The Cybersecurity Mess
From Simson Garfinkel
Outline of Talk
- Start with some recent headlines from Info Sec News
- [ISN] March 19: IRS Employee Took Home Data on 20,000 Workers at Agency
- [ISN] March 14 Top Gun Takeover: Stolen F-35 Secrets showing up in China's stealth fighter (secrets stolen in Operation Byzantine Hades, circa 2007)
- [ISN] March 13, 2014: Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It (Businessweek; Target had deployed FireEye, the outsourced security firm in Bangalore noticed the malware, contacted Target's security team in Minneapolis, and nothing was done.)
- Today's systems are less secure than those of the 1970s
- Computers are more complex — more places to attack them.
- There are multiple ways around each defense.
- It’s easier to attack systems than defend them.
- It’s easier to break things than to fix them.
Cybersecurity Mess Slides
- 2013-May-16 — Talk to MIT Club of DC
- 2013-Jan-11 — Talk in Alexandria to Scholarship for Service students
- 2012-04-25 — First talk @MIT
Related Slides
Articles
- Garfinkel, S. The Cybersecurity Risk, Communications of the ACM, June 2012