Here is another must read New York Times article providing more details about the cyber attack at :
Apparently the bad guys became cyber stowaways — unwelcome and undetected network occupants. Once network access was secured, the cyber stowaways fished around until they found the source code to Google’s password system that controls access by millions of users to Google services. While Google has since added new layers of security, it is still possible that the attackers inserted a Trojan Horse/back door in the password system or studied the code to discover other software vulnerabilities.
Google has some of the smartest software engineers in the world so it is likely that they can stay one step ahead of the bad guys, but the lessons of the Google breach should send up a red flag elsewhere for several reasons:
The bad guys are extremely good at what they do and in many cases, we are several steps behind. There could be cyber stowaways on lots of major commercial, government, and military networks just sitting there, biding their time, and waiting for the right opportunity or target. I hope this realization is now emanating in corporate boardrooms, congress, DHS, DOD, and NSA.
Tags: China, cybercrime, DHS, DOD, Google, NSA Posted in Uncategorized | No Comments »
There is a glimmer of good news on the venture capital front. In Q1 2010, venture funding rose 38% from a year ago to $4.7. What’s more, the pool of VC money is spread over 681 companies–a 7% increase from Q1 2009.
Good, but not great news. Most of the dough is going to biotech companies while investment in clean technology tripled.
The bad news? Investment in software declined 1% year over year. Remember that in Q1 2009, we were preparing for runs on banks and Hoovervilles.
While I have no data, there is anecdotal evidence suggesting additional bad news. I speak with security companies all the time and I simply don’t see VCs investing heavily in this space.
Perhaps they got burned investing in the 5th NAC, anti-spyware, or UTM vendor. Maybe they think that Cisco, Check Point, Juniper, McAfee, Symantec, and Trend Micro have everything covered. It could be that many believe that the whole tech space is mature, so they are chasing the new new thing in other technical areas.
I’m not sure why the VCs are eschewing security investments, but I do know that this is a problem. Why? At a time when attack volume is steadily increasing, cybercriminals operate like Fortune 500 companies, and FBI directors characterize cybersecurity attacks as “an existential threat to our nation,” the VCs are moving on to perceived greener pastures. In other words, there is serious demand for next-generation security skills and technology, but the supply-side continues to invest elsewhere. Bad economics and bad for the digital assets we all depend upon.
Okay, I understand that the VCs are in it for the money and nothing else, but something is wrong with this picture. It seems to me that when demand exceeds supply, there is money to be made. I’d like to see the VCs invest in security as a patriotic act, but I’m not optimistic. Therefore, I have a few ideas for the “smartest guys in the valley” on Sand Hill Rd.
The lack of VC investment in security could have broad implications moving forward, so the VCs can’t sit on the sidelines. It’s time for the rich guys to get more involved and proactively champion security innovation and investment rather than sit back, drink Merlot, and wait for business plans to come in. Our digital security may depend upon this.
Tags: Check Point, CIA, Cisco, DOD, DOE, Federal Government, Israel, Juniper, NSA, Symantec, Technion, Tel Aviv University, Trend Micro, Venture Capital Posted in Uncategorized | No Comments »
Caught between a rock and a hard place, Google did something few companies are brave enough to do — it went public about a data breach. This is especially noble as the company is really betting on cloud computing and SaaS for future growth.
While Google applications were not breached, Google (and all cloud providers) took a PR hit with this incident. That said, Google did a good job of reassuring the public about its security.
Clearly Google has its own business reasons for outing China with regard to its cybersecurity attacks. Nevertheless, there are a few bigger and more ominous warnings contained here:
Google has a lot of chutzpah but it is really fighting a battle for the good of Google. It is up to the rest of us to recognize that we are under attack and protect ourselves accordingly.
Tags: cyber supply chain, Cybersecurity, DOD, Federal Government, Google, industrial espionage, NSA Posted in Uncategorized | No Comments »
To quote former President Gerald Ford,”our long national nightmare is over.” After his famous Cybersecurity policy speech in late May, President Obama has finally tapped Howard Schmidt to become the nation’s first Cybersecurity Coordinator. Schmidt will report to the National Security Council (NSC) and National Economic Council (NEC).
Is Schmidt the right person for this job? No question. Schmidt has a perfect public/private sector resume with experience at US-CERT, DHS, the U.S. Air Force, the White House, Microsoft, and eBay. He is also a well respected father figure in the security industry.
Schmidt’s appointment makes sense though it did come as a bit of a surprise. One would have assumed that Schmidt’s name was on the short list back in May. My guess is that Schmidt turned down the job at first but when the President struggled to fill this position (rumor has it that RSA’s Art Coviello, Symantec’s John Thompson, and Microsoft’s Scott Charney turned it down), Schmidt decided to take the job out of a sense of duty and service to the country.
The President is scheduled to formally introduce Schmidt today and my hope is that Howard starts his new gig tomorrow. Believe me, I’m not joking here. On day one, Schmidt must begin to address several major challenges such as:
This is just the proverbial tip of the iceberg, Schmidt deserves kudos for taking on this nearly impossible job. Have a happy holiday Howard and thank you for stepping up to this challenge.
Tags: Cybersecurity, Cybersecurity coordinator, DHS, DOD, Federal Government, NSA, US-CERT Posted in Uncategorized | No Comments »
Your email: