2010 Saw the Dawn of Nation-State Cyber Wars: Citrix CTO (
Page 1 of 2 )
Citrix CTO Simon Crosby looks back at
2010 in the cloud computing sector--and ahead at what 2011 may bring--and isn't
very comfortable with a number of things emerging on the security side of that
very hot business.
Crosby has become a go-to resource for knowledge in
virtualization, cloud computing and data security. He was founder and CTO
of XenSource prior to its acquisition
by Citrix for $500 million in 2007. Previously, Simon was a principal
engineer at Intel, where he led strategic research in distributed autonomic
computing, platform security and trust.
It's
Crosby's job as the CTO
of an international enterprise IT provider to maintain a big-picture view of
what the trends are, where they're going and how they will affect companies
making strategic IT plans.
It's not necessarily cloud infrastructure issues that worry Crosby.
It's protection of stored data and access to servers that keeps him up at
night.
"This was the year when nation-state attacks started to happen," Crosby
said. "You've got Stuxnet, you've got the Chinese government attack on
Google, and you've got WikiLeaks. My take is that every CIO should be shivering
in a state of panic."
Everybody's long been aware of denial of service attacks and their potential,
but Crosby thinks many people have become indifferent to
these events, believing such an attack won't happen to them.
"All of these have profound lessons for us," Crosby
told eWEEK. "We're in a space of
hyper-innovation, and that's fueled by Moore's
Law on the client and the server, and Moore's
Law helping the network, so we get the network effect of that. And the network
effect of that innovation is unbelievable.
World's largest cloud: Conficker
"If you look at the world's largest cloud, it's probably something called
Conficker. It has probably 30 million CPUs. It requires something like 20
terabits of bandwidth, and it's for hire. You can hire it today, and point it
at anything you want," Crosby said.
"Think cloud now. Every single one of those hosts up there that are
infected with Conficker--and there are still millions and millions of them--are
all out there, and they can be remotely controlled and instructed to do
something. It's similar to the way the anonymous guys at WikiLeaks have been
getting people to download and attack payload, and then they can remotely point
that attack payload at any site they want to attack."
For example, anonymous hackers have been able to put together an attack of 10GB
per second and point it at Visa, PayPal, Amazon and a couple of other places to
shut them down for various times, Crosby said.
"Conficker is still out there, and that's 28 terabits/second. If that
thing was pointed at any U.S.
national interest or any national interest,
it would go down in a heartbeat," Crosby said.
So why hasn't this happened yet, if there are people in the world devious and
knowledgeable enough to activate this dangerous weapon?
"Well, it hasn't yet for the same reason that nobody has launched an
atomic bomb--it's that big, right?" Crosby said.
"It turns out that most of the Conficker stuff is relatively
straightforward--denial of service and blackmail stuff in the hands of
organized crime.
"But the scary thing is that this was the year [2010] that nation-states
started to engage in cyber war actively--and everybody saw it for the first
time."
/ 6 
Cloud Computing News & Reviews 
