Home  /  Empower and Protect  /  Cyber Sirens: Enchanting But Deadly

Cyber Sirens: Enchanting But Deadly

By Maj. Gen. Paul Capasso USAF (Ret.) •  May 14, 2014

We must always be on our guard when it comes to Internet security. 

According to Greek mythology, the Sirens were enchanting, captivating, and seductive – known as the Muses of the lower world.  But to the nescient and misinformed, they were an irresistible force with deadly consequences.   

The Internet has grown into an interconnected, global network of networks consisting of private, public, academic, business, and government networks.  Today, the Internet continues to be the iconic representation of economic, social, and technical prosperity for the global community.  But like a Siren song, the underworld of the Internet can lure you in, singing the tune of wealth, hope, and the allure of better things to come.Siren_Song_Color72_ec596f0d-5df8-49f8-95ae-69816a4789f0-prv

“Come here,” they sang, “renowned Ulysses, honor to the Achaean name, and listen to our two voices. No one ever sailed past us without staying to hear the enchanting sweetness of our song — and he who listens will go on his way not only charmed, but wiser, for we know all the ills that the gods laid upon the Argives and Trojans before Troy, and can tell you everything that is going to happen over the whole world.”   The Odyssey by Homer

Underneath the 1’s and 0’s traversing the Internet rests an underbelly no one wants to talk about.  Between the realm of light and darkness, the Cyber Siren waits, attacking quickly, often under the radar of the most technical countermeasures.  The cyber crooks and criminals take advantage of the trusting Internet users, phishing for PII, stealing identities and draining bank accounts.  The pursuit of cybersecurity proves to be only an apparition, and our false sense of security results in pain and strife.

The most recent Cyber Siren song to top the Internet charts is the “Heartbleed Bug,” a security flaw found in the OpenSSL encryption standard which secures communications over the Internet.  This global bug renders the Secure in Hypertext Transfer Protocol Secure (HTTPS) ineffective and hits at the very heart and soul of the Internet, breaking down trust and throwing the cybersecurity ecosystem out of balance.

Ironically, then, a technology intended to keep us safe on the Internet ended up putting us at greater risk.  Even when we think we’re taking the right precautions — steering clear of the shoals, lashing ourselves to the mast, plugging our ears to keep from being lured by the Siren’s song — we can find ourselves exposed to danger on the Internet.

Although I used a Greek myth as a starting point, I’ll close with an apt phrase from Latin: when it comes to the Internet, we must be semper vigilans — always vigilant. We can never afford to be lulled into thinking we have “accomplished” cybersecurity.

Maj. Gen. Paul Capasso USAF (Ret.)

Maj. Gen. Paul Capasso (Ret.) is the vice president of strategic programs at Telos Corporation. See full bio...

The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.

2 Comments

  • Dan Sherman Dan Sherman says:

    Finally the sleeping giant has awoke. But it took HeartBleed to do it, which seems always to be the case. Large Enterprises have long relied on OpenSSL which had just one full time developer and typically received $2,000 in donations per year. Now the Dell’s, Amazon’s and Google’s of the world have pledged to commit at least $100,000 per year for at least three years to the Core Infrastructure Initiative, with OpenSSL to get a portion of that money. I’m sure it cost all of these large organization much more than that to patch all there servers and code bases that rely on OpenSSL. It also cost a few organizations a breach, and the public humility, how much was that worth? It’s a small step in the right direction, that hopefully will start to gain more traction.

  • Paul Capasso Paul Capasso says:

    It is sad and very unfortunate that it takes a major, usually catastrophic event to occur before we can get folks to focus on solving a longstanding problem. We have known about the existence of software vulnerabilities since software was first written, and still, many continue to develop it the same way today without the “right” security measures being built into the product.

    Words spoken by Winston Churchill are as true today as they were in 1935: “When the situation was manageable it was neglected, and now that it is thoroughly out of hand we apply too late the remedies which then might have effected a cure. There is nothing new in the story. It is as old as the Sibylline Books. It falls into that long, dismal catalogue of the fruitlessness of experience and the confirmed unteachability of mankind. Want of foresight, unwillingness to act when action would be simple and effective, lack of clear thinking, confusion of counsel until the emergency comes, until self-preservation strikes its jarring gong–these are the features which constitute the endless repetition of history.”

    The status quo will remain alive and well until we get serious about developing a culture of learning, accountability and action.

Leave a Reply

Your email address will not be published.

10 + seven =