, a cross-protocol Internet of Things (IoT) mesh network platform, acquired by Citrix. Prior to co-founding Octoblu, Chris was founder of Nodester, an open-source Node.JS PaaS which was acquired by AppFog and ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...