I’m currently on the train down from the Blue Mountains to Sydney, en route to the AusCERT 2012 information security conference on the Gold Coast, and I’m thinking about what stories might emerge.
Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:
- AusCERT 2011: Firms ignore ID theft risk, in which Bennett Arron explains that police forces don’t yet take this stuff seriously enough. Has this improved? I’m seeing talk but no action.
- AusCERT 2011: Son of Stuxnet within a year: expert, in which Eric Byres explains why the Stuxnet worm — the presumed US-with-Israeli-help anti-SCADA attack on Iran’s nuclear program — would spawn a wave of copycats. This didn’t happen. Why not?
- AusCERT 2011: Black hats and whitegoods, a story which was provided with the year’s best headline by CBS Interactive’s Brian Haverty where I discussed how the Internet of Things and a billion smart appliances would be the vector for a new wave of attacks. This hasn’t happened — yet — but is it still just around the corner?
- AusCERT 2011: Bank theft goes truly mobile, in which Amit Klein, chief technology officer at Trusteer, predicted third-generation anti-banking malware on smartphones by Christmas. Did this happen? Well, not really. Why not?
- AusCERT 2011: Silent victims thwart cybercops: Qld Police, in which Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, bemoaned the lack of hard data. I know how he feels. Do we have any yet?
The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?
And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.
I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?
[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]