Wednesday, January 1, 2014

What can we learn from the NSA leaks?

2013 was the year of the NSA leaks.  A ton of data about what that agency is doing in the cyberspace was made available, and everyone is trying to figure out what everything means. I believe the answer will vary a lot depending on who is looking for that.

For other governments: I believe there are two aspects to be considered by other governments. First,  about what the US is doing in this field. The other countries should use all this to define a target of capabilities to be developed.  After all, if the Americans are really capable of all that, they should work to achieve similar capabilities, for intelligence and 'cyberwar'  perspectives.

The other aspect is the defence side.  The other governments now have confirmation about at least one government actions and capabilities. It doesn't matter if they are enemies or allies; it is a reasonable assumption that the US is not the only one doing all that stuff. So,  they need to review they technology choices, from hardware and software vendors to service providers and even encryption algorithms. Apart from that,  they should also invest heavily on the detection capabilities. No system should be considered 'unbreakable' and the assumption that the enemy is already inside has never been so appropriate.

For the regular security guy: if you work for a company that is not strategic for its home country, there are not many changes in how security should be done. NSA may have the ability to peep in your stuff,  but probably they are not interested in it.  Now, pay attention to all the capabilities they have and keep in mind that if they can do it, others, including cybercriminals, could also do it. Consider all those leaks as a gigantic proof of concept of how technology can fail in terms of security and act accordingly.

(before you give a big breath of relief, stop and think; are you really working for a 'non-strategic' business? Go read the APT1 report from Mandiant, just to be sure, before you skip the next paragraph)

For those working for strategic businesses: Time to think carefully about your security strategy. We know now not only that governments are actively hacking but also that they are doing that for economic reasons too (APT1, NSA and Petrobras). So,  you are a target and they have an enormous skills and tools advantage.  What to do?

It's time to focus on early detection and response. Based on what we've seen about their capabilities it will be very hard to prevent them to break in, but you should still be able to find out strange things happening to your network and systems. Put your focus on that.