Mark Evertz at Tripwire got me reflecting before the holidays on 2010. Given a little down-time over the holidays, I finally got a chance to think about it, too, and have the following thoughts.
Unlike most of my posts, I'm not going to take the time to annotate this entry. Also, in many places I may do the unthinkable and not expound much on listed items (try not to be too shocked). Pardon any inaccuracies, but at the same time consider that our perceptions of past events are oftentimes more important/"impactful" than the underlying facts. Much of the success of FUD can be explained in this way.
InfoSec
- Aurora/APT/Google -> Certainly important to marketing, and perhaps actually made some folks realize there are real threats out there.
-- "cyber war" -> A terribly abused term, almost never used right. Cyber "warfare" perhaps is more prevalent, in terms of being an umbrella phrase for all offensive activities (e.g., DDoS, hacktivism, defacements, espionage), but overall not a useful phrase today.
-- China -> In some sectors, the response was "umm, yeah, we've known this for years!" and in others it was "OMG WE'RE ALL GOING TO DIE!!!" Watch for "supply chain management" to heat up lots more in coming years as some estimates out of fed circles say that 75% of hardware will have at least one counterfeit chip by 2015.
- cyber war -> As already noted, gack. Thanks in large part to Richard Clarke, it's a mainstream phrase, but it's also meaningless. Let's instead talk about "offensive operations" and split those into "military," "government/state-sponsored," and "commercial" as the context is very important. I don't expect major corps to be launching kinetic attacks in response to DDoS anytime soon, no matter how annoyed RIAA/MPAA get about piracy.
-- China, Russia, NK, USA -> players got play... there are other key groups out there, too... several other NATO members, for instance... North Korea (NK) is interesting in terms of highlighting the asymmetric threat, especially when contrasted with other nation-states who may escalate to a kinetic response more quickly...
-- Cyber Command -> Well, it's been formed, and yet they still continued to generate lots of FUD and rhetoric... it's almost all about funding, though... *yawn*/*sigh*
-- tons of rhetoric, tons of confusion -> 'nuff said...
- Stuxnet -> speaking of "cyber war" - it's still not in the open about who the source is, but the rumormill is highly suggestive... I'd love to be on the inside track on this one, but we may never hear the real facts... so much for transparent government, eh?
-- this is really important -> Stuxnet is, indeed, important. It may very well represent a truly weaponized attack on a very specific target. If you needed a starting point for a slippery slope argument, then this is it. As my Dad always said about stealth tech in warplanes in the '90s: "if this is what the military is willing to let us see, then what are they holding back in secret still?!"
-- but who's behind it? -> this will be very interesting, but we may or may not ever hear... if this was state-sponsored, then there may be strong reasons to repress/oppress findings...
- everything cloud -> oh, sigh... almost every product now has a "cloud" component... trendy, and nice, but outsourcing is still outsourcing...
-- definitely mainstream now -> you know a concept is mainstream when Microsoft puts it in their consumer-oriented ads... but what does it really mean? the "due diligence" curve is not catching up yet...
-- it's entering the mainstream, right or wrong -> caveat emptor!
- more erosion of privacy, rights -> you didn't actually think we lived in an era of freedom, civil liberties, and privacy, did you? apparently not... government seems less, rather than more, transparent... we're seeing active repression of free speech... Facebook would love it if we'd just let them air all our dirty laundry... by 2020 I'm guessing nobody will care anybody, since "WAR IS PEACE / FREEDOM IS SLAVERY / IGNORANCE IS STRENGTH" (from Orwell's 1984)...
- year of consolidation -> lots of big buy-outs... and, as I write this, they continue with Dell buying SecureWorks...
-- Intel/McAfee, HP/Fortify, etc. -> What will this mean for the future? Hard to tell... 2011 will hopefully shed some light on product strategies... best case scenario, security products will be integrated and baked into lots of things, further reinforcing the notion that it should not be a bolt-on, ever...
- FUD FUD FUD - first "APT," then Wikileaks and DLP (what about stuxnet?) -> We still live in an age that hinges on the heavy use of fear. We need to get over that. There's a big difference between acts of terrorism and being terrorized (see my recent piece from STRATFOR)...
- energy sector still heavily exposed -> Stuxnet showed us how a potentially-weaponized attack can succeed against an energy sector target... now consider our reliance on electricity... I can't find the link, but I read a study in the last couple years that suggested something as "minor" as a 5-day power outage could result in mass chaos... and yet, it's clear that this sector in particular is behind the curve... this is just a wee bit concerning...
