https://www.cl.cam.ac.uk/archive/rja14/book.html
"The first edition of
Security Engineering was published in 2001 and the
second in 2008. Since then there have been huge changes.
The most obvious is that the smartphone has displaced the PC and laptop. Most
of the world’s population now walk around with a computer that’s also a phone,
a camera and a satnav; and the apps that run on these magic devices have
displaced many of the things we were building ten years ago. Taxi rides are now
charged by ride-hailing apps rather than by taxi meters. Banking has largely
gone online, with phones starting to displace credit cards. Energy saving is no
longer about your meter talking to your heating system but about both talking
to your phone. Social networking has taken over many people’s lives, driving
everything from advertising to politics.
A related but less visible change is the move to large server farms. Sensitive
data have moved from servers in schools, doctors’ offices and law firms to cloud
service providers. Many people no longer do their writing on word processing
software on their laptop but on Google Docs or Office365 (I’m writing this book
on Overleaf). This has consequences. Security breaches can happen at a scale
no-one would have imagined twenty years ago. Compromises of tens of millions of
passwords, or credit cards, have become almost routine. And in 2013, we
discovered that fifteen years’ worth of UK hospital medical records had been
sold to 1200 organisations worldwide without the consent of the patients (who
were still identifable via their postcodes and dates of birth).
A real game-changer of the last decade was the Snowden revelations, also in
2013, when over 50,000 Top Secret documents about the NSA’s signals
intelligence activities were leaked to the press. The scale and intrusiveness
of government surveillance surprised even cynical security engineers. It
followed on from Stuxnet, where America attacked Iran’s nuclear weapons program
using malware, and was followed by NotPetya, where a Russian cyberweapon,
deployed against the Ukraine, inflicted hundreds of millions of dollars’ worth
of collateral damage on firms elsewhere. This brings us to the third big change,
which is a much better understanding of nation-state security threats. In
addition to understanding the capabilities and priorities of western
intelligence agencies, we have a reasonably good idea of what the Chinese, the
Russians and even the Syrians get up to.
And where the money is, the crooks follow too. The last decade has also seen
the emergence of a cyber-crime ecosystem, with malware writers providing the
tools to subvert millions of machines, many of which are used as criminal
infrastructure while others are subverted in various ways into defrauding their
users. We have a team at Cambridge that studies this, and so do dozens of other
research groups worldwide. The rise of cybercrime is changing policing, and
other state activity too: cryptocurrencies are not just making it easier to
write ransomware, but undermining financial regulation. And then there are
non-financial threats from cyber-bullying up through hate speech to election
manipulation and videos of rape and murder.
So online harms now engage all sorts of people from teachers and the police to
banks and the military. It is ever more important to measure the costs of these
harms, and the effectiveness of the measures we deploy to mitigate them."
Via Violet Blue’s
Cybersecurity Roundup: November 26, 2024
https://www.patreon.com/posts/cybersecurity-26-116736321
Cheers,
*** Xanni ***
--
mailto:xanni@xanadu.net Andrew Pam
http://xanadu.com.au/ Chief Scientist, Xanadu
https://glasswings.com.au/ Partner, Glass Wings
https://sericyb.com.au/ Manager, Serious Cybernetics
