2010 in review

December retrospective. The annual structured retrospective continues, following the pattern from 2009.

This is a comprehensive retrospective because 2010 has been substantively significant. The cumulative trajectory toward state-grade cyber operations is now operationally visible.

The major events

In rough chronological order:

• Operation Aurora (January) — APT framing enters mainstream.
• Mariposa botnet takedown (March).
• One year of Hedgehog (April) — plus Northcott secondment begins.
• Infosec Europe 2010 (April).
• Stuxnet emerges (July).
• Towry Law secondment begins (August).
• Stuxnet second-pass analysis (September).
• WikiLeaks Iraq War Logs (October).
• Anonymous Operation Payback (December).

Nine substantive events plus the continued operational development of Hedgehog Security and the cumulative practitioner trajectory.

The cumulative trajectory

Three structural observations from the year.

State-grade cyber operations are now operationally visible. Aurora demonstrated APT-style targeted espionage; Stuxnet demonstrated weaponised industrial-control-system attack. The cumulative trajectory toward state-grade cyber operations being operationally connected to broader national-security questions is now established.

Insider-driven mass disclosure is now operationally demonstrated. WikiLeaks releases through 2010 represent specific structural shift — sustained insider-driven disclosure at scale, coordinated with international media. The cumulative cumulative cumulative subsequent threat-model implications are substantial.

Crowd-sourced political-DDoS is now operationally established. Anonymous Operation Payback demonstrates specific cumulative cumulative cumulative subsequent participation-based DDoS at scale. The cumulative political-DDoS trajectory continues expanding.

The personal trajectory

The cumulative 2010 trajectory has been substantive.

Hedgehog Security operational establishment continues. Approximately twenty cumulative client engagements through year two; sustained referral patterns; specific cumulative cumulative cumulative subsequent decisions about scaling are pending.

Multiple secondment relationships established. Northcott Global Solutions and Towry Law alongside Hedgehog client base. The cumulative parallel-engagement pattern is operationally workable.

Continued conference engagement. Infosec Europe 2010 and specific cumulative cumulative cumulative subsequent additional events. The cumulative practitioner network continues expanding.

Continued cumulative writing discipline. Approximately 50 posts at the established cadence.

The predictions, reviewed at year-end

The January 2010 predictions, reviewed:

Continue the weekly cadence. Resolved AFFIRMATIVE.

Hedgehog client base grows. Resolved AFFIRMATIVE.

Speak at Infosec Europe 2010. Resolved AFFIRMATIVE.

Attend at least four conferences. Resolved AFFIRMATIVE.

Substantial subsequent writing project. Resolved PARTIAL.

Continued Conficker variants. Resolved AFFIRMATIVE.

Major data-breach disclosure. Resolved AFFIRMATIVE.

Continued mass-mailing. Resolved AFFIRMATIVE.

Continued politically-motivated DDoS. Resolved AFFIRMATIVE.

Mobile-platform malware incident. Resolved AFFIRMATIVE.

Continued web-application worm activity. Resolved AFFIRMATIVE.

Industrial-control-system incident. Resolved AFFIRMATIVE — Stuxnet.

APT-style targeted-attack disclosure. Resolved AFFIRMATIVE — Aurora.

Continued Microsoft platform security investment. Resolved AFFIRMATIVE.

The cumulative score: 13 affirmatives, 1 partial, 0 misses.

What I have been writing about

The 2010 writing has covered:

• Continued Hedgehog operational reflection.
• Specific incidents — Aurora, Mariposa, Stuxnet, WikiLeaks, Anonymous.
• The APT framing and state-grade cyber operations.
• The political-DDoS trajectory.
• Cumulative operational engagement across multiple secondment relationships.
• Continued reading and conference reflection.

What I expect for 2011

The detailed predictions for 2011 will be in next week's post. The high-level expectations:

• Continued APT-style activity becoming mainstream.
• Continued Stuxnet aftermath and ICS-security investment.
• Continued political-DDoS evolution.
• Continued breach-disclosure trajectory.
• Continued Hedgehog operational growth and specific cumulative subsequent decisions.

A reflection on thirteen years approaching

The notebook will reach thirteen full calendar years in January 2011. The cumulative trajectory continues; specific subsequent observations will inform.

For my own continued work: more on the cumulative trajectory in 2011. Specific events will inform; the cumulative archive grows.

More as the year wraps up.