- other sectors likely not as well-off as they'd have us believe -> if the financial collapse showed us anything, it's that even the financial and real estate sectors aren't doing adequate risk management and are relying on some poorly substantiated assumptions... we need to be concerned about this and start aggressively pushing a survivability mindset...
Politics & Conflicts
- Middle East -> still a mess, and not going to get better any time soon...
-- Israeli settlements -> they keep building them, in contravention of UN sanctions... no peace until this ends...
-- continued failure of Israel/Palestine peace process -> some days I'm hopeful, but most of the time I think this is just a ticking time bomb... of the Biblical predictions in the Book of Revelation, it's the ones pertaining to the future isolation of Israel that strike me the most... I wonder if Nostradamus predicted anything about that? anyway...
- Elsewhere -> the whole darn world seems to be insane and falling apart, no?
-- Pakistan & Afghanistan -> the "blasphemy" ban in Pakistan is interesting, as is the continued corruption in the Afghan government...
-- various African states rising and falling -> Sudan is on the verge of splitting into 2 countries, which could be a good thing... however, while that happens, other countries are falling apart...
-- Somalia is still a mess, and a key source of fundamentalist extremists -> in reviewing literature from the past year, I was surprised by the number of fundamentalist combatants and terrorists-to-be who originate from Somalia... crazy...
-- Chavez expanded presidential powers -> If you didn't hear... Chavez's party didn't fare well in elections, so he pushed through a bill granting him tons more (dictatorial) power before the new term started... I have to wonder how much longer this last before Venezuela falls into a state of civil war? And then imagine how oil prices will soar...
-- power struggles building in Iran -> It seems like the hardliners aren't happy with Ahmadinejad... he's nutty and fairly extreme, it seems, but they don't seem to think he's fundamentalist enough or something... at any rate, there seems to be an active power struggle underway... 2011 could see some interesting changes there...
-- NK continues to be a pain -> nothing like firing live rounds at your neighbor to get some attention in the press... the power reigns are expected to be fully transitioned very soon... will this be a good or bad thing? who knows...
-- Mexico turning tide in drug wars -> 2010 was a terribly bloody year for Mexico, but the government seems to have winning edge in their war on the drug cartels... 2011 could be a definitive year, unless they experience major setbacks... nonetheless, I'll be minimizing travel plans down there for the foreseeable future... Pres. Calderón seems to be on a good path, so I hope he can keep it up!
- Europe -> from the stories I've read, the euro zone is in trouble...
-- EU falling apart? -> what's the future of the EU? if the euro zone collapses, then will the EU go as well? 2011 will probably show us reasonably definitive signs...
-- UK increasingly invasive, repressive -> a casual observation from various news reports, but they make the US look mild in some regards... pervasive monitoring seems to be their thing coming out of the age of the IRA and routine bombings... with fundamentalist activities on the rise, it seems that monitoring is also increasing, regardless of effectiveness or cost... just to name one example...
-- unprecedented cooperation w US on warrants (Assange, that actor dude) -> it seems that the international community is increasingly willing to help the US out in executing warrants and the like... I refuse to believe the the Swedish legal action against Assange is unconnected to Wikileaks... more on them below... also, that actor/director dude arrested in... Austria, was it? plus, Swiss bank access opening up... and so on...
- US -> of Despair? gosh, it really seems like it some days...
-- continues to be divisive -> politics are so polarized and divisive these days... talk about "wag the dog," too...
-- another polarity shift -> from left to right (allegedly - it's a separate discussion about whether there are really any differences between the two parties, both of whom seem to be for big, fat, bloated, overreaching central government)... and then there's the Tea Party, which ideologically could be interesting, but instead seems to be loaded with emotionally-charged morons who are having their buttons pushed by the very rich and very self-interested (*cough*Koch brothers*cough*)...
-- corruption, corruption, corruption -> yeah, seriously... who made the biggest investment in Congress last year? how much is a US Rep. going for these days, anyway? and don't even get me started on DHS, TSA, Chertoff, and Rapiscan... *sigh*
-- continued environment of FUD -> keep people scared and then they won't be able to act rationally... no, seriously, this seems to be the exact strategy, and psychologically it is a proper theory...
-- BP oil spill failure? -> what a mess... and yet Haliburton ended up not getting fined? seriously? kinda crazy... did I mention corruption? uh, yup...
-- TSA: failure! -> I've covered this topic already, but let's make sure we again highlight this as a policy failure, first and foremost...
-- DHS: failure! -> Well, or maybe not... it depends on what mission you think they have... nonetheless, they scare me...
