https://www.cerias.purdue.edu/site/blog/post/happy_anniversary_--_bang_my_head_against_a_wall/
[If you read only one story from InfoSec News today, read this one, and
all the comments below! - WK]
By Gene Spafford
CERIAS Blog
October 06, 2013
Over the last month or two I have received several invitations to go speak
about cyber security. Perhaps the up-tick in invitations is because of the
allegations by Edward Snowden and their implications for cyber security.
Or maybe it is because news of my recent awards has caught their
attention. It could be it is simply to hear about something other than the
(latest) puerile behavior by too many of our representatives in Congress
and I'm an alternative chosen at random. Whatever the cause, I am tempted
to accept many of these invitations on the theory that if I refuse too
many invitations, people will stop asking, and then I wouldn't get to meet
as many interesting people.
As I've been thinking about what topics I might speak about, I've been
looking back though the archive of talks I've given over the last few
decades. It's a reminder of how many things we, as a field, knew about a
long time ago but have been ignored by the vendors and authorities. It's
also depressing to realize how little impact I, personally, have had on
the practice of information security during my career. But, it has also
led me to reflect on some anniversaries this year (that happens to us old
folk). I'll mention three in particular here, and may use others in some
future blogs.
In early November of 1988 the world awoke to news of the first major,
large-scale Internet incident. Some self-propagating software had spread
around the nascent Internet, causing system crashes, slow-downs, and
massive uncertainty. It was really big news. Dubbed the "Internet Worm,"
it served as an inspiration for many malware authors and vandals, and a
wake-up call for security professionals. I recall very well giving talks
on the topic for the next few years to many diverse audiences about how we
must begin to think about structuring systems to be resistant to such
attacks.
Flash forward to today. We don't see the flashy, widespread damage of worm
programs any more, such as what Nimda and Code Red caused. Instead, we
have more stealthy botnets that infiltrate millions of machines and use
them for spam, DDOS, and harassment. The problem has gotten larger and
worse, although in a manner that hides some of its magnitude from the
casual observer. However, the damage is there; don't try to tell the folks
at Saudi Aramaco or Qatar's Rasgas that network malware isn't a concern
any more! Worrisomely, experts working with SCADA systems around the world
are increasingly warning how vulnerable they might be to similar attacks
in the future.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
