The wave of annual cyber-security predictions of doom are coming to a close. Every year security experts would talk about how malware infections are spreading, botnets are going to cause catastrophic damage, the evil “Chinese peril” are stealing everything on-line, and the next Cyber “Perl Harbor” is just around the corner. Many people just ignore these reports. This is a year where several of these reports need to be read in depth. We have more detailed data collection and analysis in the reports resulting in observations that require action. I’ll review several of these over the next week.
For my 2012 observations, I would like to offer a counter voice of optimism. I first presented this optimistic view of cyber-security at the keynote for the 2012 ICCS conference. In reflection, each point is still valid. In essence, I think 2012 will be the year we look back as the turning point in cyber-security. There are key forces working behind the scenes whose operational security investments are coming to fruition. These “fruits of hard work” are seen in our community’s ability work an investigation to the conclusion of an arrest. We’re gaining valuable experience, document in criminal and civil prosecutions. This experience leads to new arrests while building empirical data on the technology, tools, processes, and procedures that deliver results.
We know enough to be able to turn this experience into a strategy plan of action. Community action against malware systems and the people behind Conficker, McColo, Coreflood, Zeus, Gozi, Waledec, Rustoc, DNS Changer, and many other operations have taught us that cyber-civic society collective action succeeds. The following 12 core principles are what I’m seeing as factors leading to results. I strongly encouraged everyone in the industry to explore these core principles and find ways to promote them within their organization. Each principle will have a separate blog to explain context and areas for which organization (and individuals) can act.
The twelve principles (hyperlinks to the articles will be added as the articles are posted):
- Private-to-Private Collaboration with Public Participation – The First Step to Effective Action
- Public – Private Partnership – Less talk, more action, it really works if public and private choose to act.
- Today’s Existing Technology for Detecting, Tracking, and Identifying malicious activity will work – if you think of it as tool kit for action.
- Existing Technologies for Remediation have proven to work! We can clean up malware from violated customers.
- Exercise the Court with Criminal and Civil Action. Civil action is as important as criminal action.
- Autonomous System (ASN) Sovereignty, Contract Law, and Authorized Use Policies (AUPs) can be used to embargo rouge networks.
- Monetizing Cyber-Security Cost and Risk to the Global Economy will finally happen in 2012. We’ll quantify the damage cyber-risk are imposing on society.
- Real Time Data Sharing is a Reality. Industry will be able to find the cyber-criminal activities, shine the light on it, and take effective action to mitigate it.
- Organizations will learn that acting now, using tools within their span of control is the best way to prepare their Cyber-Security Defenses.
- We’re taking back the DNS. 2012 will be the year were cyber-criminal activity cannot hide behind layers of “DNS security.”
- Industry will band together to build several effective operation security coordination centers who facilitate collective action.
- Systems Defense vs Defense in Depth is the new model for cyber-defense architectures.