-- Obama disappoints -> or does he? well, the Dems certainly disappointed... controlled both houses of Congress and couldn't get much done, except in the final death throes of the last term... I guess something got done... what I've found more disappointing is the lack of transparency, the continuation of many Bush policies and doctrines, the continued operation of Guantanamo, and where-oh-where was he on the TSA "naked scanner" stupidity? frankly, for that matter, where is he at all these days?
-- Congress: doddering old fools who don't understand technology? -> net neutrality regs are now on the books from the FCC... do they have jurisdiction? it's hard to say, but I'm gonna guess that no, they don't... in the meantime, tons of loopholes were left... hopefully they can a) get jurisdiction affirmed are assigned, and b) that they can broaden the rules... I hold no hope that this can happen with the GOP House of Reps. in place, though...
- Hacktivism -> *yawn*
-- Anonymous vs RIAA -> DDoS attacks are so passe, no?
-- Anonymous vs anyone not pro-Wikileaks -> this was just silly, though so was the angst against Wikileaks...
-- increasingly well-organized (especially for anarchist leanings) -> it seems to be more than just mob mentality these days... it's almost like an international grassroots political action committee...
-- increasingly severe LE responses -> one thing is certain, law enforcement ain't happy with things these days... I have to think they're fearful of many things, not the least of which being transparency and accountability... hey, nobody is perfect, but we also can't allow bad things to be done and hidden by LE...
-- Wikileaks: not hacktivism, and really a big yawner -> could this story have been overplayed much more? seriously... Wikileaks is a conduit, not too dissimilar from tor... if you want to be made at someone, be made at Pfc Manning for the data leak... and don't even get me started on the Government's many failures here... it's all rather disgusting... that being said, I've been amused by the chest-beating emanating from federal circles about Assange... take a chill pill, dudes and dudettes...
Laws, Regs, & Treaties
- New START -> hey, look, the Senate passed it... now for the Russian Parliament to do the same... this is a good thing, folks!
- Obamacare -> much maligned, much misunderstood... parts of it are just stupid, but other parts are good and worthwhile... government should regulate when unfair conditions are created, and I think in part this bill does that... of course, we'll see about the cost, etc., going forward...
- DADT -> hail, hail, it's dead... about darned time... nothing worse than codifying outright discrimination...
- FCC and net neutrality -> as already noted above, it's been instituted, but we'll see how it fares going forward...
- several starts on cybersec regs - they will pass eventually! -> there were over 50 cybersec bills in committee in 2010... one or more of them will get passed eventually... although, it'll be interesting to see what gets through the anti-regulation House... one thing I assume is that it will not evoke the right tone or set the right goals... of course, maybe this is a good thing... less protection and regulation could cause companies to realize the need for adopting survivability practices? right? maybe?
- much talk of a "cyber war" treaty -> I hope it goes nowhere. Do we need it? It's unclear. A Cyber Cold War seems like such a silly notion right now. How about an anti-espionage treaty first, eh?
General Meanderings
- personally a disappointing year in terms of progress (what progress?) -> I have a steady job that's let me do a lot of fun stuff, which is cool, but I'm impatient to get dug out financially from the hole I'm in, plus I'd really like to be able to do some fun travel things with the family, if only I could afford it... in general, I just don't feel like I got enough done this year...
-- did I add any value??? -> my mantra for 2011 will be "How am I adding value?" as I think much is wasted time and energy these days...
-- a few more articles published -> I had a few more articles published, all in the first half of the year... I let much of my writing slide as billable work kept me busy... nothing new published outside of blog posts... oh, well...
-- spoke at a few conferences, but didn't make it into any big ones -> I got a chance to speak a couple times, which was fun... I'll be speaking at RSA 2011 a couple times, which will be cool... I'm going to be a bit more selective going forward, and I'm going to work hard to better align speaking with promoting Gemini... I'll be at ShmooCon as an attendee... BSides Austin as an organizer... and beyond that? who knows...
-- not enough hours in the day! -> So much to do, so little free time... I come home exhausted most nights when I really need to be doing another 2-4 hours of extra "stuff"... I don't know how people keep up!
- the whole world seems insane...
-- corruption -> it seems to be SOP, no?
-- police state(s) -> gosh it increasingly feels like one, doesn't it?
-- "rugged individualism" replaced by "rampant, pervasive fear" -> when did we abdicate our image of "rugged individualism" as espoused by Teddy Roosevelt? I don't like living in the era of pervasive fear...
-- increasing power of central government and erosion of States' rights -> it'll be interesting to see if the 2011 Congress will move the needle on this at all... it's certainly a rallying cry of the Tea Party, but to what end? I somehow doubt their corporate overlords will really let this change much, except to reduce regulatory burden on their specific businesses...
