2006 - Year in Review

Year in Review

2006 is drawing to a close, and not to be outdone by my peers I thought I would highlight some of the things I thought were important this year in the industry:

1. My open challenge to the Navy to get their networks under control.

The Naval War College had to shut down their network for 2 weeks after they were hacked. If this was a business, taps would have been playing by now.

No one has accepted the challenge.

I met with the Navy earlier this year, and their integrator SAIC to discuss Identity Management and protecting the Navy from unwanted visitors and this still happened. Are my expectations too high? I think not. When there is a piece of technology that can be installed in a day, that can keep hackers out by controlling the dial tone of the line they use to hack you, there is no excuse. NONE.

2. Convergence of Identity, Privacy, and Security.

This was very obvious in the reported number of breaches and legislation this year.

We passed the 100,000,000 identities breached mark. This means that 1 in 2 Americans have had their data accessed and possibly sold and used. I wonder if this can be used to our advantage come tax time.

3. The costs of breaches are going up, yet still happening at an unprecedented clip

The Ponemon Institute tallied up the cost of a breach per record and it was pegged out at $182 of tangible costs to a company.

4. Patty Dunn and the HP debacle.

I wonder if the tell all book or mini series will be the first to market. Maybe a soap opera?

5. Let’s not forget those who won’t be down for breakfast:

Ken Lay, James Brown, James Kim, Gerald Ford, Dana Reeves, Joe Barbera, Peter Boyle, Bo Schembechler, Jack Palance, Ed Bradley, Red Auerbach, Cory Lidle, Byron Nelson, Ann Richards, Steve Irwin, Bruno Kirby, Mike Douglas, Robert Brooks, Syd Barrett, Aaron Spelling, Patsy Ramsey, Vince Welnick, Paul Gleason, Don Knotts, Earl Woods, Louis Rukeyser, Casper Weinberger, Slobodan Milosevic, Kirby Puckett, Peter Benchley, Coretta Scott King, Chris Penn, and Lou Rawls.

My predictions for 2007

1. Identity Management at the Network Layer will gather more steam since Identity and Security will continue their convergence.

2. Machine Identity will be a bigger issue than it was in 2006, especially with all the talk of NAC and Endpoint Control

3. We will hit the *reported* 200,000,000 records breached by August because the bad guys are better at sharing information of how to do a breach than the good guys are at preventing one.

identitystuff @ gmail.com

Machine Identity

I recently received an email from across the pond in the UK from a gentleman who has read my ISSA Journal article discussing Machine Identity. He was looking for more resources and research on the concept of Identity of Machines being important as is the identity of a user which got me thinking about how the current state of Identity Management has been focused very heavily on users, single/multi factor identification, Directories, user provisioning/deprovisioning workflows, etc.

Since bots are a really intriguing to me (and a harmful) problem for a lot of network owners, it got me thinking about the importance of managing machine identity, and wondering why there is so little information and focus out there.

Is it too Skynet/Cyberdyne?
The Rise of the Machines?
Is this the beginning of it all?

identitystuff@gmail.com

This from This Wiki Site

In Terminator 3, the Judgment Day described in the first movie has been altered and postponed by ten years. In contrast to Terminator 2, it is implied that humans are ignorant of Skynet's sentience, which attacked humanity without any provocation whatsoever. The events of Judgment Day were ultimately not prevented, merely postponed. Ten years after the events of Terminator 2, Skynet was created as a United States Air Force project, a distributed computer network designed to create new military vehicles and make strategic decisions as well as protect their computer systems from virus attacks. One such virus had infected their defense computers, crippling them all. Under pressure, the Air Force attempted to use Skynet to remove the virus, not realizing that Skynet was sentient and had created the virus in order to manipulate humanity into giving it control over the world's computers. Skynet was initially thought to be capable of being shut down if only someone could reach its system core, but ultimately it was discovered that the Skynet was nothing more than software that ran by spreading throughout the world's computer networks and was incapable of being disabled from a central point. Judgment Day occurred, but John Connor survived. It is suggested that future events unfolded as they were supposed to.

