2008 saw some security events that should be reflected upon. Here are the most important occurrences of the year and security lessons learned from them.
February 24th. Pakistan removed from the Internet.
The telecom company that carries most of Pakistan’s traffic, PCCW, found it necessary to shut Pakistan off from the Internet while they filtered out the destructive routes that a Pakistani ISP, PieNet, announced. Evidently PieNet took this step to enforce a decree from the Pakistani government that ISP’s must block access to YouTube because it was a source of blasphemous content.
Lesson learned: The Internet is extremely vulnerable to simple attacks. As tensions rise between Pakistan and India watch for outbreaks of cyber hostilities.
China takes off cyber gloves. In what is now apparently a massive cyber espionage effort China continues its attacks on the Pentagon, White House, Belgium, India, and just about the whole world.
Lesson learned. Yes, there is a cyber war. China is actively targeting manufacturers, research labs, and governments for intelligence. Enterprises of all types must start to shift to a defense against funded, targeted attacks against their information.
August 8. Russia gets nasty. Russia has been flexing its petrobillions backed muscle by using cyber attacks against Lithuania, the Ukraine, and Estonia. In August Russia attacked and disabled Georgian web sites during its invasion of South Ossitia.
Lesson learned. Nation states have added Denial of Service attacks to their arsenal of tactics. Avoid becoming collateral damage. (Column to be published shortly in CioUpdate.)
World Bank fiasco. While there were innumerable instances of insider threats this year, World Bank was the worst. Its IT services firm, Satyam, is barred for eight years from doing work for the World Bank because its actions.
Lessons learned. Build an IT security framework that does not rely on trust. Contractors, employees, customers should not be trusted. They must be monitored while strict access controls are applied.
Changes in the firewall industry.
Firewall obsolescence. Newer vendors are re-inventing gateway security. Traditional statefull inspection firewalls can't keep up.
July 28. Cisco Pix is Dead. Cisco End of Life for the Pix; the largest product refresh (to the ASA platform) since Check Point's forced fork-lift upgrade to FW-1 NG.
September 30, McAfee acquires Secure Computing. In one of the few acquisitions that is truly industry consolidation McAfee buys back into the firewall business.
December 22. Check Point acquires Nokia's appliance platform. Evidently Check Point is treating the move as "accretive" to revenue and defensive in that they are protecting their installed base.
Lesson learned. While gateway security is considered a mature industry there is actually a lot of innovation going on. Read "Security simplified" for a foundation that will provide a logical architecture for defending against the ever rising tide of cyber threats.