The People

 

March 04, 2005

Chris Goggans;

One-Question Interview

Chris Goggans is an internationally recognized expert on information security with over a dozen years experience in network and information security. He has performed network security assessments for some of the world's largest corporations, including all facets of critical infrastructure, with work spanning 22 countries across four continents. Mr. Goggans has worked with US Federal law enforcement agencies on some of America's most notorious computer crime cases. His work has been referenced in publications such as Time, Newsweek and Computerworld, and televised on networks such as CNN and CNBC.

Mr. Goggans is a frequent lecturer on computer security and has held training seminars in nine countries for clients such as NATO, the United States Department of Defense, Federal Law Enforcement agencies as well as numerous corporate entities. He been asked to present at major conferences as COMDEX, CSI, ISACA, INFOWARCON, and The Black Hat Briefings. Mr. Goggans has also co-authored numerous books including "Implementing Internet Security," "Internet Security Professional Reference," and "The Complete Internet Business Toolkit."

During the Summer of 2003, Mr. Goggans was invited to become an Associate Professor at the University of Tokyo's Center for Collaborative Research.

Currently, Chris is President of SDI, Inc., a Virginia-based corporation providing information security consulting.

Q:: We have seen many urban myths of the internet, such as the email that infects your computer with a virus just by opening it, that have stopped being a myth and implemented by collaboration of lazy and careless system architects and curious and malicious crackers. The same happened with the "technologically gifted criminal", another myth that has now become true in the figure of spammer-zombie coders and security experts for illegal casinos. Do you think this other urban myth, the "evil terrorist hacker", is now becoming a real threat? To what point is that presumed threat just a figurehead to use in the war for control over our civil liberties in cyberspace?

A: In my opinion, neither of these were "myths," nor did they "become true." They have been true all along, only people's perceptions of the reality of existing threats has changed. For example: It has been possible to automatically execute code by viewing mail in Lotus Notes by design using Lotusscript from its inception. Similarly, buffer overflows and/or embedded scripting in mail clients such as Outlook and Eudora have made it possible to likewise execute code under similar circumstances.

Regarding the "evil hacker terrorist," this term is not really something I would use...I'd stick with the simple "computer criminal" since I like the word hacker, and one person's "evil terrorist" is another's "holy freedom fighter." Regardless, as long as there have been computers there have been people who would use them to further their own goals. This could mean the Russian Mafia using Denial of Service attacks against on-line banks to extort money, the Zapatistas and Tamil Tigers hacking web-pages of their opposing political parties, or simply a lone man stealing intellectual property from his employer to resell. None of this is new... people always use the tools at their disposal to commit crimes. The computer is just another tool.

The biggest issue we should concern ourselves with is the total reliance on computer technology in today's world. It is very easy now to cause major havoc across critical infrastructure from across the world with a few skilled amateur attackers. A concerted effort by a nation-state could have even more dire consequences. I feel that there should be more government involvement (particularly financial) in assisting critical infrastructures with the security of their computer networks. I've seen far too many banks, phone companies, power companies, etc., with horrendous security ultimately blamed on "lack of budget." This can and should be corrected.

Comments

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?




You can use simple HTML like: <a href> <b> <blockquote> <br/> <p> <strong> <em> <ul> <li>

The Workshop

On March 11th 2005 the Atocha Workshop on Global Terrorism, hosted by the Safe Democracy Foundation, will create a repository of original thinking on Global Terrorism that will continue to be fed weekly in the form of a weblog by creative thinkers on the subject from around the world.

The launching event will take place at the Atocha Train Station on March 11th, 2005 at the restaurant Samarkanda. Here, in in an atmosphere that will encourage creative thinking, around 200 people will participate as policy proponents, webloggers or as public; all will be engaged in the discussion of the proposed policies.
Workshop Program and Agenda >>

The People

The Workshop will bring together journalists, politicians, activists and scholars in the fields of democratic advocacy and terrorism analysis (see full list). We are introducing them by means of One Question Interviews. Anyone can register to the Workshop and participate by asking them further questions, challenging their assumptions or proposing their own alternative ideas.
Read more >>

The Proposals

The general criteria for published ideas in the Atocha Workshop Weblog are that they be original, creative, potentially executable and most important that their implementation would likely lead to a more democratic world. The basic concept of the Worshop is that in politics, as in biology, diversity is needed to fight a threat. Political leaders, when confronted with the problem of global terrorism need a menu of possible responses. From the proceeds of the discussion on the weblog plus the physical event we will offer a series of Policy Proposals.
Read more >>>

The Topics

During the Creative Debates we will be working towards making Policy Proposals from the 12 topics that we have selected. These topics are only starting points.
Read more >>


The Atocha Workshop is sponsored by the Safe Democracy Foundation. (Formerly the Varsavsky Foundation)

With the support of
daralogo_trans.gif

Subscribe to AtochaWorkshop via RSS:

xml.gif