RSA AND APT

When RSA CEO Art Coviello disclosed that the company had suffered a security breach, he categorized the attack as an Advanced Persistent Threat (APT). He also described the breach as a “an extremely sophisticated cyber attack in progress being mounted against RSA.” In general, the industry uses the term APT to describe a targeted attack aimed at stealing sensitive information. Some people also describe APTs as “low and slow” attacks where an adversary penetrates a network but doesn’t do any immediate damage. After some period of time however, APTs are used to find and exfiltrate (another wonky term, in this case meaning “steal”) data. APTs are also often associated with social engineering scams and/or social networking sites. Finally, some people use the term APT to describe a state-sponsored act of espionage or reconnaissance — most often in relation to the People’s Republic of China.Given this multitude of definitions, what did Coviello mean when he described the security breach as an APT? Was someone at RSA duped via Facebook? Was it an inside job? How long was the network compromised before the attack was discovered? Is there some reason to suspect the PRC? The fact is that no one outside of a few folks at RSA have any idea what Coviello was referring to.It appears that the term APT originated somewhere in the Air Force or DoD. Since DoD has a language all its own, I guess that’s fine but it is not okay when the security industry embraces some vague military terminology and makes it part of its marketing lexicon. By doing this, the industry is only making communications about cyber security more confusing at a time when we need extremely granular clarity about the problems we face. I mean if the security industry can’t even agree on the definition of APT, what hope do we have that John and Jane Doe have any clue about what we are talking about?And as long as I’m on my soapbox, I think it is worth mentioning that APTs are nothing new at all. Yes, the bad guys are using more advanced scams but so do crooks in the real world. The best thieves use their heads rather than their guts to maximize the impact of crimes while minimizing risk. If anything, APTs demonstrate that the bad guys know that it easier to find a gullible insider patsy to con than it is to break into a secure IP network. In time, RSA will likely disclosed additional information about what happened when so we will learn what Coviello meant last Thursday when he said that RSA/EMC had been hit with an APT. In the interim, I hope that the security industry also comes to some consensus here rather than continue to flood the market with terminology curveballs.