Recently in Disruptors
Filed in: Halting State
I just finished reading Charles Stross' book entitled "
Halting State." I heard about it on Roderick Jones' blog,
MetaSecurity,
and put it on my list. I am certainly glad that I did. Those of you who
have been around for a while know that I am very interested in how
virtual worlds might be used in intelligence collection and police work
in the future. This book is right down my alley. It has orcs robbing
banks in a World of Warcraft type game and hauling real money out to
the physical world. It has shadowy spy agencies running live action
role playing games (LARPs) and using the players to collect real
intelligence to get points in the game. The players themselves think it
is all make-believe, but in reality, the situation is all dangerously
authentic. The author writes in a staccato style, peppering the page
with clauses and phrases of rich insights into what the world might be
in the near future. Stross throws hundreds of ideas at you throughout
the story: eyeglasses that everybody wears because they are the
man-to-machine interface to the metaverse, cops on a crime scene
recording everything they are doing as evidence with both video and
audio (through their glasses), the deployment of certain high-pitched
sounds that cause extreme vertigo and nausea into houses and businesses
as defensive measures against criminals, and terrorists running
training camps in "Second Life" like environments.
I am starting to see a pattern in near future sci-fi literature where
the bad guys figure out how
to lasso the gaming communities to execute
game missions to further some nefarious purpose. The other two books I
am familiar with are "
Daemon" and its sequel "
Freedom,"
both by Daniel Suarez. "Daemon" is the first in a reported trilogy
where an evil genius creates a World of Warcraft type game and recruits
players for his nefarious missions out of the game. He crafts quests in
the game designed to identify certain player-character traits. As these
players are successful and move up in the game and others fall to the
wayside, the evil genius continues to send the successful gamers highly
specialized quests. At some point, he starts sending key players out of
the game and into the real world to perform missions for in-game
rewards. Hollywood is making a movie out of "Daemon," and "Freedom"
just hit the bookstore shelves this month.
At iDefense, we have identified virtual worlds as one of our cyber
security disruptors, that is, technologies or ideas that are not mature
at present but in a few short years will fundamentally change how we
all protect the enterprise. There are key factors supporting this idea.
The establishment of virtual currencies, the exponential growth in the
number of players, and the slow convergence of the thousands of gaming
environments into one metaverse as outlined by Neil Stephenson in his
book "Snow Crash," just to name three.
If you are a newbie to this, my advice is to read "Snow Crash"
first, then "Daemon," "Halting State" and "Freedom" in that order. I
recommend all of them. Besides, you should have read "Snow Crash" by
now. It is required reading for anybody in the cyber security field.
(1 Comment)
Filed in: 2010 Cyber Security Predictions
It's prediction time. You all know it is that time of year. All the
blogs, news sites and crackpot prognosticators are making their
end-of-year guesses about what is going to happen in 2010. I don't want
to be left out of that august group. The boys and girls here at
iDefense have some thoughts about that very subject and if we are
anything, we are opinionated.
We will deliver our own annual iDefense trends paper to customers this
afternoon. This is the tome that takes a look back at 2009 in an effort
to contextualize those key significant issues that impacted the
enterprise, identify potential new issues that we all need to keep an
eye on in 2010 and characterize new ideas and technologies that may not
affect us this year, but will within the next five to ten years. We
call these longer range ideas the iDefense Security Disruptors. I wrote
about
security disruptors last week.
The general public will not get to see the paper for a few weeks. We
have to give our customers first crack at the intelligence. We will be
doing a public webinar on the subject on Jan. 28, 2010 at 2 p.m. EST/11
a.m. PST. You can register
here if you are interested in attending.
It does not mean that I can't give you a sneak peak though about what is in the paper.
Two major themes emerged this year. First, we have a steady evolution
of malicious tools of the trade that we affectionately refer to as "bad
guy tactics." There is nothing mind blowing here per se, but we are
seeing a consistent advancement in the efficiency and deviousness of
these tools. The second theme is broader in scope and deals with
thought leadership and dollars for security spending. We have noticed a
shift in the center of gravity away from typical network defenders and
commercial security companies toward government policy makers around
the world. Going into 2010, the cyber security landscape is poised for
a widespread transformation. Governments have declared and positioned
themselves as the primary participants on both the offensive and
defensive sides. It will likely take several years before the
implications of this transition are fully realized and before the
public appreciates the full scale of government involvement; but,
security historians will mark 2009 as the year that the transition
began.
