20140413

Dan Geer @ NSA: APT in a World of Rising Interdependence

Thank you for the invitation and to the preceding speakers for their viewpoints and for the shared experience. With respect to this elephant, each of us is one of those twelve blind men. 

We are at the knee of the curve for deployment of a different model of computation. We've had two decades where, in round numbers, laboratories gave us twice the computing for constant dollars every 18 months, twice the disk drive storage capacity for constant dollars every 12 months, and twice the network speed for constant dollars every 9 months. That is two orders of magnitude in computes per decade, three for storage, and four for transmission. In constant dollar terms, we have massively enlarged the stored data available per compute cycle, yet that data is more mobile in the aggregate than when there was less of it. It is thus no wonder that cybercrime is data crime. 

It is thus no wonder that the advanced persistent threat is the targeted effort to obtain, change, or deny information by means that are "difficult to discover, difficult to remove, and difficult to attribute."[DG] 

Yet, as we all know, laboratory results filter out into commercial off the shelf products at rates controlled by the market power of existing players -- just because it can be done in the laboratory doesn't mean that you can buy it today. So it has been with that triad of computation, storage, and transmission capacities. As Martin Hilbert's studies describe, in 1986 you could fill the world's total storage using the world's total bandwidth in two days. Today, it would take 150 days of the world's total bandwidth to fill the world's total storage, and the measured curve between 1986 and today is all but perfectly exponential.[MH]...

http://geer.tinho.net/geer.nsa.26iii14.txt

No comments:

Post a Comment