Security 2012: Blood in the Water

Wednesday, November 30, 2011

Jeffrey Carr


2011 was the year that our perceived security was stripped away.

EMC’s RSA division was breached and soon afterward so were some of its customers. The world’s largest anti-virus companies have been taken to task for selling snake oil (also known as anti-virus) to gullible CEOs.

Local police departments were unable to protect their own officers’ personal and confidential information. The FBI’s Infraguard program was repeatedly hacked.

And the directors of DARPA and NSA have recently both agreed that after many years of trying they’ve failed to come up with a security model that works.

We’ll be entering 2012 more vulnerable than ever before because at least part of our security relied upon the perception by bad guys that those charged with our security, both public and private, could do the job.

Well, that myth has been busted which gives rise to opportunity. 

Conversely, over 28 nations and counting are developing offensive cyber capabilities, and the really malicious actors of the world like drug cartels and extremist groups (both domestic and foreign) are rapidly learning what’s possible vis-a-vie attacks through cyberspace.

In other words, those with the means to act are growing quickly.

Finally, the anger and frustration of the expanding Occupy movement combined with the onset of hate-fueled politics that accompanies a Presidential election year - especially against this President - will engender widespread motivation for people to take action.

With means, motive, and opportunity solidly represented, I fully expect 2012 to produce one or more multi-modal cyber attacks against a U.S. target which will result in serious harm if not loss of life.

By multi-modal, I mean an offensive operation where a cyber attack represents one component. Once there's blood in the water, you can expect more of the same to quickly follow.

The very worst part of this prediction is that its inevitable.

CEOs typically refuse to act to protect their own companies if it cuts into profit, the U.S. government has refused to do what’s necessary to protect our nation’s critical infrastructure because it's 90% privately owned, and our laws and system of government has enabled this massive malfeasance so that everyone responsible can claim absence of malice.

In the words of Upton Sinclair and the movie based upon his book Oil! - there will be blood. It's just a matter of time.

Possibly Related Articles:
Information Security
RSA Cyber Security NSA Information Security Infosec breach DARPA 2012
Post Rating I Like this!
Krypt3ia By multi-modal, I mean an offensive operation where a cyber attack represents one component. Once there's blood in the water, you can expect more of the same to quickly follow.

You mean to say kinetic attacks in tandem with digital ones. This is a key point that many do not seem to grasp or talk about especially where such things as the grid are concerned.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.