Epilogue

Each of my posts over the last several weeks had a common theme and generally discussed the Pentagon and its declaration of Cyber War in the Ethernet.  Most of the information posted came from new media such as ABCNews.com or FoxNews.com.  I am somewhat of a news junkie in that I watch a lot of news and read six or seven newspapers a day.  I like the variety of story presentations by each of the news media.  I also read news magazines, Time, Newsweek, US News. 

The state of information security is indeterminate for me at this time.  I am relatively new in the information security industry and I am very surprised as to how vulnerable we all are.  I will tell you that I personally became more aware of the issues through the research and blogging process.  However, for me, at this time, to express an opinion of the state of information security would be biased towards my relative ignorance and would most likely not have a proper perspective. 

As far as trends are concerned, nine weeks is not a long enough period to identify or develop a trend.  For subjects such as computer security, trends occur over months or years.  Trends were apparent in the various annual Verizon Data Breach Investigations Reports.

As far as lessons learned, I have one – lock it up.  If you don’t want it stolen, used, or abused, secure it, whether it be your bicycle or data on your computer, get aware, do an inventory, learn how it can be compromised, and take the necessary actions to prevent the loss.

Importing Cyber Risks

In a prior blog, two weeks ago, we reported that much of the cyber security infrastructure hardware and software used by the US are designed, manufactured and assembled overseas.  Not surprising is the fact that some of this equipment is coming to the US with ready-made spyware, malware and other security compromising components.  The White House, Homeland Security, and the Pentagon are aware of this.  There is no evidence to indicate that foreign governments are involved in this deception, but it is not hard to imagine that one or more could be involved.  Given that a purchase of a firewall or other cyber security related (or non-cyber security for that matter) hardware/software related product could be purchased with malware that could open the backdoor to any security, how does one defend against this?  It is not possible nor practical to inspect each product as the software or firmware is downloaded or as it is manufactured.  One solution will be the mandatory installation of Intrusion Detection System (IDS) software.  Intrusion Prevention System (IPS) software will be of little value because the intruder has already been invited in.

Importing Cyber Risks

In a prior blog, two weeks ago, we reported that much of the cyber security infrastructure hardware and software used by the US are designed, manufactured and assembled overseas.  Not surprising is the fact that some of this equipment is coming to the US with ready-made spyware, malware and other security compromising components.  The White House, Homeland Security, and the Pentagon are aware of this.  There is no evidence to indicate that foreign governments are involved in this deception, but it is not hard to imagine that one or more could be involved.  Given that a purchase of a firewall or other cyber security related (or non-cyber security for that matter) hardware/software related product could be purchased with malware that could open the backdoor to any security, how does one defend against this?  It is not possible nor practical to inspect each product as the software or firmware is downloaded or as it is manufactured.  One solution will be the mandatory installation of Intrusion Detection System (IDS) software.  Intrusion Prevention System (IPS) software will be of little value because the intruder has already been invited in.