Computerworld - The most fun aspect of writing my Computerworld.com column is reading the hate mail. It gives me a look inside the minds of people who think differently. Occasionally I learn why I was off-base about something, or I get information that helps me build out my understanding of a topic. More frequently, I see how people think, or how they don’tthink.
I recently delivered a column on the current administration's abuse of the NSA for domestic-spying purposes. Unfortunately, most of my detractors never made an attempt to address the underlying facts, or to understand the argument being presented. The majority of those e-mails began with statements along the lines of "you're an idiot!" and went on to make assertions about my politics based on what they believed to have read in the column. (There were a few who claimed a minor typo compromised the entire legitimacy of the article, but anyone with much Usenet or mailing-list experience tends to dismiss the deductive abilities of that sort of correspondent.) [Typo was mine, Ira; sorry about that. I did enjoy reading those e-mails, though. -- Angela G., Ira's editor.]
Correspondents who can't frame their criticisms coherently are amusing -- until I imagine them out in the field managing IT security, and then I start to worry. You'll never be a good security manager unless you understand why your adversaries think the way they do. You don’t have to agree with them, but you need to know the logic underlying their actions.
For example, when I investigate a computer intrusion or an espionage attack, I must figure out as much as I can about the assailant's motivation and skills. Is this a script kiddie who just wants the "prestige" of breaking into a system? Or is the attempt part of an espionage operation by a foreign intelligence agency? If the criminal party is an insider, are they malicious or are they greedy -- do they want to wreak havoc, or do they want money?
Why must I understand my adversary? I need to guess the resources they might put into their crimes. I need to figure out if they are sophisticated and might be going for valuable information, or they are just randomly fishing around. I need to know if I should check whether they might have put time bombs in the system, or if they got what they were looking for and left. I need to determine if they might be if they might have put backdoors in the system, or if they might have insiders supporting the efforts.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
