Feeds

Ex-Microserf Schmidt as govt cyberterror Cassandra

Apocalypse soon

  • alert
  • submit to reddit

Boost IT visibility and business value

This month's dose of demented prediction comes to you courtesy of Howard Schmidt, chairman vice of the US President's Critical Infrastructure Protection Board.

Alleged "zero-day viruses and affinity worms" will sunder business records, as reported in Network World Fusion and credited to a Schmidt speech at an Information Systems Audit and Control Association (ISACA) conference. Brokerage house trading records will be scrambled, corporate networks rendered molten, CEOs humiliated.

This is not the worst. Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005! Cats and dogs fornicate in the street as the sky turns black as sackcloth.

It seems the Warhol worm, once mentioned recently in this column as allegedly capable of infecting the world in fifteen minutes, is senile by comparison. In the arms-race-like rhetoric of horror virus description, the zero worm infects almost instantly. What could be next? Perhaps a temporal virus so fiendishly virulent at the quantum level of the chip that it moves backward in time, infecting everyone with a PC the day before some anonymous ninny on the Internet becomes the first infection.

Whether the bearers of such news are carillonneurs or cullions in these matters depends upon how experienced an observer you are of the computer security junket fest.

If it's the first time for you at one of these cons, where your employer coughs up anywhere from $500 - $1900 for the price of admission, Schmidt's virus alarums might seem quite remarkable, even prescient. The remora-like journalists who get in gratis will assuage any lingering doubts you have as to the value of his lecture by emphasizing the most fantastic elements of it in the trades. If your boss reads the published result, it's all good. You were educated at the feet of the guru.

But I must rain on the parade. Nothing more than mutton passed off as lamb, folks. The sizzle is the main ingredient of a message that is repeated so often it can only be taken seriously as publicly-funded performance art.

In simplest terms, Schmidt is a computer security celebrity junketeer, a highly specialized occupation somewhat obscured by an official biography bulging with professional-strength acronyms. Much of his time is spent as a featured speaker jetting around corporate America. Search engines return Schmidt lectures everywhere in 2002: Atlantic City/HTCIA 2002 con, Cybercrime 2002, IT Business Forum, RIMS.ORG, New York State's "Cyberstrategies," the Chicago National Cybercrime Conference, South Sound (Washington), the National State Association of Chief Information Officer's midyear confab, High-End Computing in an Insecure World, WSATA 2002 (the Western States Association of Tax Administrators), Trust & Security in Cyberspace at the Center for Strategic and International Studies, Defending Against Information Warfare, the Secure e-Business Executive Summit, Winning the War on Cyberterrorism at Washington University of St. Louis, Microsoft's Government Leaders 2002...

Ouch, I feel an airline coach-class thrombosis coming on just browsing the list!

As a deliverer of keynote addresses, Schmidt has created a powerful image of furious action in the name of national security. Indeed, he has become an invaluable mover in the computer-trouble industry economy.

Not for everyday public idlers are these affairs, oh no! Vendors and sponsors pay handsomely to crowd the display ballrooms, showcasing turnkey services and wares enticing to the corporate foot soldiers and fellow junketmen who have just been teased with an appetizing whiff of techno-apprehension, courtesy of a good Schmidt speech.

The talent for junket was developed while at Microsoft. As Redmond's computer security czar, the tour of meetings was similar. Politically, the message differed slightly in service to Microsoft directives. Viruses weren't as cataclysmic. Generally, this was a good position to cling to while the likes of Melissa, Loveletter and Code Red were ripping through your company's software. By example: "I'm not going to come up here and tell you the sky is falling," Schmidt said at a Tulsa University infosec conference as Microsoft Chief Security Officer.

On the other hand, familiar territory is traveled in calls for more secrecy. At Microsoft, this was delivered as anguished laments on the practice of full disclosure and "information anarchy." When speaking for the government, it has become a desire to add a corporate exemption to the Freedom of Information Act, although no one has said how such a thing will prevent the "zero-day virus."

© 2002 SecurityFocus.com, all rights reserved.

Application security programs and practises

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.