A new Code war
The statistics on hacking shows that little progress is being made on combating this escalating virtual epidemic. Most major companies and government entities seem to be either in denial or in a state of confusion when it comes to battling the increasingly adapt forces behind the attacks.
If this were a physical battle it could be described like this:
The enemy makes it through our outer defenses with ease and once they enter our compound we find ourselves shooting at shadows. Frequently, the enemy captures our command and control information by using weaponized utilities, making it more difficult to eradicate the combatants who are freely traversing our infrastructure and gaining access to defense protocols. Casualties are massive and the onslaught is continuous. When we manage to lock down inner security and clean out the infiltrators, we discovery new attack zones. The perpetuating attacks are made worse by the fact that the stolen intelligence from previous attacks is used to guide the attackers.
If this were a physical battle our response would be more measurable and certainly more aggressive.
How much will it cost vs what will it take
I have consulted with companies on technical projects and one constant that I've discovered is that most are not willing to budget enough funds for the results they expect. They want to be fully immersed in technology by only sticking their toes in the water. This is one of the problems with building up proactive and preemptive defenses against this clear and present threat. Another issue is the inability or unwillingness of those responsible for making the decisions, on the course we should take, not equating computer code wars with physical ones.
So far the responses are reactionary and most often are made after the attackers have gained access and setup housekeeping for several days inside data centers and servers.
Strides are being made in cryptology but with advancing technology of GPU's and FPGA's the race is being won with the swiftest processors. Code is at the center of every attacker's scheme and it is at the root of any obfuscating defense. The question is should our defenses be focused on what to do once the attacker is trying to kick in the front door or perhaps once they have gained access to our Dojo? Or should our efforts be focused on keeping our foes away from ground zero?
Standing toe-to-toe with these guys doesn't seem to be working. There is technology that can keep the hackers out of our neighborhood and takes the fight to their front door. The large corporations and government bureaucrats are too busy stacking BBs with boxing gloves and watching the bottom line to realize the futility of continuing on the present course.
Changing how we think about technology
Until our mindset on technology changes we will not be able to withstand the escalating barrage of attacks that we are witnessing. While ADA, JAVA, PHP, C++, VB, and other coding elements, will be a part, or maybe their replacement, they will not be the only solution. We need to stand technology, as we now know it, on its head and rethink our approach to advancing the current level of technology.
Technology controls the world; from economies, to national defense. Technology is now an integral part of every aspect of our life and at the core of this technology is the code that directs, monitors, operates, and defends, the myriad of devices and equipment that are used every day.
The persons who control this code controls technology and can bring it and the world that depends on it to an abrupt halt with the tap of a finger.
Advancement in technology should be viewed with the same preciseness that is used with troop movement. Before we advance we need confident information on what lies ahead, what is on our flank, what is behind us, and what the impact will be. Simply going forward should not be an option. It may be the next technological breakthrough that allows our current defenses to be penetrated.
Focus on the result not the means to that result, for the means will always change
When the Web first started growing it was advertising that spurred its growth. The methods used were PPC and other click based tracking allowing site owners to make revenue from traffic to their site that resulted in AD clicks. As technology changed and evolved the advertisers realized the opportunity for click fraud and link exchanges blurred the results. This gave rise to distorted AD campaign results and lost revenue.
Currently there is a move away from click advertising and more precise methods are being introduced to combat the problems inherit in tracking results by AD clicks.
What if this could have been foreseen and instead AD technology took a different path? The countless fraud clicks, email campaigns to enlist clicks, and a host of other internet issues related to this activity, could have been eliminated. A majority of spam is connected to the way in which technology has governed advertising on the Web.
General Patton once said; "An incessant change of means to attain unalterable ends is always going on; we must take care not to let these sundry means undo eminence in the perspective of our minds; for, since the beginning, there has been an unending cycle of them, and for each its advocates have claimed adoption as the sole solution of successful war." What he was saying is that there may be many paths advocated to attain a desired result, but we must not let these deter us from the result we are seeking.
Managing technology advances to plot a course that better defends our current and future technology should be a priority.
by Jim Atkins 'thedosmann'