CM
I never wanted to spend my life in IT. I passed a programming exam at high school because I promised the teacher I would never return. It was the hardest 50% I ever had to work for! My passions were history and literature, and especially Latin, which I was actually quite good at. And little did I realise all these years later that the “dead” civilisation would come back to haunt me!
Anyone who has ever visited Rome, or seen any of the Roman ruins cannot help but be amazed. The Romans built a phenomenal empire, and we still wonder how they could construct the Coliseum, and any number of amazing constructions all over Europe, the Middle East and Africa. And yet one of the most amazing civilisations in history came to a sad and sorry end. And there are countless reasons given for their ultimate demise, such as inept politicians and overindulgence in a variety of pastimes.
However among the many reasons for the decline and fall of the empire, three factors stand out; infrastructure, outsourcing and off shoring.
In order to facilitate military and commercial movement, an extensive infrastructure was created. However defending such an enterprise as the Roman Empire was a massive drain on both financial and human resources. Eventually they started to outsource the work to those who had been “acquired”, which in turn resulted in knowledge transfer that was used against them. Then in order to supply the needs of a large international enterprise, it became easier to offshore the supply of goods. After all they were in charge, and all the “C-level” execs had control, and why pay expensive citizens when cheap labour could do the job.
Unfortunately it sounds sadly familiar. We have an infrastructure beyond any previous empire’s imagination, and in order to keep it running we have outsourced the management, and we’ve off-shored the services. And now it comes back to haunt us.
According to Janet Napolitano, head of US Homeland Security, “a cyber 9/11, which could cripple critical infrastructures such as telecommunication, water, electricity and gas, may be imminent.”
Daily we are reading about increased cyber-attacks. It’s not those annoying script kiddies anymore, or anonymous disgruntled individuals and groups. Now it’s those very countries to which we have outsourced and off-shored, who are using the global infrastructure that we have created to attack us.
According to Der Spiegel, there has been a massive increase in cyber-attacks against key German infrastructure and commercial interests in the past months. Companies such as EADS, Bayer, and ThyssenKrupp have been targeted. A few months ago EADS was on the receiving end of “a significant” attack, according to company sources. The incident was so serious, however, that the company reported it to the German government. Is it a coincidence that probably the only Western economy that has a trade surplus, is probably the most targeted when it comes to corporate data, or that the US as the military superpower is the most targeted when it comes to infrastructure? Or are we all just paranoid!
Kaspersky and Fireeye have recently identified what is affectionately known as “MiniDuke” and already twenty three countries have reported that they have been the victims of intelligence theft, with political organisations being the key targets. MiniDuke has got its name from Duqu, and shares with its illustrious predecessor the ability to steal the private keys used for SSL certificates.
According to Mike Rogers of the US Federal Government’s House Intelligence Committee, “They’re taking blueprints back, not just military documents, but civilian innovation that companies are gonna use to create production lines to build things. They’re stealing that, repurposing it back in nations like China, and competing in the international market.”
And yet there seems a total lack of effective leadership in many organisations. A recent comment from a corporate CEO sums up the level of obliviousness to the threat when he said, “the infrastructure is irrelevant; it’s all about the data”. And he’s right. It is all about the data, but when you don’t control the infrastructure, you certainly don’t control the data!
Threats are coming from many sources. Certainly the past months have seen an increased awareness of what is called nation-state sponsored cyber-attacks, but the risk of from cyber-criminals, and corporate espionage is still as real. Rome’s only problem was not simply the approaching Ostrogoths, and Visigoths, followed by the Huns, but simply trying to maintain law and order across a vast enterprise.
Almost fifteen hundred years ago, the largest empire ever to exist was surrounded by enemies on all sides. An overwhelmed government and military broke down without the financial resources to keep it going. As the economy contracted so did the revenues needed to sustain it, and eventually an empire crumbled.
The days of spears, swords and shields have been replaced with firewalls, antivirus, and IPS, and physical infrastructure has become a world wide web. But the threat is the same. We are not one global happy family befriending all and sundry on facebook and twitter. We are targets in a war between declining and rising empires, and we have enemies who are ingenious and are determined to win.
There are many weapons, but it seems that malware has become the weapon of choice. We need to take the steps to protect ourselves as best we can, and that means deploying the necessary technology to achieve that. And one area we should address is who we trust. Today our systems are being bombarded by malware that is digitally signed, and at last count there are fifteen hundred or more Certificate Authorities, issuing certificates that our systems trust. And anyone of these Certificate Authorities can be a contributor to digitally signed malware whether deliberately or inadvertently. We have to remember that “the friend of my enemy is my enemy”, and blindly trusting all and sundry is suicidal. Enterprise wide trust store management is essential as part of an effective defence and enforcing this is essential. At least reduce the risk of being infected by digitally signed malware. "Those who don't know history are destined to repeat it."
About MacLead
Calum MacLeod has over 30 years of expertise in secure networking technologies, and is responsible for developing Venafi’s business across Europe as well as lecturing and writing on IT security.
Before joining Venafi as Emea Director, he built up sales and managed the Channel market across Emea for Tufin. Calum held a similar position for Cyber-Ark where he also held an evangelist role in spreading their message as well as increasing sales throughout Europe. Previous to that role he worked for Netilla Networks, now AEP where he was responsible for leading some of the early SSL VPN projects in Europe. MacLeod has also served as an independent consultant to corporate and government clients on IT security strategy for various European market segments, including the European Commission.