I have to say that the whole Wikileaks debacle that is going on right now is hard to wrap my head around. Not that I can't imagine someone releasing sensitive information about the US govenrment, hell there is a whole genre of movies on the spy trade after all. What I can't understand is why there are Americans that see Wikileaks as a "good" thing? Maybe it's genetic, who knows?
All I know is that if the data/information that was obtained was something else of value, say money stolen from the government, would their be any question of how "wrong" the theft of and further distribution would be? Hiding behind the first amendment and the freedom of the press is just another example of how our country is bending over backwards to ensure that the rights of the extremists aren't violated while the rest of the country suffers in the wake of their actions.
But I digress...
My biggest beef with this latest PFC who stole classified information is the resulting increase in security measures at DoD facilities. I can't go into details but I compare what is happening now to just about every single stupid sign in existence: "Caution, coffee may be hot!", "Slippery when wet!", etc....
Why? Because now when people ask why we can't do something the easy way or the most efficient way we end up saying: "oh, you remember that idiot PFC that gave Wikileaks all those documents?" That's why...
All it takes is one rotten apple to spoil the bunch. I only hope our government decides to make applesauce of those involved...
Sunday, January 23, 2011
Sunday, January 16, 2011
What will the future bring?
A few weeks ago I posted a little something about a movie that, though cheezy, wound up being a bit prophetic in regards to information security and the Internet. Since then I have been wondering what the future holds for all of us.
My mind often focusses on a quote, one that I cannot seem to find a reference for, that says something to the effect of "our military is always prepared to fight the previous war." Essentially saying that looking forward, especially if we have always been on the winning end of a conflict is difficult for us Americans.
But this has always been our flaw. Think of all the conflicts that America has had a hard time dealing with, Vietnam and Afghanistan are two that come to mind. In both instances our typical approach to warfare didn't/doesn't work. Hindsight being 20/20 most everyone can point flaws in the approach to the Vietnam conflict. While many are wondering if our troops can ever succeed in Afghanistan.
So what does this have to do with Information Security? Everything! While aircraft, ships, tanks and troops will always be a necessity the next war will start in cyberspace. Degrading your opponent's ability to fight will give you the advantage when troops eventually hit the ground.
So how do we currently fight our enemies? Without going into too much detail, our country has decided to engage in cyber warfare the same way it chooses to engage in any other sort of conflict. You have units, those units are responsible for certain tasks. Attack orders can be issued, followed, then verified upon completion. Very structured, very rigid, very broken...
Our enemies in the next war will launch their attacks against our cyber strongholds from small cells across the globe using our own resources against us. Our monolithic cyber commands will fail within minutes. The infrastructure of the United States will be left in shambles, our economy decimated, and our ability to recover severely hampered.
I don't see any way around this with our current approach. Our country simply puts too much stock into the tools we use to defend our networks, there simply isn't enough human intelligence going into the active defense of those networks. Consider this, if you had a billion computer bot-net attack our nation's cyber command right now could it withstand the assault? Not likely, in effect the only defense in such an attack would be for a person to reconfigure a router or flip a switch to reboot a server or two. Too little too late....
Need a better metaphor think Battlestar Gallactica and how it denied the enemy the ability to infiltrate their systems by having people perform tasks that would otherwise be automated. So what then, am I saying we need? We need high speed neural interfaces that allow people like you and me to integrate with our defense networks. That integration, if correctly implemented, could provide us with the edge we need.
Think about it... every day our minds absorb countless amounts of data and process the information looking for anomolies, seeing patterns, and adapting to changing environments. In essence, we need a neural interface type system because we simply do not have the knowledge to develop an AI capable of rivaling the human brain and likely never will (not anytime soon anyway). Giving a person the ability to detect an attack, initiate a response, establish a defense, and identify patterns on the fly within milliseconds could turn the tide of war in our favor when the time comes.
So is this science fiction or can anyone else see this as the direction we are heading in? In 5, 10, 20, or 50 years from now when this becomes reality just remember who said it first!
My mind often focusses on a quote, one that I cannot seem to find a reference for, that says something to the effect of "our military is always prepared to fight the previous war." Essentially saying that looking forward, especially if we have always been on the winning end of a conflict is difficult for us Americans.
But this has always been our flaw. Think of all the conflicts that America has had a hard time dealing with, Vietnam and Afghanistan are two that come to mind. In both instances our typical approach to warfare didn't/doesn't work. Hindsight being 20/20 most everyone can point flaws in the approach to the Vietnam conflict. While many are wondering if our troops can ever succeed in Afghanistan.
