Facts From The Stats, or:
One Simple Reason It's All Going Down the Tubes
Timothy Leary's dead
No, no, no, no, he's outside,
looking in
He'll fly his astral plane
Takes you trips around the bay
Brings you back the same day
Timothy Leary
— Legend of the Mind, Ray
Thomas, The Moody Blues
As we witnessed with my client's BEC attack, there
is nothing theoretical about what should now be common knowledge
concerning the fundamentals of computer security. Yet, after all that
has happened over the last 20 years, like the abuse of psychedelic
drugs, what grew from a paradigm of new and ever expanding individual
freedoms, quickly devolved into a cesspool of individual obsessions and
an ever quickening path to one's own self-destruction. In both cases, mass adoption of complex
technology, pushed the pioneering professionals aside, as the hucksters
took over.
When Dr.
Timothy Leary first proposed experimentation with psychedelic drugs, he
and his fellow Band of Merry Harvard PhD's, and other psychologists, strongly recommended one being in an
appropriate "set
and setting" before beginning any psychedelic session of
inner discovery. But what did the masses do? They went to Vegas and DisneyLand, and other hot spots, overamping their synaptic activity;
thus
causing the number of
5150 cases arriving in hospitals all over the world
to spike
precipitously.
In fact, when Dr. Leary grew tired of being an
international criminal, and as he was slowly dying of prostate cancer,
the Pied Piper of Peyote emerged in the 1980s as firm an adherent of
the notion that — like the proper use of psychedelic drugs could enhance the
human experience — so might the growing popular use of personal computers
and an
emerging Cyberdelic culture, likewise enhance the
human experience, expand personal freedom, and just plain make
everything all hunky dory. The masses, however, quickly took to
porn, gambling, stalking, political attacks, and other assorted crimes
and perversions, as the Internet connected the rest of the world to all
of the freedoms, opportunities, and excesses of modern Western culture.
And the paradigm of the necessity of individual civic responsibility that
has always been considered essential to a free society was never not
part of the personal vocabulary of all the newly minted
netizens. Fast forward 30 years, and
Baby Nicko Silar dies from the outcome of a distressed birth
that was not detected perinatal because the hospital's computers were
made inoperable from a ransomware attack. Furthermore, a prime
reason Baby Nico Silar never had a chance at life is that
people the world over continue to use software that is out of date,
obsolete, hopelessly
broken, and cannot be fixed.
Microsoft is more polite about it.
Unpatched, out-of-date devices and software are a leading access point for cybercriminals. That’s why practicing good cyber hygiene is so important for avoiding destructive malware that can steal users’ personal information.
Kind of sounds like something one might hear while in rehab, huh?
One of the underlying principles of any Zero Trust implementation is that there is no boundary to the network, or as I prefer to state the notion in a bit more simple fashion, there is only one network and we all connect to that one network. So while the Department of Defense may put out its position paper concerning its Department wide imitative to implement Zero Trust across all DOD network installations, reality might well hamper those plans.
"Zero trust is a framework for moving beyond relying on
perimeter-based cybersecurity defense tools alone and basically assuming
that breach has occurred within our boundary and responding
accordingly," David McKeown, the department's acting chief information
officer, said...
"With the publication of this strategy we have
articulated the 'how' that can address clear outcomes of how to get to
zero trust — and not only accelerated technology adoption, as discussed,
but also a culture of zero trust at DOD and an integrated approach at
the department and the component levels."
Currently, according to recent reports, 87% of DoD contractors do not meet the current security standards those doing business with DoD are required to meet right now. Models exist to measure compliance with DoD requirements, and any where near full compliance is no where on the horizon. If DoD compliance goals are to be met anytime within the time frame suggested, then a sea change in attitude concerning best practices must begin and soon.
If you’re in the market of providing support to the Department of Defense, the market conditions have changed because the department is essentially saying, ‘If you want to do business with us, we need to be able to trust that you are valuing our data as much as we do, and therefore protecting it to the standard that we need to protect it.
At one time, "Built to Military Specifications" meant the pinnacle of precision manufacturing. Military hardware must work in the field; so built to "mil- spec" meant "our stuff works." Yet, if the principles of Zero Trust are realized to their logical end, all of this Sturm und Drang on the part of one government agency to impose security standards on one group of Internet users, while a vast number of the rest of the bunch go unwashed and unpatched, will soon become unsustainable. If one part of the military device is built to spec, but another component is built to the low standards of the lowest bidder, to the soldier whose weapon has just failed in the field this is a distinction without a difference. When a specification is not met, the entire effort will most likely fail.
If the principles of Zero Trust are to be more than a marketing slogan,
and in fact an expression of reality, then all computers are always at
risk by what a random sampling of Statistics of Visitors to my two websites show.
Fact is
8%, or 3 out of 36, or 8 out of 100, computer users are still using
versions of Windows long out of date. Really, I
am surprised that a machine running Windows XP could even connect to a
modern network. But here you are. PULEEZEE!!! If
your computer is running Windows 7 or Windows 8.1, click
here to download and install the Windows 10 Update
Assistant. When Update Assistant loads, click Update This Machine.
If you have a legitimate installation of Windows 7 or Windows 8.1, as of
September 2022, Microsoft still offers these older Operating Systems a
free upgrade to Windows 10. If your machine runs Win 7 or 8.1 problem free, my
experience is that it will most likely run Windows 10 just fine, too.
The Apple OS,
macOS 10.15, Catalina reached its end of life November 2022.
And that XP machine... at least replace that
Ford Edsel with an up to date
inexpensive ChromeBook.
That visitors statistics of simple
websites easily capture what version of an OS is present, then it is
only a matter of turning on a switch to deny these users network access.
Here is how the government impacts the marketplace. Whenever the
government says you will build a product or provide a service to a
certain standard, then that standard must be met by a vendor or the
market ultimately will reject that vendor's product. And everyone
wants to sell to Uncle Sam. Both the orders and payment just ebb
and flow with the regularity of the tide. So if Uncle Sam declares NO
WINDOWS XP USERS ALLOWED!, then no XP users will be allowed to connect
to the vendor's network looking for a piece of Uncle Sam's pie, or
anyone's else's pie.
How might this play out in the real worlds? you may ask. Let's say you are
a cloud and web hosting provider. Like my hosting provider who obviously
allows users with XP to connect. In the near future, Uncle
Sam could make a disqualify factor for any hosting firm wanting to
contract with Uncle Sam the allowance of woefully out of date machines
to access the network. All administrations have used some
government procurement contracts to enforce otherwise unrelated social
policy. If Zero Trust truly becomes a government standard, them
obsolete computers will quickly become obsolete.
Essentially, there's a universe inside your brain. The number of connections possible inside your brain is limitless. And as people have learned to have more managerial and direct creative access to their brains, they have also developed matrices or networks of people that communicate electronically. There are direct brain/computer link-ups. You can just jack yourself in and pilot your brain around in cyberspace-electronic space.
― Timothy Leary, Chaos & Cyber Culture, 1994 Ronin Publishing (CA)
The David Scheff Interview, Roliing Stone.