Scott Granneman forwarded this story today from the Chicago Tribune. Not surprisingly, the tough economic climate has stifled the growth of the security industry. I think, like most tech sectors, it will turn around in time.

A year after the attacks, the anticipated wave of investment in a wide range of technologies to protect people, buildings and computer networks has yet to swell, let alone crest, experts say.

Concern hasn't gone away, but the economic downturn and the complexity of responding to a terrorist threat is inhibiting investment.

"It's like a double-whammy tragedy," said Howard Rubin, executive vice president at Connecticut-based research firm Meta Group. "Companies had planned to spend more, but the money simply wasn't there to do a lot of the things that had to happen over the past year."

posted by mt at 12:32

Not a lot caught my eye surfing this morning. I saw a snippet about a small 9/11 virus which popped up in a few places, thankfully not much else. Accidentally deleted some stories this morning which came via email, if I can track them down, look for some posts this afternoon.
posted by mt at 11:45

A good overview of war dialing from IBM. It's no longer a modern day tactic, today it's all wifi and war driving, but one that can still be used to breach many networks.



posted by mt at 10:24

Microsoft continues to push security, because it's the only thing selling for them. Today's promise is Yukon - a secure version of SQL Server. Why isn't the current version secure?
posted by mt at 10:16

Steve Bellovin, author of Packets Found on an Internet - an early exploration of IDS and anomaly detection, is quoted in this article on security architecture and engineering. Definitely worth a look, he understands the future of this industry.

"The answer is not fewer firewalls, but more firewalls," Bellovin said. "Distributed architectures require distributed security strategies."

posted by mt at 10:13

Intel announced LaGrande yesterday, a new secure computing initiative. It will likely be the hardware driving Microsoft's Palladium. The NYTimes has a great piece on the state of security, one year after 9/11. A must read with several relevant points. Hopefully more posts later today.

posted by mt at 10:42

Computerworld recently interviewed Richard Clarke, who runs the Critical Infrastructure Protection Board. Worth a look.

There's a spectrum of threats out there, some of which we experience every day. That spectrum runs from [individuals] who simply vandalize Web pages to those who conduct nuisance denial-of-service attacks. That's on the low end, which is usually conducted by young hackers -- so-called script kiddies.

In the middle, you have criminals who conduct fraud and industrial espionage online. The middle range of threats is usually carried out by organized crime, companies and also nation-states.

On the high end, however, you face people who potentially could conduct attacks to destroy or stop things from working. At the high end, it's potentially nation-states or terrorist groups. These attacks could be conducted in isolation or in conjunction with a physical attack.

The Seattle Times discusses computer forensics, a relatively new field, without a lot of professionals. Definitely a growth area for this industry. Lastly, the Washington Post examines why security isn't a pressing need for all companies.

The reason is that the threat of cyber attack remains relatively new for many businesses, said Doug Goodall, chief executive of the computer security firm RedSiren Technologies of Pittsburgh. And it will take some time for companies to adjust to those new threats and make appropriate responses.

posted by mt at 10:33