Skynet gained access to several autonomous military drones (such as the T-1 in Terminator 3), using them to round up survivors, who were forced to build automatic factories and robots that were better at construction than the military robots. Skynet then killed these human slaves, and using the infrastructure they had been forced to start, rapidly designed newer and better machines until it controlled an extremely advanced empire centered on a city-state located in the state of Colorado in the United States, known as Sector Zero on Earth by 2029, at the Cheyenne Mountain complex, presumably the precise former location of NORAD.

James Kim, Rest in Peace

I just heard the news about James Kim's body being found. I cannot express the profound sadness I feel for his wife and their two daughters.

Maybe it's being a dad myself, I don't know, but I understand at a core level the decision he made to strike out to help his family, and I also believe he knew the consequences, good and bad, before he said goodbye.

Now his family must say goodbye again. Rest in Peace James.

US Cyber Security Checklist - 2007 Final Draft

http://www.cccure.org/Documents/cybersecurity/US-CCU_Cyber-Security_Check_List_2007.pdf

Here it is folks!!

Break in at The Naval War College

This story is from the Associated Press, and my jaw hung open on this one for two reasons:

1. An ENTIRE network being shut down for two weeks is usually enough to bury a business
2. Having met with the Navy a few times this year and explaining HOW I can prevent this thing from happening (not just arm waving and saying that I could help, while being elusive), I guess the word didn't get out.

So if there is anyone from the Navy or the War College who reads the blogsphere - email me ASAP. For the sake of review, here is exactly how I will solve this problem:

1. Deploy 2-6 appliances to audit the entire network. These will be set up in 1 day, and will give you a baseline of what IS happening, not what you think is happening on your network.

2. I will deploy software to a handful of machines (<100) that will configure policies that will be enforced on the appliances to keep any more new hackers (and anyone else for that matter) from getting into the network so it can be rebuilt quickly and sterilized.

3. I will deploy software to the machines of the rest of the staff, admin, and other users who you want on your network. They will have the equivalent of a badge for your network.

4. I will set and audit the access policy to make sure it is correct, while still allowing ONLY those users who have the software installed and keeping unsavory folks out (and logging who they are).

5. I will then enable the enforcement of the policies so that no one who is not an identified user or identified machine does not get on the network, or critical segments of it, including hackers who may have left rootkits, malware, or other nastiness on the network to compromise its integrity, and the integrity of the United States Navy and the Department of Defense.

I will get this done by the end of the year if I am contacted by the end of the week.

Any Questions? email me - identitystuff@gmail.com or you can find out who I am through the FBI Infragard program as well.

Mark

http://www.cnn.com/2006/TECH/internet/12/05/hackers.war.college.ap/index.html

PROVIDENCE, Rhode Island (AP) -- Hackers attacked the computer network at the Naval War College in Newport, taking down the school's network for more than two weeks, including some e-mail services and the college's Web site.
The Navy Cyber Defense Operations Command in Norfolk, Virginia, detected the intrusion around November 16 and took the system offline, spokesman Lt. Cmdr. Doug Gabos said. He said the unclassified network was used by students.
Military spokesmen would not give an estimate on when the school's Web site, www.nwc.navy.mil, will be back up.
The Naval War College bills itself as the Navy's leading center of strategic thought and national security policy.
Investigators were trying to determine the extent of the intrusion, Gabos said. They planned to upgrade firewalls and make other unspecified improvements.
"Once that is complete, the network will be restored," Gabos said.
Gabos would not comment on who is suspected of attacking the network.
School spokeswoman Karen Sellers said e-mail worked on campus, but people could not send or receive messages from off-campus.
"It's certainly inconvenient," she said. "But we all understand the importance of network security and we're patiently waiting."

Year End Poll

I won't call this an annual holiday tradition since I didn't do it last year, but I wanted to get a poll out there to see what others think, and give us all a chance to be visionary.

View Poll

Year End Poll

I won't call this an annual holiday tradition since I didn't do it last year, but I wanted to get a poll out there to see what others think, and give us all a chance to be visionary.