-- one size rarely fits all (if ever?) -> No Child Left Educated is a failed policy... Obamacare may be the same... too often the federal government seems to have overstepped the bounds on what it should be regulating... I have a better idea... dramatically cut taxes AND services... if States or local governments want to increase taxes to cover funding shortfalls, then fine... but why am I being taxed to help pay for really bad legislation like NCLB? it makes no sense...
- global climate change is interesting
-- hotter summers
-- snowier winters
-- "ring of fire" surging? -> maybe it's just increased awareness of events, but it really seems like tectonic plates are moving more and that the "ring of fire" is starting to light-up again... this makes me wonder if Yellowstone (a "super-volcano") is closer to blowing its top? time will tell...
-- increased solar activity? (2012 is likely the next peak) -> 2001 was the last peak, and 2012 is the expected next peak... the sun typically flips poles every 11 years, or so we're told... conspiracy theorists should love the timing...
-- shifting magnetic poles (true polar wander on Earth, peak solar activity, and a sun flip - http://science.nasa.gov/science-news/science-at-nasa/2001/ast15feb_1/) -> as noted, the sun flips its poles every 11 years or so, resulting in peak activity... our own Terran magnetic poles naturally wander, but there's been much speculation about the poles actually "flipping" (though it isn't believed that it would be a straight 1-to-1 flip)... is it real or SciFi? it's really hard to tell... Wikipedia suggests this is as much legend as anything else... on the other hand, we have rather limited recorded history upon which to base our estimates...
-- prediction: the ice age is coming! -> peak, valley, peak, valley, peak, valley, super-peak, ???... my guess would be "super-valley" if prior pattern holds... I for one would be unsurprised if we entered a major ice age period this century, and perhaps even in my lifetime... one thing is certain: humans consistently overestimate their importance in the grand scheme of things... and Earth abides in spite of it all...
- has there ever been good customer service? -> I often wonder about this...
-- had planned as a separate piece, but this is good enough -> I was going to write a separate blog piece on customer disservice, but it's not worth it now... I will, however, post a note about one of my holiday experiences as soon as my review on TripAdvisor posts!
-- various and sundry -> I had issues with CVS pharmacy techs doing their jobs in getting permissions for prescriptions (who knew that a scrip wasn't adequate "authorization"?!?)... ExpressScripts was the source of the problems, and has been a pain to work with... they have sooo many rules... we got burned by Walmart.com on ordering holiday cards... we ordered 105, got 25... they did eventually credit us for the difference and allowed us to get copies from 1-hour in-store printing for the same price, but still... annoying! And there was the freezer delivery from Lowes that took 3 tries because they were disorganized... Verizon (telco, not wireless) gave me a hassle with their web site... they introduced the need for a Temp. PIN in order to update billing info on their site... stuff I'd already configured, but needed to change, and now I essentially had to reauthorize... and they'd only either call my home number (when I wasn't home) to get the PIN, or they could mail it to me (not helpful when I needed to make an immediate change)... and then there was New Years Eve and the hotel debacle... a fight literally broke out in the hallway at 11:30pm, which ended when one of the boys maced the other (literally mace, not pepper spray - sent people running for fresh air)... this on top of several other issues... and the response from Radisson? "sorry"... that's it... no money back or anything... I when I tried to reply to their apology email, the email bounced!! *sigh*
- economic recovery?
-- coming very slowly (what recovery?) -> I think the economy is recovering, but how can we really tell? it's going to take a very long time... just for comparison, though, it's worth noting that the Great Depression did last 10 years or more for most countries...
-- very fragile, and still could collapse (look at Europe!) -> the recovery certainly is not an assured thing... there are lots of rumblings about the euro zone right now and it'll be interesting to see what eventually happens...
-- gas prices being driven up by speculators (greed w/ negative impact) -> last week I read several stories about market speculation estimating topping $4/gal gas this Summer... it seems that all this speculation is driving up oil and gas prices preemptively... this is not a good thing in terms of the recovery... bunch o' greedy buggers...
-- the ever-widening income gap and the erosion of the middle class -> this was a campaign issue for the GOP, but it seems to be bearing out as relatively true... the so-called middle class seems to be shrinking, with a tremendous gap between the domestic haves and have nots... it's somewhat distressing to think that we may be nearing a point in time in US history where there will no longer be upward mobility any more... we might as well return to the official class system of olde England... it's a wee bit nauseating how greed has corrupted the American ideals...
- looking ahead (this is another piece altogether) -> I'll write a separate post on this topic, but suffice to say that I see 2011 as a definitive year for me... I hope to hold down this job, do lots of cool stuff, and further attack my financial burdens... here's to a good year!