March 22, 2011
Cyber Security, FedCyber Wire
No Comment

via Network World

When RSA CEO Art Coviello disclosed that the company had suffered a security breach, he categorized the attack as an Advanced Persistent Threat (APT). He also described the breach as a “an extremely sophisticated cyber attack in progress being mounted against RSA.”

In general, the industry uses the term APT to describe a targeted attack aimed at stealing sensitive information. Some people also describe APTs as “low and slow” attacks where an adversary penetrates a network but doesn’t do any immediate damage. After some period of time however, APTs are used to find and exfiltrate (another wonky term, in this case meaning “steal”) data. APTs are also often associated with social engineering scams and/or social networking sites. Finally, some people use the term APT to describe a state-sponsored act of espionage or reconnaissance — most often in relation to the People’s Republic of China.

Given this multitude of definitions, what did Coviello mean when he described the security breach as an APT? Was someone at RSA duped via Facebook? Was it an inside job? How long was the network compromised before the attack was discovered? Is there some reason to suspect the PRC? The fact is that no one outside of a few folks at RSA have any idea what Coviello was referring to.

It appears that the term APT originated somewhere in the Air Force or DoD. Since DoD has a language all its own, I guess that’s fine but it is not okay when the security industry embraces some vague military terminology and makes it part of its marketing lexicon. By doing this, the industry is only making communications about cyber security more confusing at a time when we need extremely granular clarity about the problems we face. I mean if the security industry can’t even agree on the definition of APT, what hope do we have that John and Jane Doe have any clue about what we are talking about?

Story here.