Thursday, 10 May 2012 10:45 3007No Commentshttp%3A%2F%2Fblog.q1labs.com%2F2012%2F05%2F10%2Fadvanced-persistent-underpants%2FAdvanced+Persistent+Underpants2012-05-10+15%3A45%3A29Tom+Turnerhttp%3A%2F%2Fblog.q1labs.com%2F%3Fp%3D3007

Posted by Tom Turner in Cybersecurity, Security Intelligence, Threat Management

I think we can laugh because it was foiled, but we should be chastened that it even exists as a potential threat.  What a topical parallel  to draw with the daily fight waged by information security professionals.  What an analogy to illustrate the need for sophisticated intelligence gathering and analysis — and the reason why traditional signature detection technologies alone are no longer sufficient to address new attacks such as zero-day threats (like this one).

OK, I realize that last sentence is hard to swallow when your eye keeps being drawn to the large blue image to the right, so allow me to borrow from an article in today’s Wall Street Journal to inject the correct tone.  In describing how the underwear bomb has evolved (the latest version had dual detonators to compensate for the design flaw thankfully discovered over Detroit) , there is a very relevant comparison to how cyber threats evolve from one version to the next.

The article then went on to describe what aviation security authorities are trying to learn from the most recent generation of this threat.  Change a few of the words and it sounds just like the challenge faced by their information security peers who manufacture today’s important perimeter security controls.

“Investigators are closely scrutinizing the construction of the bomb for clues that would lead to its makers and would also help aviation security experts improve and adjust airport detection systems. Investigators say the bomb contained no metal, meaning would have likely evaded detection by airport screeners.”

Most importantly, the threat was evaded not by traditional detection mechanisms (though these will continue to be important) but by the gathering and analysis of intelligence.  One can only imagine the sheer amount of intel that is pored over by analysts in connection with suspected terrorist activity.  Not unlike the huge volumes of security relevant telemetry that exists within an enterprise network.

The last parallel only just occurred to me, but it is extremely relevant to the conversations we have with security clients today.  An important reason this threat was averted appears to have been due to information sharing between different groups….in this case different countries.  A more global perspective on the information security landscape is becoming increasingly important to information security pros today as proved by the importance of groups like FS-ISAC and research from experts like the X-Force.

So there are many analogies that can be drawn from this most recent terrorist threat to the cyber threats facing our networks.  Intelligence and information sharing are the keys to success in both cases.