from Danger Room, Michael Tanji's 3 reasons are:
1. Bullshit. It’s the North Koreans! It’s the Chinese! It’s the Ruskies out to steal our essence! The one thing you can be sure of is that very few people know who is behind any cyberattack. Code analysis helps to a degree (”Hey, there are some Chinese characters in here!”) but code-reuse is not exactly an unknown phenomenon online. There is no serious attribution methodology, so to some extent everyone is guessing.
2. Ineptitude. There are a lot of people working on cybersecurity issues, a lot of people “managing” these issues, but not a lot of people leading on these issues. Cybersecurity doesn’t lack for brainpower; it lacks the vision, the juice and the intestinal fortitude to realize the vision. When your focus is billets and resources and dollars and org charts (read: management) it’s easy to see why cybersecurity fails. Why? Cyber doesn’t kill, it doesn’t maim, it rarely has negative impact on any scale and when it does it is almost always a readily recoverable event. Managers don’t deal with the nebulous, intangible and anything that involves “maybe” very well.
3. Complexity. The people at Verizon look on bemused when the military talks of achieving information-space dominance, when with the flick of a switch, a technician in overalls and a tool belt can render our digital military might inert. Attack and defense tools are built for computer-based warfare, but planetwide more people access the net with phones than desktops. There has yet to be a study that has looked at these problems in a truly comprehensive manner (read: not dominated by geezers who have other people read and respond to their e-mail). Mostly they’re focused on legacy futures, which is cool if you’re not interested in forward progress.
Comments