One of the keynote speakers at last week’s Cyber Conference at the Walter Washington Center was Ed Amoroso, the CTO of AT&T. Ed is brilliant, well spoken, and as funny as any speaker I have heard lately. He also has a practical and accurate view of the challenges we are facing in the cyber realm.
Ed started out by categorically stating that de-perimeterization is no longer a theoretical issue; it is done. Enterprise LANs are a mirage, as there are now so many devices connected to enterprise networks that the idea of a “protected” LAN is laughable. Ed also pointed out that the vast majority of PCs are woefully under protected, and 98 percent of mobile devices are pretty much unprotected. Not a very hopeful assessment.
The next subject was botnets. This was even more sobering. Amoroso showed a slide of an “unremarkable” botnet. He emphasized that this one was so common that it didn’t even rate a name. It had over 500K zombie machines. OK, we all thought, what does this mean? Ed was not done yet. He stated that a botnet with 3 machines (yes, I said 3, no zeros), could produce enough output to take down a T1 line, and one with 64K zombies would crash a large service carrier main backbone! His point was that we are “badly out of balance” in the area of cyber security. There is an enormous capability for mischief and precious little ability to stop it. He scoffed at those who say that “Well, we haven’t seen it yet.” The carriers can see problems but cannot take any action without a prior agreement to do so. He said it is frustrating to be nothing but “a big dumb pipe delivering truck bombs quickly and efficiently without interference.”
He bemoaned the fact that we have “turned a billion people into systems and security administrators for their own machines and they cannot do it.” The cloud model is a return to putting professionals back in charge of security.
The last thing was mobile computing. Ed asked the audience what they would rather give up for a week, our computer or our mobile device? Most of us were nodding toward our mobile toys. Put together with his earlier comment of the lack of mobile security…well, you get the point.
Ed should be saluted for avoiding the temptation to give a commercial for his company. He raised lots of great issues and challenged the audience to work out the solutions. It was an enjoyable and informative session. If I were gathering experts to discuss the nation’s future for cyber security, I would definitely include Amoroso.