I've had a bit of a wake up call where computer security is concerned the last few days. It all started when my personal laptop at home started giving me the "Blue Screen of Death."
For those of you who are unfamiliar, this is when your Windows machine suddenly stops working and a blue screen with white writing pops up to tell you in geekese you're screwed.
Now normally this is not too hard a fix. You reboot, run some disk utilities, maybe restore the computer to an earlier point and move on with your happy little computing life.
Yeah, not so much.
I had what's called a boot-kit, and not to get into too much detail, it's a Bad Thing™. I could only manage to get the computer to boot up for about 20 seconds before it would blue screen out again. I tried several things to get to my data and get it onto an external hard drive but nothing worked.
Finally, I did the thing every geek dreads — erased the hard drive and started from scratch. Only to find out the company I bought the computer from sent me the wrong system restore disk and I was even more hosed than I thought I was.
For a complete geek like me, being without a working computer was like having my arm removed, or maybe half my brain missing.
Took me a couple of days but I was finally able to get the machine back up and working and it's now happily purring along. I managed to save some of my files.
I was also more than a little red in the face, because, after years of telling people to back up their data regularly — I hadn't.
Much of it I was able to salvage, and a lot of what I was missing I was able to find in attachments to archived emails, but it was still a very frustrating and frightening time.
The other thing which brought computer security to my attention was that the NASDAQ stock exchange's computers have apparently been hacked repeatedly over the last year.
For those of you who don't know, NASDAQ is the exchange where a great many tech stocks are traded so it's somewhat amusing they couldn't keep their own computers secure.
It's also a bit frightening.
So much of our world these days relies on computers. The phone in your pocket, if you have a smart phone, really isn't a phone at all. It's a palm-top computer. Everything from our cars to our televisions these days are connected in some way to a computer. Chevrolet and Ford cars are even Internet and cell phone connected as well.
Nuclear power plants, coal plants, hospitals — everything — is computerized.
With the revelation of the Suxtnet worm which invaded Iran's nuclear enrichment facilities and which was so sophisticated it almost had to be built by some one like the National Security Agency or the Israeli equivalent, it's becoming more and more obvious that cyberwarfare is here.
We also know that China has hacked Google's severs a couple of times and in response, Google is banning Windows from it's campus, preferring more secure operating systems. It's increasingly clear that low level cyberwarfare is a constant thing and it's not just the government which is under attack.
What's the solution? I don't know. I'm far from a computer security expert. My good friend Charlie Martin, who is a computer security expert tells me he and an old research partner of his are thinking about writing a paper on why after 40 years of work, computer security remains as bad as it is.
Again, I have no answers, but I do know we very much need to find one. Information security is now as important to national security as protecting our interests abroad, or our air space, or the sea lanes. The consequences of a major cyber attack to our infrastructure are also no less life threatening than any other form of terrorist or military attack. Imagine hackers taking down the air traffic control system at, say, O'Hare International Airport in Chicago, at Thanksgiving. Or not even taking it down, just causing it to tell controllers the planes are not where they actually are.
The good news, is DARPA, the Defense Advanced Research Project Agency, has two major programs going aimed at increasing computer security. DARPA funds and conducts high-risk, high-reward research programs, so there's a good chance neither of the programs they're working on will succeed. Roughly two-thirds of DARPA's projects fail. Although almost always there is a great deal learned even from the failures.
Whatever happens, computer security is going to be a major issue for years to come.
Me, I'm just taking my own advice and backing up my data.
All IMHO, of course.