Archive/Subscribe | www.gmis.org  
November 2014
 
 

Letter from the President: Matt Wainwright

Print Print this Article | Send to Colleague

Cyber security, network security and dumpster diving.
 
In 1978, a 15-year-old Los Angeles kid named Kevin Mitnick figured out exactly how he could ride the public transit system in the greater LA area for free. All it took was a smile and some pleasant conversation. Once he became friends with some public transit drivers, he learned where he could get his own ticket punch and subsequently made it routine to dumpster dive for unused public transit transfer slips. Mitnick rode around town for free any time he wanted. This is classic use of social engineering as a means to defeat a process – very cool and very dangerous stuff.
 
At 16, Mitnick finally hacked his first network, Digital Equipment Corporation (DEC). This was 1979, when I was 9-years-old and there was no public Internet. In fact, these wonderful United States of America would not flex Internet biceps until 1995 when the Federal Networking Council (FNC) unanimously passed a resolution defining the term Internet. Prior to 1995, the Internet, created around 1968 by the United States Defense Advanced Research Projects Agency, or DARPA, was used solely for defense of the United States. Our boy Mitnick used a PC and a telephone line to call in, login and copy most of DEC's software in 1979. He was charged and convicted in 1988 and sent to prison for 12 months for the crime. Mitnick is 51 now and works for anyone who wants to invest in network security best practices. He and I have known each other a long, long time actually - that's about all I'll say about that topic here! Check out this recent article mentioning him stealing your identity in three minutes.
 
The general public laughed off the history in the last two paragraphs through the 1970s and 1980s. Shameful really, as today the United States is scrambling to protect its "cyber borders." The move is reactive, certainly not proactive, and has been strictly a reaction longer than any of us realize. Few people panic about the current state of our national cyber and network security because the majority really do not understand it as long as they can update their favorite app. Social engineering will always be a mainstay in the overall means to defeat our country's internal security process. As information technology folks, and speaking personally – from when I started my still current business in 1984 at 14 – you could foresee the progression. Our nation's technology appetite was and still is putting network security second to satisfying the general public craving for the latest device and respective apps.
 
"So what," you ask? So get involved. The only way we solve our network and cyber security problems for good, in my opinion, is by educating. With the oldest Millennials reaching 33, the next generation is a prime target for education: 12- through 15-year-olds, of which there is no generational identity I know of yet. Some call them ScreenerGen – a life in front of screens. Others refer to this generation as the Selfie Generation. Personally – I like #generation™. 
 
This is my second year volunteering to coach a CyberPatriot team. These are ninth through 12th graders who need curriculum different from what they typically receive in school. Some innovative schools have technical certifications available yet most do not offer a technical certification track. Very few schools offer specific cybersecurity classes. On the weekend of October 25, 2014, nearly 1,000 schools from across the country participated in a competition to fix holes in Windows 7 workstation and Windows Server 2008. The teams received points for needed operating system security changes and closing random security holes. These exercises drive interest in the cybersecurity field – kids get excited – and its fun. Consider coaching a team in your state!
 

Back to GEM

Share Share on Facebook Share on Twitter Share on LinkedIn