LinuxCon Coverage: Think about Resilience

56

zemlin-2015Tuesday morning’s keynote session at LinuxCon in Seattle began with Jim Zemlin (Executive Director at The Linux Foundation) announcing the 2015 recipients of Linux Training Scholarships. This year’s 14 recipients include:

  • RJ Murdok (age 15, United States). RJ is getting ready to start his freshman year of high school. Despite being legally blind, he’s been learning Linux for three years and submits bug reports in his spare time.

  • Eva Tanaskoska (age 22, Macedonia). Eva is an information security researcher at Zero Science Lab in Skopje. She is in the process of forming a CERT team at her university, where she mentors students on using Linux to perform penetration tests, forensic investigations, and incident response.

  • Kevin Barry (age 32, Ireland). Kevin holds a PhD in music and taught himself programming in his spare time. He hopes to become a Linux SysAdmin to move his music department to open source.

Zemlin also announced the Core Infrastructure Initiative’s Best Practices Badge Program. This is a voluntary program to demonstrate security mindset. It’s intended to engage the community to help create best practices for secure development. Feedback on the project is requested in the form of GitHub pull requests.

Bruce-SchneierNext up, Zemlin introduced Bruce Schneier (CTO, Resilient Systems), who presented his talk via Google Hangouts. Schneier began the presentation, called “Attacks, Trends and Responses,” with a discussion about the recent North Korean attack on Sony. He said the attack was surprising in a couple of significant ways. First, it was not an attack on a critical infrastructure but instead on a movie company. Second, the focus of the attack was not data theft but coercion.

Schneier said, “On the Internet today, attackers have the advantage.” He maintains that we are not actually fighting a cyberwar but are increasingly seeing war-like tactics and that technology broadly spreads these techniques.

According to Schneier, attribution of attacks is key, and countries are engaged in an arms race between attributing the attacks and hiding them. Schneier said that he is seeing more attribution of attacks and that it’s in the United States’ best interests to demonstrate that they can attribute them. However, he warned that attribution based on secret evidence is not trusted.

What’s needed, Schneier said, is “fast, flexible response” to attacks. “We need to think about resilience,” he said. “It’s going to be a complicated decade.”

For more from Bruce Schneier on the topic of security and response planning, see his previous interview with Linux.com