By now you've probably heard that a teenager in England was arrested for suspected involvement in the hacking group known as LulzSec. At first, members of LulzSec denied the teen played any role with the group, but later modified that account, according to PC World, which said:
Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
In a further post Monday, Lulz appeared to acknowledge some association with the arrested man: "The Lulz Boat Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us. Lame."
And, not surprisingly, despite the arrest, the attacks continue. Word today is that "the Brazilian arm" of LulzSec hit a government website.
It would appear that IT security as we know it now isn't working. At least that's the thought of Dave Lowenstein, CEO of Federated Networks. In an email to me, Lowenstein argued that cyber security is not only broken, but that the term itself is dangerously close to becoming an oxymoron. He told me:
LulzSec was able to hack into CIA and US Senate, as well as Nintendo and Sony, demonstrating the generally weak levels of online security. While the hacker group has been focusing on exploiting vulnerabilities on the server side, there are client side security issues that are as easy to hack into. Key logins and passwords are being stolen because client side protection is as pathetic.
Some of his general observations on the current state of cyber security are as follows:
Is Lowenstein right? Is cyber security as we know it ineffective? Does it need to be changed? Most importantly, can the security methods we have in place keep up enough with the bad guys who are always one step ahead?