Type your search and hit enter
In Good Luck We Trust . .

In Good Luck We Trust . .

By the time CIO magazine was born the security picture was, of course, dramatically different, but my computing habits had altered barely at all

For a very long while I was an utter dunderhead about computer security.

The first PC my partner and I ever owned - purchased long before most of our friends and family had one - was a 1984 Wang PC with a massive 256K RAM and a 10MB Winchester drive. A state-of-the art machine, it ran Wang WP and Multiplan and you transferred data via a 51/4-inch 360K floppy. Not that there were that many people to transfer data to, you understand: there were just 400,000 PCs installed in all of Australia, and it would take a further two years for even 8 percent of computers in this country to be networked.

Being a reasonably early adopter was great, but with only a couple of editors and business clients to share floppy disks with it was harder to get into trouble than it was to stay unmolested. This soon-to-be-false sense of security in turn encouraged some rather shoddy computing habits. After all, with a relatively stable operating system and no external interfaces, who needed to worry their pretty little heads about security?

Sure, it was a time when intruders were finding ways to exploit relatively simple weaknesses, such as poor passwords and badly configured systems that allowed relatively easy access to some systems. But that usually meant physically getting to the computer first, and even if wicked people had crept into our home to access our PC, what was there to steal?

By the time CIO magazine was born the security picture was, of course, dramatically different, but my computing habits had altered barely at all.

The year CIO launched some 5.8 million Australian households had PCs and the Internet was connecting something like 13 million computers in 195 countries on every continent, including Antarctica. Businesses and people across the globe were discovering the joys of being able to reach distant points on the network on demand. The Communication Futures Final Report (BTCE 1994b, 12) describes the growth of data networks at the time as "astounding", with some 50 percent of computers networked in 1993 as against only 8 percent in 1986.

As far as security goes, things were starting to get truly hairy. Intruders no longer had to enter your office or home to steal or tamper with your information. Clever hackers were figuring out brand new ways to create new electronic files, run their own programs on other people's machines and hide evidence of their unauthorized activity. And they were, as they remain, always a step ahead of the security experts trying to thwart them.

The upshot was that computer intrusions, and the sophistication of attacks, were growing along with the number of PCs, as all that convenience and easy access to information created an explosion in risk. "In eight years of operation, the CERT Coordination Centre has seen intruders demonstrate increased technical knowledge, develop new ways to exploit system vulnerabilities, and create software tools to automate attacks. At the same time, intruders with little technical knowledge are becoming more effective as the sophisticated intruders share their knowledge and tools," CERT reported at the time.

As you would expect of any business and IT journalist, my knowledge about computer security and the management of risk was growing exponentially too, as I researched and wrote on the subject for CIO magazine and PC World. Not that any of that newfound expertise did me an ounce of good personally.

"More than at any other time in the history of the industrialized world, the health of the corporation is directly related to the security of its data," I wrote in May 1997. "When it comes to IT&T security, two truisms come to mind: You never know how secure your systems are until the day someone tries to break in, and relying on faulty security can be worse than having no security at all. Taken together, these truisms present IT managers with some interesting challenges, particularly in light of the industry's track record of major security exposures being discovered only well after release of a security product to market.

"Take the security flaws within Netscape Communications' Navigator browser and SunSoft's Java code discovered by graduate students at Princeton University last May, or the theoretical security defect discovered within implementations of smart cards by computer scientists at Bell Corp last September. If they tell you anything, such incidents tell you no one can take security on trust any more."

If only I'd listened to me . . .

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about BillionCERT AustraliaDeloitte & ToucheSunSoftVIAWang

Show Comments