The title of this post isn’t mine. It’s the title of an article written by Mark Weatherford that Kevin Perry forwarded to me this week. Mark, as you may know, is the former VP and CSO of NERC and former DHS Deputy Undersecretary for Cybersecurity (and I believe he was the first officer at DHS who had “cybersecurity” in his title). He’s currently CISO at AlertEnterprise and Chief Strategy Officer at the National Cybersecurity Center. He also is the moderator of the panel I’ll be participating on in this year’s virtual RSA Conference.
I’ll let you read it, but Mark
makes a great point: It’s way past time that we should stop calling each new
cyberattack a “game-changer”, “wake-up call”, “watershed moment”, etc. All of
these phrases subtly convey the idea that this latest cyberattack could never
have been properly prepared for. Furthermore, nobody is really to blame for it
happening (other than the attackers), since it was so unprecedented that it
would have been almost impossible to defend against it.
The problem with this idea is that
there’s literally no end to possible cyberattack types. There will always
be “game-changing” attacks, since the game is always changing anyway. I’ll
grant that nobody (that I know of) predicted that the software build process
itself could be compromised and malware planted without the developer having
any idea this was happening, as about 1,000 Russians did in the case of SolarWinds,
just as nobody (again, that I know of) predicted that a fired AWS employee
would be able to penetrate
the cloud environments of at least 30 AWS customers and cause serious
damage to one of them, Capital One…etc.
In fact, I’d say the only real
game-changing cyberattack was the Morris Worm of 1988. This
infected a few thousand computers, crashing a large number of them. The crashes
were due to a coding error by Morris, the perpetrator. He actually didn’t
intend to cause harm. In fact, he considered this to be a wake-up call! It was
certainly that. In fact the CERT-CC was founded at Carnegie-Mellon as a result
of this attack. And if you think a few thousand computers isn’t a lot, consider
that there were only about 60,000 computers connected to the internet at the
time.
Ever since the Morris Worm, the internet
community should have been not only protecting against whatever led to the last
big attack, but trying to anticipate what the next one will be. But we all have
suffered from a failure of imagination, which is why we continue to have game-changing
attacks, and probably will until human nature changes.
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would
love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment