- Morphed Threat Landscape
The playground keeps growing, but at whose expense?
- Evolved Threat Landscape
Learn about evolving risks and the techniques to aid in prevention and resolution.
- New and Additive Players
Who and what are the threats? How do governments, vendors and citizens protect themselves?
- Inside Your Perimeter
With layoffs at an all time high, how do we deal with the increased insider threat?
- Managing - Discovery Through Remediation
How do security professionals manage the management of infrastructure?
- Expanded Networks
How will threat use advances in technology compromise organizations that adopt Web 2.0 and Cloud Computing?
Once the original perimeter had been established, the widest possible frontier built and fortified, it became a matter of waiting. After all, inside that perimeter was the money -- real money, customer's money, business money, government money; and money as information: a rich mine of classified data about people, policies, science, sociology and national security.
There was no doubt at all that the thieves would try to get in. Didn't the bank robber Willie Sutton infamously remark that he robbed banks "because that's where the money is"?
Only, that wasn't exactly what he said. Years later, a journalist found out that another journalist had put the phrase in Sutton;s mouth. What the thief had actually said was that he robbed banks because "I enjoyed it. I loved. I was more alive when I was inside a bank, robbing it, than at any other time in my life."
That was the lure of the first Internet perimeters: constructed with as wide a circumference as possible, designed to be impregnable, they turned out to be a challenge to a battle of wits between the original Net frontiersmen and women and pranksters who loved and enjoyed and got their kicks out of devising ways to outsmart the perimeter and disrupt life inside -- computer systems got shut down, bad jokes appeared from nowhere, obscene images muscled into presentations, pages of text dissolved into blizzards of letters. Mischief on the network, fun for the attacker, a nightmare for security.
And it got worse. What began as a rash of embarrassing inflections turned into a series of rapidly mutating plagues which kept finding ways to penetrate the perimeter and get into the castle.
That where FIRST began, in 1990 -- as an international response to an escalating problem of international vandalism.
But when someone has the patience and ingenuity to defeat a system with value inside -- whether stock trading, roulette or Internet security -- sooner or later that someone will be joined by new players with fewer scruples, and more muscle, and an insatiable appetite for nefarious gain.
By the turn of 2000 the threat had morphed into something entirely different. Big predators, organized criminals, often sheltering in states where law-and-order was biddable or in semi-suspense, had joined the hunt. If they didn't have the computer skills themselves, they co-opted or coerced others who had. New and sinister words and acrostics entered the Internet vocabulary: phishing, spear-phishing, pharming, DDOS. Cyberworld robbery and espionage had become a cash-and-carry game, with Botnets for hire by the week or weekend, and automated hacking tools downloadable from the Web. Losses mounted to $billions, with victims often preferring to pay up and shut up rather than confront their shadowy and shape-shifting aggressors.
The barbarians weren't just inside the gates; they were beginning to dictate the rules of the game.
At the same time, social and commercial trends began to render the old model of a broad and all-inclusive frontier ever more assailable. Organizations were dispersing across not just around nations, but across continents, with vendors, data-processors and contact centers established in remote locations. Eco-pressures encouraged more home working and telecommuting. New technologies added PDAs, mobile phones and other devices to the Internet mix. How could you police the security of those scattered workforces, networks and technologies within a single frontier?
So the old circumference, with its illusion of impregnability, was abandoned. In place of the big top, big ring there emerged something more resembling an octopus: an enclosed hub where the most precious materials are secured, with tentacles reaching out electronically over distances to enfold and protect intelligence that is equally vital but stored away from the center.
But the barbarians haven't surrendered. Multi-layered security has provoked multi-step attacks, and even more minutely focused attempts at social engineering. Meanwhile a new and unwelcome social trend has upped the stakes. As the global recession has bitten, and bitten harder, embittered employees and employees facing the axe have become more susceptible to subversion, where their disaffection doesn't propel them to theft and sabotage on their own account: danger now lowers inside as well as outside the new and narrower perimeters.
Different solutions to these dangers are being evolved in different places at different speeds and to different specifications. Often the solution presented is "more of the same, only, somehow, a bit newer."
FIRST's contention, and the theme of its 2010 conference, is that the evolved threat landscape and the new, ruthless and sophisticated aggressors who inhabit it demand from us major rethinking of security attitudes and polices: a standardized, international approach that moves security from the business of technical adjustment and oversight to a front-line and infrastructural role in the way the critical data itself is managed and the methods used to store, shield and transport it.
Old world security worried only about the armor on the van. The bullion inside, the route and the character of the driver were someone else's business.
But in this new world of multiple threats, internal and external, security professionals have to be involved with every aspect of the content and the journey.
At FIRST's 2010 conference you can help us map how we achieve this step change, and how we persuade our parent organizations, at a time when cost-cutters are everywhere on the loose, that there's real ROI to be had from this transformation.
And you can put your shoulder to the wheel of our continuing attempts to educate the naive and vulnerable world outside. As one senior law-enforcer told a previous FIRST conference:
"We need a big educational campaign, and I mean big. We need commercials on TV; we need something as persuasive and ubiquitous as the campaigns that warn against the dangers of tobacco."
"Because e-crime nowadays, even if it isn't in a direct way seriously injurious to your health, is directly and seriously injurious to your wealth and survival, and your organizations, too."
As a global organization, FIRST is proud to hold its 2010 conference in a leading international city. Miami combines all the attributes of a modern urban resort, offering top-rated business amenities, with the idyllic delights of the tropics. Our venue, the Intercontinental Miami, is described as "the grand dame of downtown hotels," and is just through with a $34-million renovation which included the upgrade and redesign of its 65,000 square feet of meeting space.
Sympathetic delegates will not be unaware that Miami has also had its share of vulnerabilities -- upon which it capitalized with entrepreneurial flair to become a worldwide star of law-and-order TV.
Also on the agenda are:
- Specialist tracks with increased focus on Management, Incident Response and Technical topics relevant to CSIRTs.
- Case Studies—Lessons learned in dealing with real events, from discovery to remediation. Share practical experiences in dealing with cyber incidents along with the tools that provided most valuable.
- Special Interest Group (SIG) meetings.
- Vendor Showcase where vendors demonstrate their equipment.
Writing about FIRST, the leading British commentator David Lacey declared in Computer Weekly:
Of all the security clubs and associations, the one that impresses me most is FIRST http://www.first.org, the Forum for Incident Response and Security Teams. Why? Because it's focused, born out of real business requirements and it's highly selective, i.e. you have to be sponsored and audited to gain membership. FIRST is not a club that exists to make an income for its organizers. It's an international community that serves a real purpose: helping Government, Industry and Academia to respond quickly and effectively to new security threats. So I have no hesitation in recommending that you book a space in your busy diary to attend their Annual Conference.