Happy Anniversary -- Bang My Head Against A Wall

[InfoSec News <alerts () infosecnews org>]

https://www.cerias.purdue.edu/site/blog/post/happy_anniversary_--_bang_my_head_against_a_wall/

[If you read only one story from InfoSec News today, read this one, and 
all the comments below!  - WK]


By Gene Spafford
CERIAS Blog
October 06, 2013

Over the last month or two I have received several invitations to go speak 
about cyber security. Perhaps the up-tick in invitations is because of the 
allegations by Edward Snowden and their implications for cyber security. 
Or maybe it is because news of my recent awards has caught their 
attention. It could be it is simply to hear about something other than the 
(latest) puerile behavior by too many of our representatives in Congress 
and I'm an alternative chosen at random. Whatever the cause, I am tempted 
to accept many of these invitations on the theory that if I refuse too 
many invitations, people will stop asking, and then I wouldn't get to meet 
as many interesting people.

As I've been thinking about what topics I might speak about, I've been 
looking back though the archive of talks I've given over the last few 
decades. It's a reminder of how many things we, as a field, knew about a 
long time ago but have been ignored by the vendors and authorities. It's 
also depressing to realize how little impact I, personally, have had on 
the practice of information security during my career. But, it has also 
led me to reflect on some anniversaries this year (that happens to us old 
folk). I'll mention three in particular here, and may use others in some 
future blogs.

In early November of 1988 the world awoke to news of the first major, 
large-scale Internet incident. Some self-propagating software had spread 
around the nascent Internet, causing system crashes, slow-downs, and 
massive uncertainty. It was really big news. Dubbed the "Internet Worm," 
it served as an inspiration for many malware authors and vandals, and a 
wake-up call for security professionals. I recall very well giving talks 
on the topic for the next few years to many diverse audiences about how we 
must begin to think about structuring systems to be resistant to such 
attacks.

Flash forward to today. We don't see the flashy, widespread damage of worm 
programs any more, such as what Nimda and Code Red caused. Instead, we 
have more stealthy botnets that infiltrate millions of machines and use 
them for spam, DDOS, and harassment. The problem has gotten larger and 
worse, although in a manner that hides some of its magnitude from the 
casual observer. However, the damage is there; don't try to tell the folks 
at Saudi Aramaco or Qatar's Rasgas that network malware isn't a concern 
any more! Worrisomely, experts working with SCADA systems around the world 
are increasingly warning how vulnerable they might be to similar attacks 
in the future.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/