A Cyber Security House Of Cards

House_of_cards

Yesterday there were reports of a new “massive cyber attack” called the Flame.

A U.N. Spokespersoncalled it “the most powerful [cyber] espionage tool ever.”

The Flame ups the cyber warfare ante and is “one of the most complex threats ever discovered”–20 times larger than Stuxnet–and essentially an “industrial vacuum cleaner for sensitive information.”

Unlike prior cyber attacks that targeted computers to delete data (“Wiper”), steal data (“Duqu”), or to disrupt infrastructure (“Stuxnet”), this malware collects sensitive information.

The malware can record audio, take screenshots of items of interest, log keyboard strokes, sniff the network, and even add-on additional malware modules as needed.

Kaspersky Labs discovered the Flame visus, and there have been greater than 600 targets infected in more than 7 countries over the last 2 years with the greatest concentration in Iran.

This is reminiscent of the Operation Shady Ratthat was a 5-year cyber espionage attack discovered by McAfee in 2011–involving malware that affected more than 72 institutions in 14 countries.

Separately, an attack on the U.S. Federal government’s retirement investments–the Thrift Saving Plan–impacted the privacy and account information of 123,000 participants and “unathroized access”–and was reported just last week after being discovered as far back as July 2011.

Regardless of where the particular cyber attacks are initiating from, given the scale and potential impact of these, it is time to take cyber security seriously and adopt a more proactive rather than a reactive mode to it.

One can only wonder how many other cyber attacks are occuring that we don’t yet know about, and perhaps never will.

We can’t afford to fumble the countermeasures to the extraordinary risk we face in the playing fields of cyber warfare.

We have to significantly strengthen our cyber defenses (and offenses) — or else risk this “cyber house of cards” come crashing down.

It’s time for a massive infusion of funds, talent, tools, and leadership to turn this around and secure our nation’s cyber infrastructure.

(Source Photo: herewith attribution to Dave Rogers)

>Information Security and Enterprise Architecture

>

Information security is generally considered a cross-cutting area of enterprise architecture. However, based on its importance to the overall architecture, I treat information security as its own perspective (similar to performance, business, information, services, and technology).

According to the Wall Street Journal (WSJ), 11 December 2007, professional hackers are getting smarter and more sophisticated in their attacks and this requires new IT tools to protect the enterprise. Here are some of the suggestions:

  1. Email scams—“hackers have responded to improved filtering software and savvier population by aiming their attacks at specific individuals, using publicly available information to craft a message designed to dupe a particular person of group of people” In response, organizations are installing antivirus and antimalware software from multiple vendors to increase the chance, the an attack that gets by one security software products, will be stopped by one of the others. These products can be obtained from vendors like Sophos, Sybari, Micosoft, Symantec, and McAfee.
  2. Key loggers—“one common form of malware is a key logger, which captures the user names and passwords that an unsuspecting computer user types, and then sends these to a hacker.” However, software from Biopassword Inc. can thwart this by recording employees typing rhythms, so that even a hacker that knows a username and password is denied access if he types too fast or too slow.
  3. Patrolling the network—hackers who get past the firewall often have free rein to roam once inside the network. However, CoSentry Networks Inc. has a product that imposes controls on where a user can go on the network, so even someone with a valid login will be prevented from snooping around the network or accessing information from an unapproved location.
  4. Policing the police—one of the biggest threats to an enterprise is from the insiders, employees who have access to the systems and information. Software from Application Security Inc., however, monitors access, changes, repeated failed logins, and suspicious activity and notifies the designated security officer.

From a user-centric EA standpoint, information security is paramount to protect the enterprise, its mission execution, its employees, and stakeholders. As the WSJ points out, “breaches of corporate computer security have reached epidemic proportions. So far this year more than 270 organizations have lost sensitive information like customer credit-card or employee social security numbers—and those are just the ones that have disclosed such incidents publicly.” EA must help the chief information security officer to identify these enterprise security threats and select appropriate countermeasures to implement.