
Since the beginning of this year 2011, the IT Security industry has been inundated with unending bad news: Epsilon, Sony Playstation Networks, Play.com, and the list goes on. With so much media publicity, it seems that our industry is doomed to failure since, no matter how strong an organization’s defences are, the “London Bridge is falling down”… eventually.
That’s why the news this morning about how Lockheed Martin managed to defend its data against a recent fierce attack piqued my attention. This article also described a security breach at Lockheed Martin in 2009 whereby hackers obtained classified information about the F-35 fighter jet program. Kudos to the guys/girls at Lockheed Martin for making things right and for turning the tides for our industry, at least on this day.
I’m sure that the “London Bridge” is exposed to dents and dings, on a daily basis, from the persistent forces all around it. However, it remains solidly standing despite the age old nursery rhyme that describes its “falling down”, which has been around since the 1700’s. The reason for this: during the course of its existence, it has been persistently maintained and even rebuilt. As a matter of fact, at the same time in which Lockheed Martin has successfully defeated this round of security attacks, the city of London is hiring a Maintenance Electrician for, guess what? The London Bridge.
As an IT security practitioner, my take on the moral of this news is: to win against APT (Advanced Persistent Threats), we need to have an APD (Advanced Persistent Defense). You may argue that not everyone will have the deep financial pockets that Lockheed Martin has; however, as long as there is hope, tools and automation will be implemented to drive down the costs and help us win this war.