Is the ‘Iron Dome’ doomed?

Yesterday, KrebsOnSecurity.com featured an interesting article on a not-so-surprising topic. Not-so-surprising in that Brian Krebs outlines—get ready—another computer system compromise. No, I’m not kidding. These are becoming so frequent that the topic may be at risk of becoming background noise, just like many other notices of serious and unfortunate events brought to us by our media of choice. Despite the droning, the KrebsOnSecurity article is interesting to me for a number of reasons.

 

First, as a security strategist, like you I have my place in the Defense Against Evil-doers domain. For that reason alone, I find the article a personal must-read. Not because it is so utterly fascinating; rather, because the article is another important reminder of what can and will go wrong if we don’t pay attention. Of course, there is the intrigue of missiles and foreign spies. That’s interesting, too. After all, this is material from which Tom Clancy novels are written.

 

The second reason the Krebs article is interesting is that the crime is reported to have been carried out by the age-old spear phishing attack. I love to study these attacks, but I am loath to be the target. “Dear Bruce: I have been admiring you from a distance as a ‘friend’ for many years, but I have been too shy to tell you how I really feel. The time to expose my feelings seems right, and I hate regrets. It’s now or never. I hope you have secretly felt the same way, but we should take this slow. I have posted some recent photos of me….” Well, you know where that goes.  In every organization on the planet, there probably is going to be at least one person who cannot resist and does the <click> thing. Like the defense contractors cited in the Krebs article, the consequence of a single mouse click may put either a business or lives at risk—or both. That’s a risk that none can afford.

 

Finally, the article is of particular interest to me because I spent 28 years in the defense industry. Specifically, I served in the enlisted and then commissioned ranks of the US Air Force. In one of my last roles before my military retirement, I was fortunate enough to have held a leadership position on a team that investigated a massive breach of our personnel system. The investigation and resulting strategy was a valuable learning opportunity for me, and our team ultimately helped the USAF step up its security game. That is another story for another day, though. For now, there are some recurring themes in the Krebs article that are worth reiterating:

 

  • Bad guys want our stuff. Except in fantasy game play and perhaps certain governments, we cannot eliminate the bad guys; thus, we must do our best to ensure they either don’t pick us as a target or, if they do pick us, we are adequately trained to respond in a manner that reduces the impact.
  • It is easy to fall prey to phishing. One of the best strategies for dealing with this is awareness and education. Some organizations get this and have programs in place to deal with it. Others mistakenly place too much emphasis on technical solutions at the expense of comprehensive, security goals-focused training programs.
  • Another’s breach can become “our” problem. Consider the technology IP that is reported to have been stolen.  Potential revenue loss aside, regardless of your industry or country of origin, advanced technological knowledge can escape the boundaries of the parties involved and result in negative consequences for others.  Simple identify theft, for example, inevitably involves a third party—a landlord, a retail store, a bank. And we’re talking weapons technology here.

 

If you are a Sun Tzu fan, recall the importance he placed on knowing the enemy. In our business, that means understanding who the bad guys are, how they think, and what vectors they use to attack our systems. With that knowledge, we can mount a reasonably effective defense.

 

To get your Sun Tzu on, consider joining me at HP Protect 2014. In addition to learning how to think like a bad guy, you can catch Brian Krebs on the mainstage. Don’t put your own “Iron Dome” at risk.  Stay educated. Stay aware.

 

Oh, and for the record, I didn’t click.

 

-bcj

 

Labels: Fortify
Comments
kevinmac | ‎07-29-2014 05:46 PM

Great job!!

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.