Monday, October 22, 2007

Weapons of Mass Destruction ? The next battleground

No one found the WMDs ! The reason is simple ... the search was in all the wrong places.

They do exist but not in the tangible world as we know them. The WMDs we have grown up with are the nuclear devices, the chemical weapons, the large armies, the terrorists. These are passe.

WMDs today are unseen, they are invisible bits and bytes that can travel over fiber optic across continents before you can blink. These bits and bytes, shaped by some 'beautiful' criminal mind into a virus, a trojan, a DOS to wreak havoc and bring terror to the doorstep of the common man.

Critical infrastructure like airports, dams, utilities, power and nuclear facilities, defence facilities are on alert against the risk of attack but with barriers and para-military forces the threat is mitigated. What about the WMD attack - the attack which comes stealthily via the internet in the form of trojans, viruses, rootkits, web-bots etc. An attack which can paralyze the airport or can shutdown the nuclear facility.

Webface defacements, hacking, data theft and such IT crime is commonplace today and we have new reports daily - globally. So it is easy for a terrorist to construct the WMD and let it loose for destruction.

So how do we search and control those evil designs. The answers may be in a reorientation of education at all levels. By the inclusion of ethics in system design and development, in the use of technology. Or will it be necessary for system development to be licenced and controlled by governments as is the case with the manufacture of nuclear and conventional weapons.

Recent events in Estonia have shown what the WMD can do, and we do not know whether the hills of Kandhar have classes in computer technology after the wannabe terrorist has finished target practice and the indoctrination lecture for the day.

Thoughts to ramble on, and yes it is a terrifying thought but what if it was another 'Live Free Die Hard' scenario.

Rambing Securely

Yes I would like to make this a space to ramble on and on about InfoSec. Passionate I am about this from the day I realized that this is something which is where I want to be.

It was sometime in 2000 or earlier that I was exposed to the thought of security in technology. And I was excited about the subject and got to reading whatever I could get my hands on. Learnt what continuity meant, and that there existed a CIA triad which was the basis of all secure thought. And that the Deming cycle meant a lot to make life secure.

One has come a long way and I have gathered a lot of moss ...... and the excitement continues ! The passion is as strong as ever, and the quest for knowledge stronger.

With all the churn in the mind, I keep rambling, so I decided to blog all these thoughts. And maybe start some discussions which may (hopefully) lead to better something someplace.