Sunday, May 14, 2017

Update, Cybersecurity, Etc.

Finished with finals week.  If I understand the professor's various grading scales correctly, I should get three As and an A-.  Not bad, though I kind of hoped to do better on that A-.  (Okay, as my brother says, I'm a bit of a grade snob.  Sort of a "it's okay if others get less, but I should and can do better".  Comes from always being in the 99th percentile on all those standardized tests.  I can do better and should do better, unless there's mitigating circumstances like - for my first undergrad - wanting to explore who I was and have a life outside of homework.)

Anyways.  Grades are good.  I'm beginning to grasp just how big a field computer science is.  I mean, you could specialize in so many different things.  Making search and sort functions more efficient, improving natural language programming (such as used by Amazon's Alexa Voice Services), and more.  I haven't even gone down the rabbit holes on topics like machine language programming, or quantum computing.

It's a big field, and unsurprisingly I'm drawn to cybersecurity the most.  I plan to take a class this summer on incident reporting, and hope to get into one on malware as well.  I'd held off on that because I'd hoped to take a business calculus class instead, but turns out this whole transfer student thing meant I had to jump through some hoops to show I already knew algebra.  Ended up taking a placement exam, and am waiting for the math department to say if I'm good to go.  So it's too late to take that course this summer, and (assuming I did well enough on the assessment) I'll try to take it next fall.

For one of my classes, I did a paper on cybersecurity.  There's still a lot of things I don't know, of course, though I'm reading up on some things that will hopefully help.  Still, I was struck by a comment from one my references...comparing cybersecurity to more traditional military offense/defense doctrine.

I delved into that a bit more to find what I was looking for, and I'll say it's a big and complicated subject most of which weren't relevant to my point.  The important thing to me, at the time, was that certain technologies seem to favor defense or offense more.  For example, castles and walls used to be almost impenetrable.  That is, if you had enough food, water and defenders a castle could weather a siege...and sieges could last years.  Castles were built when the technology of the time favored defense.

Now, of course, we have bombs and explosives so powerful that it's pointless to build a castle or wall.  Or almost pointless, when fighting an enemy with modern conventional resources.  In that sense, the technology favors offense more than defense.  You can read up on what that means, and how it affects strategy, elsewhere.

As I was writing my paper, I was considering the castle analogy and decided that traditional offense/defense doesn't quite fit.  Or rather, the strength of most of our computer networks comes from their ability to connect to each other, and that has implications for defense that make things different.

See, a physical castle could defend itself by closing the gates and raising the drawbridge...but a computer (or computer network) gains much of it's power through it's ability to connect.  Defending a cyber castle is more like defending a castle while keeping the gates wide open.  You can't close the gates and raise the drawbridge without hurting your ability to do what you need.  You might add a few guards at the gates to try to check people's papers and make sure they're legitimate, but you want to keep those gates open.

It's actually a bit worse than that, even.  A physical castle generally knew when it was besieged, since the enemy surrounded them (and wore uniforms, and all that).  This is more like a castle trying to defend itself while keeping the gates wide open, and the besiegers aren't conveniently wearing a uniform.  Some are trying to tunnel through the walls and find secret passengers, while others are stealing people's papers in order to get through the existing gates (and they're not all doing it for the same reasons, so it's not like you've got to defend against just one threat.)  You've got sappers, spies, and saboteurs all working against you, as well as a possible besieging army (i.e DDOS attack) that forces you to close up the gates even when you don't want to.

Kind of changes how I think about defense, since you've really got two or three problems.  One - securing the walls (i.e. finding any exploits that work through your existing defenses).  Two - securing the necessary gates through proper authentication and identifying when someone is not behaving like they're supposed to be.  And Three - making sure you can keep the gates open even if faced with a determined DDOS attack.

I have some other thoughts, but I'm a but too much of a nube to know what's possible, so I'll leave it at this.

No comments:

Post a Comment