Spy v Spy

This is what I love about IT security – the intellectual battle played out daily between the good guys and the bad guys like an intricate chess game on a global chess board. Every day consists of countless skirmishes, reconnaissance and espionage expeditions, the shoring up of defences, securing data, secret communications, subterfuge, surveillance, encryption, and commando raids, in a shadowy intellectual dual between attacker and defender. Intellectual, because the clever guy wins.

It is an uneven playing field on this global chess board. The odds are heavily stacked in favour of the attacker. Defenders need to secure everything at all times, whereas attackers only need to find the weakest chink at one point in time. Generally the good guys are defenders, however in a cyber warfare scenario, attack by a nation state is a legitimate, acceptable strategy for the good guys. Obama told us so. Mobile and the cloud, all increase the threat surface, enlarging the battlefield of the global chess board, and together with big data and social networking, open up new weak spots.

There are huge rewards and penalties for both defender and attacker. Rewards stem from innovation in the intellectual battle. As a security software developer there are big rewards for innovation, inventing the next security silver bullet and gaining a slice of the multi-billion dollar security spend. Attackers’ rewards stem from discovering new exploits, growing a botnet, innovating with malware development and social engineering, resulting in identity theft, stealing proprietary information, and espionage, and ultimately financial proceeds of big crime. Both attacker and defender operate under constraints of limited resources.

Threats to defenders are significant. Most organisations and government departments have suffered breach and theft. The threat of losing individuals’ sensitive information is significant as many organisations have discovered. Sony, LinkedIn, Twitter, are just some examples of the many recent high-profile data theft breaches. For attackers, the threat is being caught and imprisonment.

From time-to-time, innovation leads to significant, game-changing leaps in technology. The Stuxnet malware was a technological leap forward, even though developed by “the good guys”, it advanced malware technology significantly. Subsequent malware, such as Duqu, Flame and others, and Advanced Persistent Threats (APT), illustrate that the game has been ratcheted up a notch. There are very real threats not only to individuals, organisations and government, but also to national security and economic stability.

The brilliant work by Ron Rivest, Adi Shamir and Leonard Adleman, is a classic illustration of a step change in defences brought about by innovation (following earlier breakthroughs by Diffie, Hellman and Merkle). Their invention of public key encryption changed the way the world secures data, and the rewards can be seen today in the form of a great company named after these three men – RSA. However, the cloak-and-dagger, secretive nature of IT security is beautifully illustrated in the RSA story by the revelation that James Ellis actually invented public key encryption while working for the British government several years before, but his innovation was classified top secret and could not be revealed to the world. The Code Book by Simon Singh contains a well-written account of this fascinating historical story.

IT security is a challenging industry where the stakes are high and innovation is rewarded, and the upper hand on the global chess board will continue to see-saw between the good guys and the bad guys.

One thought on “Spy v Spy

  1. test1 March 17, 2013 at 10:14 pm Reply

    Very well written story. It will be helpful to anyone who employess it, including myself. Keep doing what you are doing for sure i will check out more posts.

Leave a Reply

%d bloggers like this: