|By Bob Gourley||
|March 3, 2013 08:30 AM EST||
There are several certainties in computer security. One is that when adversaries have intent they will always find a way to get what they want. Another certainty is that leadership in government and industry is quick to forget the lessons learned in cyber security, especially those dealing with adversary action. This situation is known as Cyber Threat Amnesia. I believe there are cures for Cyber Threat Amnesia, and I think those cures might come with education, training and awareness, but that is just a theory, one that I hope is tested one day.
Till then, resolve yourself to this observable fact: Our history indicates cyber security events frequently cause action and remediation and those can get widespread attention. But soon after the attempt to remediate, organizations collectively forget about the threat.
Here is an updated list of major events. This is not all major events, just those widely reported to be “wake up calls” for the nation.
- 1970 and 1971 – The Defense Science Board publishes what will be known as the “Ware Report” highlighting the potential dangers to department information in the coming age of connected computing. This report was widely seen as a “wake up call” for computer security and caused changes at institutions like the National Security Agency to enhance the departments security posture.
- Nov 1988 – The Morris Worm was released and propagated throughout internetworked systems including those of the federal government. This “wake up call” resulted in establishment of computer response organizations throughout DoD and also resulted in increased funding for computer security research being provided to academic organizations and institutions. The CERT/CC at Carnegie Mellon University was funded.
- 1995 – The President’s Commission on Critical Infrastructure Protection (PCCIP) was widely regarded as a “wake up call” for the entire federal government and since it was extensively coordinated with industry and academia was also seen as a way forward in cybersecurity for the entire nation.
- 1997 – Deputy Secretary of Defense John Hamre was quoted as saying “Solar Sunrise was a wake up call for DoD.” This activity resulted in increased funding to cyber defense organizations and the creation of a new joint activity called DoD’s “Joint Task Force Computer Network Defense” or JTF-CND (Gourley was first Director of Intelligence (J2) there).
- 1998 Assistant Secretary of Defense Art Money was quoted as saying “Moonlight Maze was a wake up call for DoD.” This activity resulted in enhanced counterintelligence resources and more information sharing across the DoD law enforcement and counterintelligence.
- 2009 Director of National Intelligence Admiral Blair testified that “Buckshot Yankee was a wake up call” for the government. This activity resulted in more awareness and more funding for cyber security throughout the federal government.
- 2010 Deputy Secretary of Defense Lynn writes that “Google’s Aurora attacks were a wake up call for us all.” This wake up call resulted in stronger, deeper coordination across the federal space and underscored need for a DoD strategy.
- 2011 Deputy Assistant Secretary of Defense Bob Butler says “Wikileaks was a wake up call for DoD.” This wake up call resulted in significant activities and planning across the federal space aimed at enhancing security of information from disclosure.
- 2012 Sep, In one of the most destructive attacks against computers noted against any company to date, Saudi state-owned ole company ARAMCO had data destroyed on over 3/4 of their companies computers. The NY Times reports this as a “wake up call” and attributes intelligence officials with that assessment.
- 2012 Oct, South Carolina Gov Nikki Haley announced a massive hack into state websites. The Gov offered the excuse that these attacks are increasingly common. Reporters suggested this be her “wake up call”.
- 2012 Oct, Secretary of Defense Pannetta issues what he said is a “clarion call” for American’s to “wake up” to the growing cyber threat.
- 2012 Nov, Former Director of National Intelligence provides “wake up call” warning of a potential 9/11 type attack via cyber.
- 2012 Sep, Department of Energy issues a report on internal cybersecurity practices. This report by their internal inspector general was reportedly seen as a “wake up call” for the agency’s cyber security group.
- 2013 Jan, New York Times acknowledges hacks into its papers by Chinese sources. This was widely reported as a “wake up call” for security experts in media.
- 2013 Jan, Twitter was hit by a major hack in what security experts called a “wake up call” for the ecommerce and social media community.
- 2013 Jan, Attacks on US banks called a “wake up call” for the industry by cyber security professionals.
- 2013 Feb, Anonymous attacks against Federal Reserve investigated by FBI. Compromise, called a “wake up call” compromised data from the Fed’s Emergency Communications System.
- 2013 Feb, Chairman of the House Intelligence Committee expressed confidence that the hackers recently targeting newspapers and other companies would soon “wake up” Washington on cybersecurity.
- 2013 Feb, Mandiant releases a report exposing one of China’s Cyber Espionage Groups. This report, widely considered one of the best articulations of the threat, resulted in significant positive awareness on the seriousness of the threat and was widely called a wake up call. We believe this is one of the best pieces of cybersecurity research ever produced by an independent company, and we know it is making positive, virtuous change. We hope this goes a long way to really being the wake up call we all need.
Of course the reason to publish this list is not to make fun of people for using the term “wake up call.” The reason to publish the list is to get your brain deeper into the game. Maybe there is something you can do to prevent Cyber Threat Amnesia. Maybe you can suggest action to current community or government or business leaders? Or maybe you can find ways to educate policy makers or Congress or the American public? Or maybe you have other ideas for stopping this madness of forgetting about the threat.
SYS-CON Events announced today that SD Times | BZ Media has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and commercial UAV markets.
Mar. 28, 2017 09:45 AM EDT Reads: 4,377
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Mar. 28, 2017 09:45 AM EDT Reads: 2,195
Now that the world has connected “things,” we need to build these devices as truly intelligent in order to create instantaneous and precise results. This means you have to do as much of the processing at the point of entry as you can: at the edge. The killer use cases for IoT are becoming manifest through AI engines on edge devices. An autonomous car has this dual edge/cloud analytics model, producing precise, real-time results. In his session at @ThingsExpo, John Crupi, Vice President and Eng...
Mar. 28, 2017 09:15 AM EDT Reads: 4,043
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
Mar. 28, 2017 08:15 AM EDT Reads: 3,153
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Mar. 28, 2017 08:00 AM EDT Reads: 4,410
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
Mar. 28, 2017 06:00 AM EDT Reads: 2,985
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
Mar. 28, 2017 06:00 AM EDT Reads: 4,309
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem" ...
Mar. 28, 2017 06:00 AM EDT Reads: 8,915
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
Mar. 28, 2017 02:30 AM EDT Reads: 2,060
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
Mar. 28, 2017 02:15 AM EDT Reads: 3,144
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
Mar. 28, 2017 02:00 AM EDT Reads: 3,939
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Mar. 28, 2017 01:00 AM EDT Reads: 2,377
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
Mar. 28, 2017 12:45 AM EDT Reads: 1,012
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Mar. 27, 2017 09:45 PM EDT Reads: 3,702
Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, represent...
Mar. 27, 2017 08:15 PM EDT Reads: 6,367
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
Mar. 27, 2017 07:45 PM EDT Reads: 2,238
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Mar. 27, 2017 07:30 PM EDT Reads: 4,623
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Mar. 27, 2017 02:45 PM EDT Reads: 2,013
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
Mar. 27, 2017 02:30 PM EDT Reads: 4,050
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Mar. 27, 2017 02:00 PM EDT Reads: 2,125