Sunday, June 07, 2009

Crisis 0: Game Over

A veteran security pro just sent me an email on my post Extending cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Information Security Incident Classification with Crisis Levels. He suggested a Crisis beyond Crisis 1 -- "organization collapses." That is a real Game Over -- Crisis 0. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cost of dealing with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 crisis bankrupts cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 victim organization, or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 organization is ordered to shut down, or any ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r consequence that removes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 organization as a "going concern," to use some accountant-speak.

I guess cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hunt is on now to discover example organizations which have ceased to exist as a result of information security breaches. The rough part of that exercise is connecting all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dots. Who can say that, as a result of stealing intellectual property, a competitor gained persistent economic advantage over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 victim and drove it to bankruptcy? These are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of consequences whose timeline is likely to evade just about everyone.

Putting on my historian's hat, I remember cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 many spies who stole cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 manufacturing methods developed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pioneers of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Industrial Revolution in Great Britain, resulting in technology transfers to developing countries. Great Britain's influence faded in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following century.

I'm sure some savvy reader knows of some corporate espionage case that ended badly for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 victim, i.e., bankruptcy or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 like?

Incidentally, I should remind everyone (and myself) that my classification system was intended to by applied to a single system. It is possible to imagine a scenario where one system is so key to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enterprise that a breach of its data does result in Crisis 3, 2, 1, or 0, but that's probably a stretch for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 worst Crisis levels. Getting to such a severe state probably requires a more comprehensive breach. So, let's not get too carried away by extending cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 classification too far.


Richard Bejtlich is teaching new classes in Las Vegas in 2009. Regular Las Vegas registration ends 1 July.

11 comments:

Roland Dobbins said...

Yet again, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fixation on breaches is inexplicable. You'll definitely find organizations which were DDoSed out of existence.

Why ignore DDoS? I'm really curious.

Richard Bejtlich said...

Roland, DDoS is a non-issue for me. Although I am not a subscriber, if I had a DDoS problem I would turn to Prolexic. They seem to have solved it.

Roland Dobbins said...

Yes, 'clean pipes' solutions like those offered by Prolexic and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r SPs are quite helpful - but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y're focused on protecting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 endpoints and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 applications/services running on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network infrastructure itself.

Also, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y generally aren't set up to deal with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 effects of outbound DDoSes launched by botted hosts on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enterprise network.

Finally, I thought you were writing here in order to provide security guidance to your readership, not just focus on what you perceive to be your priorities in your particular situation? That seems to be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case with your taxonomy/matrix, yet DDoS is inexplicably missing.

Anonymous said...

Crisis 0 examples:

An argument could be made for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cracking of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Enigma algorithm as being a good mid-term example. This cracking/breach led to significant Allied military advantage, leading to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 3rd Reich as a going concern.

A more recent example would be CardSystem Solutions, which suffered a breach which damaged its finances enough that it got bought out for pennies on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dollar (by an organization that subsequently went bankrupt paying legal fees).

I'm certain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re would be a number of military tales over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ages, corporate stories are likely a little more difficult to come by (less prone to have a single demonstrable 'battle').

- Michael Argast

Richard Bejtlich said...

Roland, you wrote:

"Finally, I thought you were writing here in order to provide security guidance to your readership, not just focus on what you perceive to be your priorities in your particular situation?"

This isn't PBS. I write about whatever I want.

Roland Dobbins said...

And arbitrarily leave importance things out of your taxonomy/matrix - as is also your right, but at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same time disappointing.

;>

Tyler said...

Not sure if this fits your criteria exactly, but Egghead Software was hurt in Dec 2000 when it was found that its credit card data had been compromised. It filed for bankruptcy 8 months later.

While I don't think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compromise was 100% cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cause for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bankruptcy, it didn't help.

Anonymous said...

What about companies that go under as a result of lacking disaster recovery/business continuity plans. I remember cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re being a lot of business that went under as a result of Katrina simply because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir data, backups, and any hope of retrieving it was gone.

Marcin said...

As unfortunate as this incident may be, I believe it can sum up 'Game Over' for some people. Loss of life is worse than business failure.

http://www.cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365register.co.uk/2009/06/09/lxlabs_funder_death/

Phil said...

Well I can think of one Crisis 0 example: Astalavista.com. Recently hacked and lost all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir backups (mostly because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y're backup controls we're awful). The site is still down as we speak.

celevorne said...

To reiterate what Marcin said, I think Crisis 0 and Crisis 1 should be swapped... no organizational failure is worse than physical harm or loss of life, though in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 military, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two may be equivalent.