Security conference offers weird, woeful predictions

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/securitytopics/security/story/0,10801,81402,00.html

By James Careless, 
ITWorldCanada
MAY 21, 2003

The good news: By 2010, computers should match the human brain in
processing power. The bad news: By decade's end, wireless-based
viruses, hacking and security breaches will be a major headache for IT
administrators.

These forecasts were made earlier this week by IBM and Symantec Corp.,
respectively, at the 15th annual Canadian IT Security Symposium hosted
by the Communications Security Establishment (CSE).

IBM Research's John Heidenreich dazzled delegates with his company's
view of the future. After opening with a list of past failed
predictions -- like Bill Gates' 1981 quip that "640K ought to be
enough for anybody" -- he detailed "the changes we believe will come
to pass."

First, "the message in technology is a simple one: faster, better,
cheaper," Heidenreich said. And by the time "silicon runs out of
steam," molecular-based nanotechnology will take its place, he said.  
"My guess is that you will start to see machines built using
nanotechnology by the end of this decade," Heidenreich said.

Other IBM Research predictions: Within 10 years, computers will be
embedded in so many devices that nonembedded desktop and laptop
computers will cease to be made. Supercomputers will also attain
processing power equivalent to the human brain, "but without all the
autonomic distractions," Heidenreich said. As a comparison, he
characterized the IBM Deep Blue supercomputer that beat chess champion
Gary Kasparov in 1997 as having the computational power "of a lizard."

Heidenreich then tempered IBM Research's predictions with a few
warnings.

The current data explosion is now growing at a "superexponential"  
rate, he said, creating more information than humans alone can
analyze. To sift through that data accurately, they need new computers
to help.

Heidenreich also said IT managers must start asking, "What does it
cost me when my information systems go down?" He added that IT
failures are likely to cause "major disasters" in the future. Already,
a failed SAP AG installation crashed one Canadian bank's IT system for
five days, he said, while another company's ERP misadventures caused
it to miss its quarterly sales targets.

He went on to say that the real reason for developing computers with
human-size processing capability -- autonomic computers -- isn't so
that they can think, but rather to help humans manage IT systems
effectively. "Autonomic computing is not about technology,"  
Heidenreich said. "Autonomic computing is about [maintaining]
standards."

Meanwhile, Symantec Chief Technology Officer Robert A. Clyde offered
delegates a cautionary tale about wireless security. Citing IDC
research, Clyde said there will be 589 million mobile Internet users
in 2005, about half of all Internet users by that time. The problem,
he said, is that many of these mobile, Wi-Fi and Bluetooth-connected
users won't have adequate protection from viruses and hackers.

Of particular concern is the burgeoning growth of 802.11b wireless
access points, many of which are installed by employees without the
knowledge of their IT departments. Such "rogue" access points tend to
be unsecured, he noted, giving Wi-Fi-equipped hackers easy access to
corporate systems.

The problems with mobile/Wi-Fi/Bluetooth connectivity don't end there,
Clyde said. Infected devices can import viruses and malicious code
directly into a corporate system whenever they're synced, and data
cached on Wi-Fi laptops with Windows File Share switched on can be
accessed by wireless hackers.

The answer is to develop basic wireless security precautions, Clyde
said. These include defining corporate standards for wireless devices
and operating systems, standardizing and controlling wireless
purchases through one corporate entity. and specifying what data and
applications are safe to store on firewall-protected,
encryption-enabled devices. He also suggested routing all Wi-Fi access
points through a firewall before letting them access the wired
corporate network, applying encryption to all remote links and using
updated antivirus filtering.

Clyde concluded by saying that wireless access is quickly becoming a
fact of corporate life. "Get ahead of the curve, and find out how you
can handle it securely," he said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.