QOTD on Stuxnet

Stuxnet is like the arrival of an F-35 fighter jet on a World War I battlefield.
-- Ralph Langner,of Langner Communications GmbH

Src: Analysis: Stuxnet: A new weapon for cyber insurgents? | Reuters

QOTD - Hutton on the Fallacy of Security as Engineering

A security management approach focused solely on engineering fails primarily because of the “intelligent” or adaptable attacker. For example, if security were pure engineering, it would be like building a bridge or getting an airplane in the air. In these cases, the forces that are applied to the infrastructure do not adapt or change tactics to cause failure. At worst, in engineering against nature we only have a difficult time adapting to forces unforeseen due to a combination of factors.

But InfoSec has to deal with the behaviors of attackers. Their sentience includes creativity and adaptability. The wind does not act to deceive. Gravity and rust do not go “low and slow” to evade detection. Rain does not customize its raindrops to bypass umbrellas. But sentient attackers do change to evade defenses and reach their goal.
-- Alex Hutton, who "works in Risk Intelligence for a Fortune-something company." (src: http://newschoolsecurity.com/about/)

Src: What is Information Security: New School Primer « The New School of Information Security

QOTD on Digital World

Now, you have this gray world in which everything overlaps, and everything that's personal is business and vice versa, and now it's a mess.
-- Lewis Maltby, President of the National Workrights Institute

Src: Wipeout: When Your Company Kills Your iPhone : NPR

QOTD on Technology in the Business

Information security affects more organizations on more levels as technology permeates every functional area of a business and more staff members assume the role of knowledge worker.
-- Tim Herbert, Vice President for Research at CompTIA

Src: Security Arms Race Persists: Better Defenses Challenged by New Threats, Vulnerabilities, New CompTIA Study Finds | Business Wire

QOTD - Assante on Stuxnet

Stuxnet is, at the very least, an important wake-up call for digitally enhanced and reliant countries – at its worst, a blueprint for future attackers.
--Michael Assante, president of the National Board of Information Security Examiners,
and formerly with the Idaho National Laboratory
as well as CSO North American Electric Reliability Corp

Src: Son of Stuxnet? Variants of the cyberweapon likely, senators told - CSMonitor.com