Feeds

Ex-Microserf Schmidt as govt cyberterror Cassandra

Apocalypse soon

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

This month's dose of demented prediction comes to you courtesy of Howard Schmidt, chairman vice of the US President's Critical Infrastructure Protection Board.

Alleged "zero-day viruses and affinity worms" will sunder business records, as reported in Network World Fusion and credited to a Schmidt speech at an Information Systems Audit and Control Association (ISACA) conference. Brokerage house trading records will be scrambled, corporate networks rendered molten, CEOs humiliated.

This is not the worst. Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005! Cats and dogs fornicate in the street as the sky turns black as sackcloth.

It seems the Warhol worm, once mentioned recently in this column as allegedly capable of infecting the world in fifteen minutes, is senile by comparison. In the arms-race-like rhetoric of horror virus description, the zero worm infects almost instantly. What could be next? Perhaps a temporal virus so fiendishly virulent at the quantum level of the chip that it moves backward in time, infecting everyone with a PC the day before some anonymous ninny on the Internet becomes the first infection.

Whether the bearers of such news are carillonneurs or cullions in these matters depends upon how experienced an observer you are of the computer security junket fest.

If it's the first time for you at one of these cons, where your employer coughs up anywhere from $500 - $1900 for the price of admission, Schmidt's virus alarums might seem quite remarkable, even prescient. The remora-like journalists who get in gratis will assuage any lingering doubts you have as to the value of his lecture by emphasizing the most fantastic elements of it in the trades. If your boss reads the published result, it's all good. You were educated at the feet of the guru.

But I must rain on the parade. Nothing more than mutton passed off as lamb, folks. The sizzle is the main ingredient of a message that is repeated so often it can only be taken seriously as publicly-funded performance art.

In simplest terms, Schmidt is a computer security celebrity junketeer, a highly specialized occupation somewhat obscured by an official biography bulging with professional-strength acronyms. Much of his time is spent as a featured speaker jetting around corporate America. Search engines return Schmidt lectures everywhere in 2002: Atlantic City/HTCIA 2002 con, Cybercrime 2002, IT Business Forum, RIMS.ORG, New York State's "Cyberstrategies," the Chicago National Cybercrime Conference, South Sound (Washington), the National State Association of Chief Information Officer's midyear confab, High-End Computing in an Insecure World, WSATA 2002 (the Western States Association of Tax Administrators), Trust & Security in Cyberspace at the Center for Strategic and International Studies, Defending Against Information Warfare, the Secure e-Business Executive Summit, Winning the War on Cyberterrorism at Washington University of St. Louis, Microsoft's Government Leaders 2002...

Ouch, I feel an airline coach-class thrombosis coming on just browsing the list!

As a deliverer of keynote addresses, Schmidt has created a powerful image of furious action in the name of national security. Indeed, he has become an invaluable mover in the computer-trouble industry economy.

Not for everyday public idlers are these affairs, oh no! Vendors and sponsors pay handsomely to crowd the display ballrooms, showcasing turnkey services and wares enticing to the corporate foot soldiers and fellow junketmen who have just been teased with an appetizing whiff of techno-apprehension, courtesy of a good Schmidt speech.

The talent for junket was developed while at Microsoft. As Redmond's computer security czar, the tour of meetings was similar. Politically, the message differed slightly in service to Microsoft directives. Viruses weren't as cataclysmic. Generally, this was a good position to cling to while the likes of Melissa, Loveletter and Code Red were ripping through your company's software. By example: "I'm not going to come up here and tell you the sky is falling," Schmidt said at a Tulsa University infosec conference as Microsoft Chief Security Officer.

On the other hand, familiar territory is traveled in calls for more secrecy. At Microsoft, this was delivered as anguished laments on the practice of full disclosure and "information anarchy." When speaking for the government, it has become a desire to add a corporate exemption to the Freedom of Information Act, although no one has said how such a thing will prevent the "zero-day virus."

© 2002 SecurityFocus.com, all rights reserved.

Remote control for virtualized desktops

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
HTML5 vs native: Harry Coder and the mudblood mobile app princes
Developers just want their ideas to generate money
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.