May 01 2008
By Jim Reavis
That poor Olympic torch has never had it so bad. It has been getting more attention than Britney Spears on a cigarette run, and it isn’t even safe in a wheelchair. Much of the world, of course, is outraged over the unrest in Tibet and the Chinese government’s tactics.
At the same time, in our little parallel universe of information security, we see an ever growing sophistication in a wide variety of attacks coming from the East. DDoS attacks are pretty effective, take a look at this attack launched against SlideShare. And of course, CNN was targeted 2 weeks ago. There has been a spate of infected USB devices: thumb drives, hard drives, even digital picture frames that have been manufactured in China. The private groups that I belong to have been busy cataloging all types of malware, botnets, SQL injection attacks, infected websites and those dangerous parts of the net enabling the badware, what I call the IISPs (Illicit Internet Service Providers). I talk to my friends with real jobs protecting real websites and they all have the same “whack-a-mole” story: block a Chinese net range, wait a few minutes to a few hours, and the badware is back.
Yeah, I know, I am sounding like an unoriginal broken record, many of you know this stuff already. But, what I want to know is, are we leveraging some predictive analytics to forecast how these scenarios are going to be playing out this year? How bad can it get? From a technology perspective, the artillery pieces are being lined up. There is no reason to expect anything other than an escalation in tensions in Tibet through the Olympics in August. An opening ceremonies boycott has been a political football in US presidential politics. I am really not here to talk about the politics, but even Democracy Jim can understand how a few million Chinese might get a little upset at one of their own being jostled in her wheelchair.
Political leaders, protesters and everyone can do what they think is right. And so should CISOs. We might want to think about how these scenarios might play out and how to be ready for them. As nice as August can be, I don’t think I would want my top incident response people taking extended vacations this year.
Related posts:
Posted by Jim.Reavis on Thursday, May 1st, 2008, at 10:31 pm, and filed under Articles.
Follow any responses to this entry with the RSS 2.0 feed.
You can post a comment, or trackback from your site.
admin | 03-May-08 at 12:59 am | Permalink
Why bother ‘talking’ to China at all? Unless you are doing business with Chinese firms, or have significant numbers of customers over there why not just drop them at your border routers/firewalls? All this is is least privilege at the network level. Good news is that there are a ton of public resources for this data, for example countryipblocks.net. Or simply Google “geolocation” and take your pick.