The text of a Deutsche Welle article on the German Cyber Defense Center has some funny logic.

Note the name of the center, for example, versus the title.

Germany declares war on hackers with new cyber defense center

I propose they rename themselves the Cyber Offensive Center. No, that acronym doesn’t work. They could go with the Cyber War Center…or, wait, maybe a Cyber Lulz Center. If you are going to declare war and go on the offensive, you might as well get a few laughs in. What’s the German translation for lulz?

Seriously, though, the German news site says NATO top threats list includes terrorism, WMD and cyber attack. Never mind the differentiation and overlap of those terms (terrorism could be done with WMD and/or cyber attack). Note the absence of cruise-missiles on the list. Then read this:

NATO now counts cyber attacks as one of the greatest security threats in the modern world – alongside terrorism and weapons of mass destruction. The so-called Stuxnet worm, which targeted industrial software in the summer of 2010, infected computers controlling uranium enrichment plants in Iran. That showed the world that highly-developed viruses can penetrate enemy infrastructure as if they were digital cruise missiles.

If Stuxnet only has as much risk as a cruise missile does it drop off the top threats list? I think such a description is counter-productive. In other words, is your industry preparing for attack by cruise missiles? On a similar note, has anyone said viruses would be unable to penetrate critical infrastructure? As far as I can recall (at least into the early 1990s) it was widely known that worms could spread by removable storage and enemy infrastructure was susceptible to infiltration.

Iran’s uranium enrichment program at Busheir was built with extra resiliency in the 9,000 centrifuges because of an anticipated high-failure rate. The latest reports I found say production impact of Stuxnet was negligible, although clearly the surveillance aspect of it has had a psychological/political impact…even on Germany.

Last night I had a lengthy discussion with an ex-Amazon staff who laughed when I said consumers hate lock-in and high exit barriers. He gave the example of Microsoft Office and asked “you really think people are going to use something else?” That seemed strangely upside-down and backwards as an analogy.

My point was exactly the opposite. A market of new products to be considered for future adoption will factor exit cost. Those who use Microsoft Office are the ones on traditional non-cloud environments. There is no real exit barrier to leaving Microsoft Office other than the cost of learning a new platform since the formats can be exported and imported, or even used as a current standard (e.g. Office 97 or RTF).

A new platform (e.g. Cloud Y applications), by comparison, may come with lock-in to a non-standardized format. That should and will give consumers pause before they convert to it. This was highlighted by the European Network and Information Security Agency (ENISA) as one of the top barriers to new technology adoption in their Cloud Computing Risk Assessment.

CTOEdge now carries this message as well. Their post neither mentions security as the primary barrier nor hides the fact that cloud technology can be hamstrung by (boiled down to?) management of virtualization.

If you get the sense that we’ve entered a period of pregnant pause as it relates to cloud computing in the enterprise, it might have something to do with virtualization standards.

Right now, there are two standards that many cloud computing advocates are tracking with keen interest. The first is the Open Virtual Format, which will make it a whole lot easier for application workloads to dynamically run on top of multiple virtual machines. The second is a set of virtualization management interfaces that is to be shepherded by the Distributed Management Task Force (DMTF)

A company that sells products to help respond to a distributed denial of service (DOS) has some harsh words for Rabobank:

For the 27th largest worldwide bank (they are larger than Wells Fargo and Royal Bank of Canada by asset size), this was a costly sequence of events that could have been avoided. The lost revenue and increased non-web support costs to both Rabobank and iDEAL are sure to be significant when all the dust settles.

The ripple effect of Rabobank’s reaction spread to other iDEAL partners, further underscoring the interconnected nature of Internet business and the reaches of the Extended Enterprise. Waiting for a partner to fix problems that directly impact your business is simply not a good approach.

Internet Identity (IID), with hindsight on their side, says the solution should have been obvious.

…we know what it takes to properly respond to a situation like this…