So what does this have to do with Information Security? Everything! While aircraft, ships, tanks and troops will always be a necessity the next war will start in cyberspace. Degrading your opponent's ability to fight will give you the advantage when troops eventually hit the ground.
So how do we currently fight our enemies? Without going into too much detail, our country has decided to engage in cyber warfare the same way it chooses to engage in any other sort of conflict. You have units, those units are responsible for certain tasks. Attack orders can be issued, followed, then verified upon completion. Very structured, very rigid, very broken...
Our enemies in the next war will launch their attacks against our cyber strongholds from small cells across the globe using our own resources against us. Our monolithic cyber commands will fail within minutes. The infrastructure of the United States will be left in shambles, our economy decimated, and our ability to recover severely hampered.
I don't see any way around this with our current approach. Our country simply puts too much stock into the tools we use to defend our networks, there simply isn't enough human intelligence going into the active defense of those networks. Consider this, if you had a billion computer bot-net attack our nation's cyber command right now could it withstand the assault? Not likely, in effect the only defense in such an attack would be for a person to reconfigure a router or flip a switch to reboot a server or two. Too little too late....
Need a better metaphor think Battlestar Gallactica and how it denied the enemy the ability to infiltrate their systems by having people perform tasks that would otherwise be automated. So what then, am I saying we need? We need high speed neural interfaces that allow people like you and me to integrate with our defense networks. That integration, if correctly implemented, could provide us with the edge we need.
Think about it... every day our minds absorb countless amounts of data and process the information looking for anomolies, seeing patterns, and adapting to changing environments. In essence, we need a neural interface type system because we simply do not have the knowledge to develop an AI capable of rivaling the human brain and likely never will (not anytime soon anyway). Giving a person the ability to detect an attack, initiate a response, establish a defense, and identify patterns on the fly within milliseconds could turn the tide of war in our favor when the time comes.
So is this science fiction or can anyone else see this as the direction we are heading in? In 5, 10, 20, or 50 years from now when this becomes reality just remember who said it first!
Sunday, January 9, 2011
Benefits of Certification?
Over the holidays I took the opportunity to put my Security+ training course to use and take the CompTIA Certification Exam. I found the exam rather easy, scoring 895 out of 900. Apparently, I missed just one question concerning the tools used by security specialists. Since I have never actually used any of the tools referenced in the exam I guess it should come as no surprise that I missed a question in that knowledge area.
I have to say that I am a bit concerned, though. I truly didn't study very hard for the exam. Sure I went to a training course provided by Learning Tree International, but my experience there was less than stellar. It makes me wonder just how well I would have done without any preparation at all. Considering my most recent experience in the workforce has been in software engineering and not security the level of effort required on my part is a little disconcerting. Beyond that it makes me wonder just how necessary this certification was for me.
This certification is my very first certification EVER after having worked in the IT industry for over 15 years! I have always been the type of person that feels that certifications are only useful for those who are either new to a career field or for employers to demonstrate to their superiors and or customers that their team is competent. After having taken and earned this certification I feel justified in my previous assumptions. There simply is no substitute for work experience. Education and certification only provides a base understanding of concepts, in my opinion, nothing more.
I had considered going for the CISSP a while back (don't ask me why). But I honestly cannot justify the effort or expense, now more than ever. Perhaps if I am offered a job in which a CISSP is required, maybe then I will revisit this idea. Until then I will simply leave the certification test taking to college graduates and noobs to the workforce.
I have to say that I am a bit concerned, though. I truly didn't study very hard for the exam. Sure I went to a training course provided by Learning Tree International, but my experience there was less than stellar. It makes me wonder just how well I would have done without any preparation at all. Considering my most recent experience in the workforce has been in software engineering and not security the level of effort required on my part is a little disconcerting. Beyond that it makes me wonder just how necessary this certification was for me.
This certification is my very first certification EVER after having worked in the IT industry for over 15 years! I have always been the type of person that feels that certifications are only useful for those who are either new to a career field or for employers to demonstrate to their superiors and or customers that their team is competent. After having taken and earned this certification I feel justified in my previous assumptions. There simply is no substitute for work experience. Education and certification only provides a base understanding of concepts, in my opinion, nothing more.
I had considered going for the CISSP a while back (don't ask me why). But I honestly cannot justify the effort or expense, now more than ever. Perhaps if I am offered a job in which a CISSP is required, maybe then I will revisit this idea. Until then I will simply leave the certification test taking to college graduates and noobs to the workforce.
Subscribe to:
Posts (Atom)