On May 20th, Brown Advisory held its biennial client conference, entitled Navigating Our World, or NOW. As before, NOW 2010 brought together a collection of outside speakers to explore some of the secular trends that are shaping our world and influencing our investment thinking. Over the course of the day, we immersed ourselves and our clients in topics around three themes: emerging markets, sustainable solutions and the technology horizon. The full agenda can be downloaded here:
Security was not a top priority when the Internet was designed decades ago as a small research network. Today nearly 2 billion people access the web, benefiting from enhanced productivity, automation and communication of an interconnected world. With computing networks continuing to scale and deliver new information services, Dr. Rubin was quick to point out that security vulnerabilities remain prevalent in our software and systems.
For a little perspective, it is important to note that software applications are inherently complex, yet highly essential. It’s the intricacy of a software program that, on the one hand, enables us to be more resourceful in our everyday lives. However, on the other hand, every line of software code is a potential bug, and every bug is a potential security flaw. Take Microsoft’s Windows for example – with tens of million lines of code, it is virtually impossible not to have errors in the programming language. The more lines of code, the more complicated the software, and thus the greater the number of vulnerable end points. Malware and cyber-attacks are aimed at ferreting these weak links to corrupt our machines. The best way to corrupt data is not to delete it, but constantly modify it, rendering even backups of data useless over time.
Although we can take some preventive measures to protect PCs, chances are that every machine is likely already infected by some unwanted element. Security software can help protect PCs against known malicious code, but it will not protect against zero-day attacks — threats of lurking malware that have yet been identified. Some computers, while appearing to operate normally, can be taken over by a Botnet without your knowledge. Botnets, or robot networks, are a set of computers that once infected can be controlled by a single person. Cyber-gangs can launch attacks using dark space, or unallocated IP addresses, to look for hosts to compromise. One of the largest botnets in history, Mariposa, infected more than 11 million PCs in over 190 countries. The malware was found in personal, government and corporate IP addresses, including more than one-half of Fortune 1000 companies and 40 major banks. It spread like a butterfly (Mariposa in Spanish) using instant messages, USB drives, peer-to-peer networks and Internet Explorer 6 flaws. Millions of zombie PCs infected by Mariposa connected as one network, stealing usernames, passwords, banking credentials and credit card information on an unprecedented scale, and communicated the sensitive data back to malicious attackers.
In addition to botnets, perhaps the fastest growing type of malicious activity on the web is known as Cross Site Request Forgery. CSRF exploits your online connection with a trusted site, perhaps your Facebook page or bank website, by issuing unauthorized commands masquerading as the legitimate user. Yet the greatest security threat according to Dr. Rubin may lie in the underlying Internet infrastructure itself. Border Gateway Protocol (BGP), the standard exterior gateway-routing protocol used in the global Internet, is the format used to exchange information across the Internet. Data traffic may be intercepted, modified or rerouted before reaching its intended destination. Such internet “hijacking” does not arise from software bugs or errors, but from manipulating the very interconnectivity and complexity that’s needed to keep today’s networks up and running.
Could “messing up” routing numbers cause the Internet to crash? Nobody’s sure. Could cyber-criminals bring down a utility grid? Perhaps. Nevertheless, many of our critical infrastructure systems such as power grids, water plants and information networks, including electronic medical records (Dr. Rubin’s current area of research), rely on underlying IP-based networks that are potentially vulnerable. Dr. Rubin is credited with having exposed security flaws in electronic voting machines, and he wonders less about whether systems can be tampered with or brought down, but more about whether we would be able to restore systems back up to their original state.
How can we best protect ourselves? Unfortunately there isn’t a silver bullet solution. Hackers and malware generators are clever, aggressive and enjoy a first-mover advantage. There are some precautions we can take. For example, Dr. Rubin, only uses Apple Macs in his home. However, for the record, vulnerabilities have been found in all major operating systems including Windows, Mac OS and Linux. That being said, Microsoft is the most exposed operating system to targeted attacks given its large installed base. For hackers, that’s where the money and the most havoc lies.
In addition to working on a Mac, Dr. Rubin also works behind a firewall, monitors his logs and encrypts all his files. At the programming level, Dr. Rubin advocates cryptography, better code audit trails and software development process improvements to deliver higher quality, less vulnerable products. For average users, this option is probably a little above their pay grade. Interestingly enough, perhaps the best place to secure our information may be placing it out in the cloud. Cloud computing uses the scalability of the Internet and central remote servers to deliver IT capability to any device with Internet access. Remotely sourced computing capacity begins with infrastructure as a service. IaaS allows individuals and enterprises to more or less rent raw computing and storage services on demand through massive server farms housed in one centralized location. Dr. Rubin dismisses the conventional notion that data is more secure within the physical walls of our office or home. With larger engineering teams and more resources on hand than company IT departments, companies like Google and other major cloud computing providers are likely better equipped to tackle ongoing security threats.
Doron Eisenberg
Equity Analyst
Video & Commentary from NOW 2010
Tags: Mike Hankin, Video & Commentary from NOW 2010
On May 20th, Brown Advisory held its biennial client conference, entitled Navigating Our World, or NOW. As before, NOW 2010 brought together a collection of outside speakers to explore some of the secular trends that are shaping our world and influencing our investment thinking. Over the course of the day, we immersed ourselves and our clients in topics around three themes: emerging markets, sustainable solutions and the technology horizon. The full agenda can be downloaded here:
NOW 2010 agenda
We also invite you to watch Brown Advisory CEO Michael D. Hankin’s introductory remarks.
We are pleased to share with you NOW 2010 video highlights and commentary from our investment professionals. Please check back often for new posts – and, of course, we look forward to receiving your comments.