Monday, March 16, 2015

Mariners upon the sea! A new course awaits us: The blue team one

On the  HMS Belfast warship deck, the alarms bell. Several soldiers arrest one of the passengers just before he takes out the weapon he´s hiding under his live vest. But the damage is already done. The on board computer equipment has  been hacked, and the mission of the 42 experts on board is to be part of the blue team in charge of avoiding the malware shooting the warship artillery over the  United Kingdom capital city. 

This is how one of the annual London cybersecurity hackathons starts. 42 students will act as a cybersecurity blue team in charge of the protection of the battleship (a real ship, now used as a tourist destination) and to avoid the final count reaching the zero. What´s at stake is a juicy economic spoil and the search of new talented hackers.

Since Infosec became a critical element of technology, it was clear that it was going to be necessary to create cyberdefense teams, blue teams, to fight against bad people and deal with the attacking teams (the red ones). It´s an ideological classification which is still valid today. And it´s hard to be part of the blue team when the range of attacks an their range of action includes every web with a CMS based on Wordpress. A gift for the Islamic State (ISIS), and a real headache for global security.
Wordpress, as any other CMS, is not the unsafest or more vulnerable one. This is just one of the most used content managers, and therefore one of the most attacked. The info obtained through any security breach can be classified in 4 levels depending on its seriousness or market value. Since public data obtained from search engines to medical data obtained, with or without the patient consent, using platforms such as ResearchKit by Apple... Which can be used to save lives or to commit the worst evil acts.
Because at the end everything falls on the confidence which a system or a security experts team is able to inspire us. What kind of reassurance is Wordpress able to give as in order to make progress with new projects? How many confidence can we place on medical data platforms as the one recently presented by Apple? How many confidence would you place on the codes and cryptographic certificates present in almost every Internet services? Less and less, unfortunately, as demonstrated by one of the latest studios released by the Ponemon Institute. Most of the IT professionals don´t know where are those codes stored and which third parties do they depend on.
There is no other option but to dive on to the sea. Make our ship as secure as possible, minimise the risks of unauthorized boardings and sail together towards the common good. We´ll keep fighting, under the sun or under the storm, under this banner. The blue one of the ocean!


Post a Comment