What a year for cyber security in the news. It started with president Trump appointing ex New York Mayor Rudi Giuliani as US Cyber Security Czar. On one hand the appointment of a czar should please Trump’s Russian handlers. On the other hand, while Giuliani is well known for his expertise in locker room talk, he’s less well known for his cyber security leadership. Undeterred by his relative inexperience, Giuliani promised ‘solve cyber security’ as if it was a crossword or a game of Cluedo. Never mind securing the nation, it quickly emerged that he couldn’t secure his own website. We haven’t heard from him since. Perhaps the activation of a screen saver on his new work computer cut short a promising career in security leadership.
We had the Wannacry ransomware. The NSA had lost control of a vulnerability which was weaponised and used against us. In fact, it was just like the horror film 28 Days Later in which a virus escaped from a secret government lab. Large numbers of dead eyed, slack jawed soulless figures were seen staggering around. Not zombies, just network administrators and IT security staff working through the night to try to fix the damage. Especially hard hit were UK hospitals that had to cancel large numbers of operations. We’ll probably never know how many people died as a result. It’s almost enough to make you question the wisdom of stockpiling secret vulnerabilities in a cyber security arms race for mutually assured disclosure.
We had the Equifax breach. Hundreds of millions of people had their social security numbers disclosed putting them at risk of identity fraud. The good news was that for a monthly fee Equifax could monitor your credit score and let you know how badly it’s been affected. The bad news was that the only way to fully eliminate your risk was to die. There’s no escape from Death and Equifaxes.
Facebook admitted to the scale of activity on their platform aimed at influencing the US election outcome. MySpace tried to spread a rumour that they were behind it, but it failed to gain traction with their seven remaining users. Previously, Facebook CEO Mark Zuckerberg had said that it was a ridiculous idea that people were using his influencer platform to influence. Apparently, while millions of people look at Facebook every day, they don’t take any notice of the content. Good news for democracy, bad news for all those cats who’ve learnt how to play the piano and uploaded those videos for nothing.
We had the Uber Breach. In the spirit of being the biggest and best at everything Uber admitted to one of the largest security breaches ever. Then, it emerged that a ransom had been paid under the guise of a bug bounty program. It was a less convincing cover up than a super bowl wardrobe malfunction. Still, companies don’t always make the best decisions in a crisis and it’s up to security professionals to guide them. Wait. What, it was the CISO’s idea to pay a ransom and pretend it was a bug bounty? Jesus. Please excuse the delay to your journey while your driver takes a detour to drop off some bags of cash.
In December UK MP Damian Green resigned after persistent rumours that a large collection of pornographic images had been found by police on his parliamentary computer. Fellow Conservative MP Nadine Dorries came to his defence by saying that she routinely shared her password with all her staff and that password sharing was rife in the UK parliament. She said it was ‘ridiculous’ to assert that Green was responsible for the images on his computer. The practice of password sharing was also confirmed by Dorries’ new intern, Vladimir. After an outcry, Dorries stated that she didn’t have access to any government secrets, just highly sensitive correspondence with her constituents which was all safely hidden under her password post-it notes.
Here’s to a calmer 2018. No data leaks, no huge hacks and for Facebook to deliver completely open, balanced and fair coverage of our democratic systems. It’s what next US President Mark Zuckerberg would want.