I’ve spent this past week at TechReady 12, Microsoft’s internal conference on its advanced technologies and related matters (e.g., governance, offerings). This afternoon, I spent a few hours in a session on Advanced Persistent Threats. As a result, I’ve read this New York Times article in a completely different light. There is so much obviously wrong with the Canadian security approach, that a small paper could be written on it just from this article. This was a focused attack by motivated and intelligent individuals that should not have succeeded given the security vulnerabilities have been documented. (I won’t even touch the issue of government employees conducting official business in cybercafes and through their home networks. Check out those risks here.) Given the pervasive infiltration (I’ll put money down that the infiltration has existed for a long while), one must assume other government agencies are affected. The one (possible) positive indicator is that the government computers appear to have been disconnected from the internet. This suggests that the networks have been “unplugged” and their Active Directory is being completely rebuilt and new credentialing is being provided, not to mention attempts to root out all the malware and upgrade and patch their systems.
To be clear, there is a lot of hype about APT, but it is a very real. Experienced professionals need to be brought in where APT is suspected. You don’t want to make decisions on fear and or a lack of hard evidence. Neither do you want to be sold on “solutions” that don’t fix anything.