return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Revisiting Clarke's six bleak IT trends from October 2003 ]

Revisiting Clarke's six bleak IT trends from October 2003


While Clarke was often dismissed as a Cassandra, and a gloomy one at that, while cybersecurity czar, I would agree with his assertion that the cost of the So big attack justified taking his warnings more seriously. I absolutely feel that subsequent attacks have justified his assertions.

Clarke outlined six trends when he addressed the Gartner Symposium/Typo 2003 in October 2003:

  1. Rising vulnerabilities: Announced vulnerabilities doubled every year for the last three years (Wonder if Moore's Law will have an analog in Clarke's Law?)
  2. Rising patches: Patches for those vulnerabilities has doubled every year for the past three years. (Patch management is a sinkhole for both individuals and companies)
  3. Falling "time to exploit": "Time to exploit" has dropped from months to six hours (in late 2003). (This is the time for an exploit to reach hacker blogs and IRC rooms. "Time to the wild" -- that's us -- follows shortly thereafter)
  4. Rising rate of propagation: Attacks now quickly infect 300,000 to 400,000 machines
  5. Rising cost of cleanup: Worldwide cleanup cost for 2002 was $48 billion, rising to an estimated $119 billion to $145 billion for 2003)
  6. Rising identity theft: $99 billion cost in 2002 (and 2002 incidents were 1/3 of the last five years' total)

Status? We have done nothing as of today to ameliorate any of the six. As I mentioned in an earlier note, the bad guys are operating inside our decision loop:

Ex-cyber security czar Clarke issues gloomy report card
By David Berlind, Tech Update
October 22, 2003

Gordon Housworth

Cybersecurity Public  InfoT Public  Infrastructure Defense Public  


  discuss this article

<<  |  May 2020  |  >>
view our rss feed