Tuesday, February 9, 2010

Advanced Persistent Threat

The news on  "Advanced Persistent Threat" has been broken in a big way by Google and the recent Mandiant report.  More comments will follow at a later date.  But some occur to me now:

(1) Our current desktop and server Operating Systems are not secure.
(2) Computer networks are insecure for most organizations and at many levels.
(3) Digital data can no longer be protected against a determined foe.
(4) Security researchers and visionaries should receive more funding. Lots.

Order and read the Mandiant Report. Then imagine what a resourced foe could do if they believed the security of their nation-state depended upon seemless corporate intrusions.  Now imagine those techniques automated and in the wild.  In order for the world to have safe computing systems, our government and industry needs to sponsor more research and decriminalize vulnerability research. Otherwise, no data will ever be secret or protected again.

No comments:

Post a Comment