ICYMI: Sony PlayStation hack, security spending & 'unbreakable' encryption

This week's In Case You Missed It column looks at Sony PlayStation Network hack, the rise in security spending and surprising new claims on cyber security skills and encryption.

ICYMI: Sony PlayStation hack, security spending & 'unbreakable' encryption
ICYMI: Sony PlayStation hack, security spending & 'unbreakable' encryption

Sony PlayStation Network downed by hackers

Sony's PlayStation and Entertainment Network was one of numerous online games services brought down this week by DDoS hactivists, who also hit Microsoft's Xbox Live service, Blizzard's Battle.net (which hosts World of Warcraft) and Grinding Gear Games.

But – somewhat strangely – it's unclear who is behind the attack and what their motives are. A group calling themselves ‘Lizard Squad' claim to be behind the attack - which also saw American Airlines divert an internal US flight carrying Sony Online Entertainment president John Smedley after a hoax bomb threat - and they made claims on Twitter associating themselves with Islamic militant group ISIL.

Another hacker, calling himself ‘Fame', claimed responsibility for the Sony hack and accused Lizard Squad of stealing the credit.

Nevertheless, the news shows that hactivism shows no sign of abating.

The Sony attack follows last week's revelation by IP security firm Incapsula that a video games company had been hit by 38-day DDoS assault.

Security spending is on the up – but in the right areas?

Market research outfit Gartner this week revealed that the global cost on information security will reach US$ 71.1 billion (£42.9 billion) by the end of 2014 – 7.9 percent higher than in 2013.

The firm says that data loss prevention is the fastest growing area (up 18.9 percent), although mobile security is expected to become a higher priority – perhaps belatedly – in 2017.

Lawrence Pingree, research director at Gartner, said that rising adoption and interaction of mobile, cloud, social and information will create new security vulnerabilities.

All of this may well be applauded by CISOs and other IT security managers, but there may also be an element of concern that – as evidenced by another recent report – spending is being pushed on new technology rather than security awareness training.

New claims on cyber security and encryption

The information security industry is known to spread its fair amount of FUD but earlier this week there were two claims that were met with some surprise by many experts.

First up, White House's cyber security co-ordinator Michael Daniel somewhat surprisingly claimed that his lack of technical expertise is an advantage.

“You don't have to be a coder in order to really do well in this position,” Daniel told GovInfoSecurity, when asked if his job required knowledge of the technology behind information security. “In fact, actually, I think being too down in the weeds at the technical level could actually be a little bit of a distraction.

“You can get taken up and enamoured with the very detailed aspects of some of the technical solutions,” explained Daniel, whose leads the inter-agency development of national cyber security strategy and policy" for the US president. "The real issue is looking at the broad strategic picture," he added.

[One wonders if the same complacency befell Tim DeFoggi, the former acting cyber security director for the US Department of Health and Human Services, who was this convicted on Thursday of pornography changes, despite using the anonymising Tor browser.]

If that ruffled a few feathers, Google chairman Eric Schmidt had a similar impact on those in cryptography circles when he claimed at a Stanford meeting that ‘unbreakable' end-to-end encryption will become possible in our lifetime. Asked by SC, what he thought of Schmidt's comments, Co3 CTO Bruce Schneier appeared dismissive. “[The comments] seemed pretty normal for him.”

SC Webcasts UK

Sign up to our newsletters

FOLLOW US