I arrived a bit late, but sat in every presentation and panel all afternoon. And one thing I found most interesting --a theme -- "I just skate to where the puck is going to be, not where it has been" (Wayne Gretzky) [Note: I originally misquoted this. Thanks Lux! I stand corrected!] seemed to emerge as a theme in the first panel after lunch. Interestingly enough, the panel was four folks from the business development and sales side of the house at four large defense contractors all vying for the best non-pitch pitch to the government buyers possibly in the room. The thing I found most interesting was this.. when asked "where is the puck going?" we heard standard answers --one stated that he didn't expect to see desktops next year rather mobiles and pads (really?!). Another talked of more virtualization (genius!). Yet another talked about different things he thought he'd be selling to the government in a year or so. This is exactly what I'd hoped to hear.. out of the box thought from industry leaders! Visionaries!
Is this really where the puck is going?! This is an Infosec conference right?? I hate to think these MAJOR government contractors can't think more than a year or two out. Why do I say this?
Here's what I worry about:
Short term (next two years) - in (my) priority order:
- Unsuspecting supply chain companies unknowingly (or knowingly) being whacked. Hell, I'm not sure we've got any safe intellectual property left! If it's connected to the internet, you better start thinking about how you're going to replace it. The tube of toothpaste has likely (high probability) already been squeezed, and it ain't going back.
- Data integrity - I worry about this one the most. I think about it almost every day. We've lost confidentiality already. How will we make our data tamper-proof, or at least know when mods weren't made by legitimate users?
- Physical losses from data security breaches - Espionage has turned the corner to sabotage and availability. While not completely lost, availability and sabotage are hugely problematic. Ask any company who's computers are destroyed by a breach or a product who requires constant patching because of lost integrity.
- The complexity driven effects, transitions, policy and legal consequences of BYOD forming, storming, norming and finally, performing. I'm not sure we've hit storming yet and BYOD challenges are hitting us square on the nose!
- Cloud hacking - Why rob banks? That's where the money is! - Cloud is becoming a rich target.
- Data integrity again. I used to be a Naval Officer working in Information Warfare (as it was called at the time). Information Warfare was pretty straight forward.. make an adversary lose confidence in his data. When data integrity is lost, and variances can't be measured, every chip, piece of code, and transaction will be suspect. Would you fly on an airplane if you thought the onboard computers were hacked? Would you drive a car? What happens when computer networked machines get bad instructions, or chips have bad code burned in because the production processes were compromised? It's not a pine cone that just bonked you in the head. This stuff is coming.
- The infrastructure is lost. Everybody has tools to monitor Windows machines and grab pcap, but what about the routers, call managers, printers, VoIP phones, etc.
- Service accounts to these devices, and those baked into domain crossing horizontals are the some of the hardest to protect for.
It was a fairly slow week but productive as heck.
- Two Priority Intelligence Reports were posted to the portal --one discussed ATM hacking and another an APT group associated with the ATM hacking. Priority intel reports are what the IC might call IIRs. Red Sky analysts have a list of priority and standing collection/analysis requirements, and when we find new pieces of the puzzle, we publish them to our members.
- A fusion report was posted earlier in the week. FR13-21 analyzed a previously reported backdoor, but with intelligence and good tech work by the team, we reported details of the infrastructure and a new version of the TTP in use and their associated indicators.
- Beadwindow has reopened. We've realigned the portal for it's new mission, and have invited its first member --who's already filled out a profile! Beadwindow will be used to service individuals, small and medium sized business, and government IT workers (2210s).
- And finally, in the lab, we're preparing to go into our next healthcare gig --an online pharmacy.
Take advantage of the 2013 pricing. Contact us today.
Until next time..