Cybersecurity is a mantra, a term that has slowly caught on, and its meaning is to deal with an issue that has always existed, the Information Security (InfoSec).
We live in the most digital society of all time, as Al Gore said when he introduced the concept of Information Society and Digital Life. A society whose base is in fact, the information, a society with clear keywords such as global, always-on, broadband, Mobile, digital inclusion, e-government, critical infrastructure, security, resilience.
Information is power, take as an example the 2005 hacking of the phone operator Vodafone in Greece, and Belgacom, in Belgium in September of 2013. In both cases, the goal of the attackers was to intercept voice calls and SMS from different users. Hundreds of users, in the case of Athens, including the Prime Minister and the Chief of Intelligence, a number as yet unknown in the case of Belgacom, which among its clients include the European Commission and the same ENISA). Moreover, that brings us, to another very trendy word, Cyberwar. Just as I do not like the term cyber, I can not love the word Cyberwar and therefore prefer to speak of Information Warfare, which is nothing if not the (traditional) concept of Warfare, applied to today's society of information.
It is clear that, despite the absence of legislation and regulation in this regard, several nations of the world, including the US, are not focused only on the concept of Digital Defense, but also on to Digital Offense. Which it is what our defense is seeking, they are (rightfully) tired of seeing other countries attacking, while we are still trying to figure out how to defend ourselves, how to realize being attacked.
In the "cyber" world there are some differences compared to the past. First of all, information is not stolen but copied. It is a substantial difference because if something is stolen, sooner or later, someone will find out, because it no longer exists. However, if I copy it, by the time it is discovered might be too late, and, for example, a competitor will be coming to market with a similar product but better, or simply cheaper.
"There are two types of companies. Those that were full of security holes, and those who still do not know." Vodafone of Greece noticed the attack after a year (at least), and by pure chance; the attacks of Belgacom were discovered only because Edward Snowden decided to follow the footsteps of the uncomfortable, eclectic and original character, Julian Assange.
While talking about the cyber world differences we can not forget to mention speed, a crucial factor in the fight against Cybercrime, when we talk about Cyber Espionage and Information Warfare, when we talk about electronic warfare and digital war.
Speed and simplicity: these are the keywords to overcome the enemy.
Let's talk for a moment about the concept of resilience. Everything I have written so far is certainly important, but it still does not make a point of the seriousness of the situation and the scenarios we are experiencing. Recently I read an interview with one of the usual "cyber experts," a figure far more political than technical, which he realized that security could be a driver, a competitive advantage, an "enabler." Exactly!
We have created a monster, an information society based on operating systems, communication protocols and software totally insecure. We sit on a bomb ready to explode!
We must talk about security-by-design. If we do not change this approach, we will have serious problems. We will have in front of us apocalyptic scenarios, and this will be yet another drag on the world economy.
Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA)
Copyright 2013. John Giordani. All Rights Reserved.