CIO Today had an article yesterday entitled "Cybersecurity Today: The Wild Wild West". It's worth a read. Do you think you are safe by having the latest anti-virus deployed? The article notes:
"To demonstrate how vulnerable networks can be, a team of Northrop Grumman engineers purchased a brand new computer with the latest security software and linked it to the Internet. Within four hours, a hacker had "pinged" or probed the system. Within a week, a "rootkit" -- a form of malicious software -- had been installed on its hard drive. Within two weeks, the computer was enslaved by servers that were traced to Canada, Singapore and another unidentified location, and used to attack a computer in Poland.
This happens because there is a large gap between the time a vulnerability is discovered and the release of a software patch to protect a system, says McKnight of Northrop Grumman. In many cases, it takes vendors weeks and even months to provide a patch, which may not even work."
We all know about the collapse of perimeter defenses and the fact that patching is always one step behind the bad guys. This is a very comprehensive article yet what it completely ignores is the need for internet-wide authentication. All of the solutions noted in the article are very expensive and won't solve the fundamental problems they highlight.
This morning I participated in an educational webcast on DNSSEC implementation sponsored by PIR, The Public Interest Registry. PIR and their technology provider, Afilias, run the .org domain. They are way ahead of everyone in the US (.gov excepted) on DNSSEC adoption. Their approach is methodical. They signed the .org zone in June and are carrying out a trial roll out to a small number of organizations withing .org. Full deployment availability to their constituents will take place early in 2010.
This type of preparation and action will make a real difference cost effectively for Internet users. There are over 15 million records (web sites) within the .org domain. Hospitals, charitable and civic organizations provide essential services and face increasing financial pressures. The Internet provides one of the most cost effective methods for communications. Low cost DNSSEC is the essential foundation for putting medical records on-line and many other applications that will have a huge positive impact on our lives. We won't get there with expensive filtering, encryption, and intrusion detection systems.
Cybersecurity will continue to be the wild, wild west until more organizations follow the lead of PIR with DNSSEC deployment.
Comments