The Cybersecurity Mess

From Simson Garfinkel
Jump to navigationJump to search

Outline of Talk

  1. Start with some recent headlines from Info Sec News
    1. [ISN] March 19: IRS Employee Took Home Data on 20,000 Workers at Agency
    2. [ISN] March 14 Top Gun Takeover: Stolen F-35 Secrets showing up in China's stealth fighter (secrets stolen in Operation Byzantine Hades, circa 2007)
    3. [ISN] March 13, 2014: Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It (Businessweek; Target had deployed FireEye, the outsourced security firm in Bangalore noticed the malware, contacted Target's security team in Minneapolis, and nothing was done. Quotes Verizon Enterprise Solutions study that finds companies discover breaches through monitoring 31% of the time, but retailers only 5%.)
    4. [ISN] March 14, 2014: China’s Hackers to Target U.S. Entertainment Industry, Security Firm Warns (FireEye warns US film and entertainment that they will come under attack from Chinese hackers)
    5. [ISN] March 13, 2014: For EC-Council, Mum's the word
    6. [ISN] March 12, 2014: Reverse Wardriving: Tracking Apple and Google Commuter Buses by Their Wi-Fi Clouds (36 Apple busses pass Kevin Poulsen's home each day)
  1. Today's systems are less secure than those of the 1970s
    1. Computers are more complex — more places to attack them.
    2. There are multiple ways around each defense.
    3. It’s easier to attack systems than defend them.
    4. It’s easier to break things than to fix them.

Cybersecurity Mess Slides

Related Slides

Articles