I've written about my objections to the term Advanced Persistent Threat before, and explained why the term is both inaccurate and illogical, but I didn't propose an alternative term and clearly journalists need one. Therefore, I'd like to propose that we put this abused, over-used, and ill-fitting term to a well-deserved retirement and use in its place "Adaptive Persistent Attack" or APA.
ADAPTIVE
Adaptive should replace "advanced" because advanced malware costs time and money to develop and an adversary crew won't use something expensive and sophisticated if a mundane spear phishing attack crafted by some social engineering will do the trick. In other words, the bad guy's attack profile is adaptive, not advanced.
PERSISTENT
Persistent is exactly the right word. Once they're in, you aren't getting them out. The Fortress defense paradigm needs to die the same death as "APT".
ATTACK
As I pointed out in my post "The APT Logical Fallacy", APT is an oxymoron. A threat is not an attack. You've been attacked. Call it an attack.
But APT is a Who, not a What
Almost everyone who makes this statement believes that APT is a code word for the Peoples Republic of China. Period. Only China. I refuted this argument in my above-referenced post with detailed examples of the same attacks coming from the Russian Federation. Frankly speaking, it's stupid to keep using a code word when the meaning of the code word is widely known. Back in 2006, only other Air Force insiders knew what was mean't by the term APT so it fulfilled its purpose back then. Now the secret is out. There's no reason to keep referring to China as APT when we all now what you're talking about, including China. So either name the State that you're accusing or don't name it, but don't call China APT, APA, or any other code word. It's silly and it doesn't fool anyone.
Conclusion
Today, the Advanced Persistent Threat (APT) has become a huge FAIL, both as a "who" and as a "what" so please, let's all stop using it. I think that APA fits the bill rather nicely. If you've got a better idea, by all means suggest it as a comment. Words matter, and the world of information security has lots of horrible ones. This will be the first of a series of Words Matter posts that I hope to write in the near future with the hope of stimulating discussion and arriving at a more precise terminology for this emerging threat environment. Please contact me in the comments or via email if you have suggestions for a future Words Matter post (like "cyberwar").
Add to Cart
ADAPTIVE
Adaptive should replace "advanced" because advanced malware costs time and money to develop and an adversary crew won't use something expensive and sophisticated if a mundane spear phishing attack crafted by some social engineering will do the trick. In other words, the bad guy's attack profile is adaptive, not advanced.
PERSISTENT
Persistent is exactly the right word. Once they're in, you aren't getting them out. The Fortress defense paradigm needs to die the same death as "APT".
ATTACK
As I pointed out in my post "The APT Logical Fallacy", APT is an oxymoron. A threat is not an attack. You've been attacked. Call it an attack.
But APT is a Who, not a What
Almost everyone who makes this statement believes that APT is a code word for the Peoples Republic of China. Period. Only China. I refuted this argument in my above-referenced post with detailed examples of the same attacks coming from the Russian Federation. Frankly speaking, it's stupid to keep using a code word when the meaning of the code word is widely known. Back in 2006, only other Air Force insiders knew what was mean't by the term APT so it fulfilled its purpose back then. Now the secret is out. There's no reason to keep referring to China as APT when we all now what you're talking about, including China. So either name the State that you're accusing or don't name it, but don't call China APT, APA, or any other code word. It's silly and it doesn't fool anyone.
Conclusion
Today, the Advanced Persistent Threat (APT) has become a huge FAIL, both as a "who" and as a "what" so please, let's all stop using it. I think that APA fits the bill rather nicely. If you've got a better idea, by all means suggest it as a comment. Words matter, and the world of information security has lots of horrible ones. This will be the first of a series of Words Matter posts that I hope to write in the near future with the hope of stimulating discussion and arriving at a more precise terminology for this emerging threat environment. Please contact me in the comments or via email if you have suggestions for a future Words Matter post (like "cyberwar").
0 komentar:
Posting Komentar