As we prepare to hang up our stockings and breach the eggnog, we are still looking nervously over our shoulders, wondering why some major security disasters haven't yet happened.
Admittedly, Anonymous and LulzSec went out with a whimper rather than any threatened bangs, as law enforcement turned out to be less digitally flatfooted than expected. The courtroom parade of hacktivists continued this week, with Barrett Brown pleading not guilty to charges relating to last December's Stratfor email breach.
But if hacking has taken a backseat, cybercrime for profit continued to flourish, beginning in January with a major theft of data from online retailer Zappos. Cyberwar has been noisily brewing too, with the Flame exploit (successor to Stuxnet), and reported retaliations from Iran.
Mobile apps were under assault too, even -- unthinkable! -- the apps in the Apple Store. Not to mention all the usual worries about the redundancy of passwords, security tokens, and SSL certificates.
So what didn't go wrong?
Quite a lot -- so far, anyway. Here are my top three security disasters which, fingers crossed, are deferred until next year:
A hurricane came and went on the east coast, but the digital cloud survived. Not a security issue? Wrong. For any enterprise with essential data in the cloud -- especially data retained for legal or regulatory purposes -- back-up and disaster recovery certainly relate to information security.
This time around, at least, the disaster didn't happen.
Okay, you want to talk about cloud security proper? Despite NIST's warning -- which I still think makes all kinds of sense -- that the complexity of cloud services implies a "large attack surface," we haven't yet heard a true horror story involving a cloud breach.
This doesn't mean, of course, that no such breaches have taken place. There have been whispers and allegations about clouds being vulnerable to attacks on "weakest link" clients, but what we haven't yet had is a jaw-dropping headline about a giant cyberheist involving Amazon Web Services, Windows Azure, or another major vendor.
The national infrastructure
Save your biggest sigh of relief, though, for the tenuous preservation of the national digital infrastructure. Despite consistent warnings from the DoD and the FBI -- despite, indeed, a "dire warning" from Defense Secretary Leon Panetta of a coming "Cyber Pearl Harbor" -- the grid still stands.
No thanks to Congress, of course. Blocking cybersecurity legislation seems to have occupied much of the Senate's time this year. Led by John McCain (R. Arizona), a group of die-hards have resisted the imposition of security standards on the private sector elements of national infrastructure, on the grounds that the costs involved harm the economy.
Not that McCain and his crew don't regard national cybersecurity as a priority. But there they stand, and here we are... and wait... did the lights just flicker?
— Kim Davis , Community Editor, Internet Evolution