Chapter 1
The One Patch Most Needed in Cybersecurity
There is nothing more deceptive than an obvious fact.
—Sherlock Holmes
The Bascombe Valley Mystery1
In the days after September 11, 2001, increased security meant overhauled screening at the airport, no-fly lists, air marshals, and attacking terrorist training camps. But just 12 years later, the FBI was emphasizing the emergence of a very different concern: the “cyber-based threat.” In 2013, FBI director James B. Comey, testifying before the Senate Committee on Homeland Security and Governmental Affairs, stated the following:
. . .we anticipate that in the future, resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber based terrorist threats.
—FBI director James B. Comey, November 14, 20132
This is a shift in priorities we cannot overstate. How many organizations in 2001, preparing for what they perceived as the key threats at the time, would...