Enough stalling, what about those predictions I was bragging
about? In last year's paper, we made 19 predictions. We got 14 right,
one wrong and four that will probably push into 2010. For this year's
paper, we are making 18 predictions for 2010. Here are some of the
notable ones:
1. There will be more Windows 7 vulnerabilities in 2010 than
all of the Windows Vista vulnerabilities discovered in the three years
since its release.
2. Malware spreading over social networking sites will rapidly increase relative to other malware-distribution mechanisms.
3. The US government will likely spend much of 2010 trying to
implement the priorities that it set in 2009, but will have mixed
success, some failures and increasing incoherence.
4. Russian attackers will increase the complexity of their
attacks against financial institutions, especially by combining attack
types, such as DDoS attacks, to distract or blind security personnel
while they execute large fraudulent transactions.
5. Chinese information operations against strategic rivals or
rich sources of intellectual property are likely to increase, though
more intensely against India than other nations.
6. Brazilian cyber criminals will start focusing more
attention on increasing the technical effectiveness of
malware-distribution methods.
In other words, in the short term (2010), we will see more of
the same in terms of vulnerabilities and malicious code; a uniform
advancement in pernicious tactics. In the long run (2010-15), we will
all be reacting to worldwide governments as they throw their big
budgets around and begin to set international policy for cyber space.
(No Comments)
Filed in: Cyber Security Disruptors
It is the end of the year, and most security companies are rolling out their annual security trends reports. We are no exception. We should have our version published to our internal customers by next week and are planning a public presentation Webinar sometime in January. Stay tuned.
For the past couple of years, we have been talking about some intriguing ideas in our annual report. We call them cyber security disruptors. In the commercial world, the notion of a business disruptor centers on ideas or technologies that fundamentally change the way a business sector operates. One example is the combination of iTunes and the iPod. Other companies sold digital music before Apple Inc. came up with this combination at the right price point, but once they did, they fundamentally changed how people in the West purchased music. Since the late 1990s, consumers have been buying less music on CDs but purchasing
digital music. That is a business disruptor. Similar to business disruptors, a cyber security disruptor is an idea or technology coming down the pipe that will fundamentally change how enterprise security staffs protect their environments. These are technologies that will start to impact us within the next five to 10 years.
In last year's trends paper, we identified five such cyber security disruptors:
- The Metaverse
- IPv6
- Top-Level Domains and International Domain Names
- Cyber Terrorism
- Mobile Platform
I won't talk about these here. If you have attended any of my presentations this year or read last year's report, you have gotten an earful about them. What I will do from time to time in this space though is update the status when significant developments occur.
For next year, we are adding two new cyber security disruptors to the list: cloud computing and application stores. I will talk about the applications stores at a later date. I'd like to focus on the cloud for now.
Cloud computing has been in the news a lot in 2009, but not everyone understands what it really is. Since iDefense wrote a paper on the subject in May, let me take a shot at it. Cloud computing is a class of technologies that takes advantage of commodity production to lower the cost of doing the service in-house and transfers the burden of maintaining the infrastructure, platform or application out of the enterprise and into the hands of a third-party provider. It is disruptive because of the cost. The low cost of utilizing a cloud service provider, at least for some services, is too attractive to keep chief financial officers away. There are security risks for sure - including availability issues, recovery issues, investigative support issues, data segregation issues, third-party viability and longevity issues, regulatory compliance issues, privileged user access issues, and data location issues - but there are ways to monitor and mitigate them. In some cases, the mitigation is complex but manageable. One of my bosses, Nico Popp, vice president of Innovation at VeriSign, wrote an interesting
blog about this very topic not two weeks ago. He says the following: "In the same way that the cloud is challenging software platform vendors and ISVs, the cloud is about to disrupt the world of security." I agree with him. Cloud computing is coming, and security departments will have to learn to deal with it, if not in 2010, then within the next five years.
(No Comments)
