The Internet is on fire â€“ don't just stand there, grab a bucket!
Embed Size (px)
Transcript of The Internet is on fire â€“ don't just stand there, grab a bucket!
- 1. DONT JUST STAND THERE GRAB A BUCKET THE INTERNET IS ON FIRE
- 2. This needs to change, or there is no sustainable, digital future. THE INTERNET IS ON FIRE AND EVERY CONNECTED DEVICE IS AT RISK
- 3. Im calling every developer to pick up the proverbial bucket. And if you deploy any kind of code, that includes you. Yes, you. THIS IS A CALL TO ARMS
- 4. | WHERE ARE WE? Our technology is not optional anymore.
- 5. | WHERE ARE WE? In the wake of the digitalization of everything and our rapid and greedy adoption of new technology, criminals and spies have followed. The internet, all our technology and the digitalized society is under constant attack from criminals, spies and in some cases even our own governments. The Internet is on fire, and every connected device and user is at risk. This is a reality. Its not up for discussion anymore.
- 6. | WHERE ARE WE? We dont know how many security incidents go undetected, but the very realistic fear is that it may be a vast majority of them. Of the detected incidents only 30 % were detected by the targeted organization themselves. Of these 30 %, a whopping 90 % were detected during exfiltration. The average time of detection of an espionage incident is over 200 days.
- 7. | WHERE ARE WE? There are typically at least 10 errors or defects in every 1 000 lines of code. This can typically be reduced to less than 1 error or defect in every 1 000 lines of production code after rigorous testing. There is typically left 1 exploitable vulnerability per 1 000 000 lines of code. Every year there are several severe and exploitable vulnerabilities in the majority of popular software. The same seems to be true for hardware.
- 8. | WHERE ARE WE? And yet, code now runs almost everything, everywhere. There is hardly any aspect of life where we arent using modern IT technology. To quote Melissa Hathaway: We have put every critical system on the backbone of the Internet, but the Internet wasn't ready for it. The proof is readily available. Every month you hear about major security breaches with big consequences for people, companies and countries.
- 9. | WHERE ARE WE? Weve joined the party without proper protection.
- 10. | WHERE ARE WE? The technological foundation of digitalized society is crumbling.
- 11. | HOW DID WE GET HERE? By being lazy
- 12. | HOW DID WE GET HERE? By making wrongful assumtions
- 13. | HOW DID WE GET HERE?
- 14. | HOW DID WE GET HERE?
- 15. | HOW DID WE GET HERE? Conclusion: Only 3 % of all detected security incidents were detected by the targeted organization themselves before it was to late. Background: Badly written, badly deployed and badly configured code are the enablers for a huge part of the avalanche of security incidents we are currently experiencing. Consequence: The vulnerabilities we introduce in code and IT infrastructure are threatening our personal lives, our businesses, our governments and in reality also our societies.
- 16. | WHERE ARE WE HEADING? Towards the proverbial, digital cliff?
- 17. | WHERE ARE WE HEADING? You need to be aware of how terrible this technology is. It is not protecting you. This is not the safe version of the future youve seen on Star Trek. This is the dirty ugly version of the future. Everything is a bad neighborhood now. Dr. Paul Vixie
- 18. | WHERE ARE WE HEADING? Possibly to a near future were we cant trust our digital ground.
- 19. | HOW CAN WE AVOID THIS? Customer demands. Probably not until its too late Industry self-regulation and competition. Few signs of that happening Laws and regulations. Too little, too late and probably not the way wed want it
- 20. | HOW CAN WE AVOID THIS? But we can also do it bottom-up.
- 21. | HOW CAN WE AVOID THIS? We can and should educate ourselves, and do better.
- 22. Accept that your code will be deployed in ways you never imagined. Accept that absolutely all code you deploy will be attacked. Dont assume that anyone else will mitigate vulnerabilities in your code. Dont assume that exploiting your code will only affect your application. Accept that lives at some point will depend on the robustness of your code. OUR SUSTAINABLE DIGITAL FUTURE STARTS WITH YOU DEPLOYING BETTER CODE
- 23. http://iamthecavalry.org/ @iamthecavalry Go pick up a bucket and say after me: Ill pitch in to fix it, I am the Cavalry! Be the Cavalry. Build more secure and robust systems even if no-one demands it.
- 24. We need a better and more sustainable digital future, and the world needs your contribution SECURITY IS ALL ABOUT SUSTAINABILITY
- 25. /presenter$ whoami Name: Frode Hommedal Homepage: http://frodehommedal.no/ Twitter: @FrodeHommedal LinkedIn: https://no.linkedin.com/in/hommedal