paulmudgett.com

The Cyber Maginot Line

Between 1930 and 1940, France built a massive system  of defenses known as the Maginot Line.  Designed to stop a German invasion, history illustrates its failure.  The 1940 German invasion of France skirted the defensive Maginot Line as they swiftly penetrated through the Ardennes by way of Belgium.  I’m not a historian and there are many facts that played into this but clearly the fate of France was at least partly determined by a false sense of security rooted in the Maginot Line.

Have modern day corporations and public entities created their own version of Maginot Line when it comes to the protection of sensitive information?  I think the answer is clearly yes.  William J. Lynn III, the deputy defense secretary who oversaw a recent attack simulation pointed this out in “In Digital Combat, U.S. Finds No Easy Deterrent“.  An over-reliance on firewalls and anti-virus programs has created a false sense of security among those who store, transmit, and process sensitive information in the normal course of business.  The changing threatscape, such as the new complex zero-day exploits and state-sponsored targeted attacks, are sometimes ignored much like the French failed to take action when Belgium declared itself a neutral country severing their previous alliance with France.

Consider this comment made in a recent story:

“The new type of attack involves custom-made spyware that is virtually undetectable by antivirus and other electronic defenses traditionally used by corporations.”  US oil industry hit by cyberattacks:  Was China Involved? CS Monitor, January 25, 2010

We are not prepared.  The attackers have become more nimble, motivated, and tenacious while we have become slow moving and complacent.  Many organizations have been lulled to sleep.  We’ve already seen changes in the way attacks are organized and the creativity being designed into their exploits.  Collectively, we need to examine the new threatscape and actively develop new tactics that match the agility being demonstrated by the “bad guys”.

Let’s learn from the Maginot Line.  Let’s not get caught sitting behind our old walls hoping that we can sustain a direct assault when the real threat is making an end run.