Feeds

Ex-Microserf Schmidt as govt cyberterror Cassandra

Apocalypse soon

  • alert
  • submit to reddit

3 Big data security analytics techniques

This month's dose of demented prediction comes to you courtesy of Howard Schmidt, chairman vice of the US President's Critical Infrastructure Protection Board.

Alleged "zero-day viruses and affinity worms" will sunder business records, as reported in Network World Fusion and credited to a Schmidt speech at an Information Systems Audit and Control Association (ISACA) conference. Brokerage house trading records will be scrambled, corporate networks rendered molten, CEOs humiliated.

This is not the worst. Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005! Cats and dogs fornicate in the street as the sky turns black as sackcloth.

It seems the Warhol worm, once mentioned recently in this column as allegedly capable of infecting the world in fifteen minutes, is senile by comparison. In the arms-race-like rhetoric of horror virus description, the zero worm infects almost instantly. What could be next? Perhaps a temporal virus so fiendishly virulent at the quantum level of the chip that it moves backward in time, infecting everyone with a PC the day before some anonymous ninny on the Internet becomes the first infection.

Whether the bearers of such news are carillonneurs or cullions in these matters depends upon how experienced an observer you are of the computer security junket fest.

If it's the first time for you at one of these cons, where your employer coughs up anywhere from $500 - $1900 for the price of admission, Schmidt's virus alarums might seem quite remarkable, even prescient. The remora-like journalists who get in gratis will assuage any lingering doubts you have as to the value of his lecture by emphasizing the most fantastic elements of it in the trades. If your boss reads the published result, it's all good. You were educated at the feet of the guru.

But I must rain on the parade. Nothing more than mutton passed off as lamb, folks. The sizzle is the main ingredient of a message that is repeated so often it can only be taken seriously as publicly-funded performance art.

In simplest terms, Schmidt is a computer security celebrity junketeer, a highly specialized occupation somewhat obscured by an official biography bulging with professional-strength acronyms. Much of his time is spent as a featured speaker jetting around corporate America. Search engines return Schmidt lectures everywhere in 2002: Atlantic City/HTCIA 2002 con, Cybercrime 2002, IT Business Forum, RIMS.ORG, New York State's "Cyberstrategies," the Chicago National Cybercrime Conference, South Sound (Washington), the National State Association of Chief Information Officer's midyear confab, High-End Computing in an Insecure World, WSATA 2002 (the Western States Association of Tax Administrators), Trust & Security in Cyberspace at the Center for Strategic and International Studies, Defending Against Information Warfare, the Secure e-Business Executive Summit, Winning the War on Cyberterrorism at Washington University of St. Louis, Microsoft's Government Leaders 2002...

Ouch, I feel an airline coach-class thrombosis coming on just browsing the list!

As a deliverer of keynote addresses, Schmidt has created a powerful image of furious action in the name of national security. Indeed, he has become an invaluable mover in the computer-trouble industry economy.

Not for everyday public idlers are these affairs, oh no! Vendors and sponsors pay handsomely to crowd the display ballrooms, showcasing turnkey services and wares enticing to the corporate foot soldiers and fellow junketmen who have just been teased with an appetizing whiff of techno-apprehension, courtesy of a good Schmidt speech.

The talent for junket was developed while at Microsoft. As Redmond's computer security czar, the tour of meetings was similar. Politically, the message differed slightly in service to Microsoft directives. Viruses weren't as cataclysmic. Generally, this was a good position to cling to while the likes of Melissa, Loveletter and Code Red were ripping through your company's software. By example: "I'm not going to come up here and tell you the sky is falling," Schmidt said at a Tulsa University infosec conference as Microsoft Chief Security Officer.

On the other hand, familiar territory is traveled in calls for more secrecy. At Microsoft, this was delivered as anguished laments on the practice of full disclosure and "information anarchy." When speaking for the government, it has become a desire to add a corporate exemption to the Freedom of Information Act, although no one has said how such a thing will prevent the "zero-day virus."

© 2002 SecurityFocus.com, all rights reserved.

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.