Ross Anderson's book on "Security Engineering" came out about 9 years ago or so, in it among many other things he explained that information security is not just about policy, mechanism and assurance, its also about incentives. Chief among which is often economic incentives.
While you could argue that infosec as a profession has done ok in some areas of the first three categories its not clear that incentives is well understood in the community leading to among other things the latest hububs about APT as a national crisis. We are told that China is disrupting the nice, well meaning, Marquis de Queensbury-esque oil industry through APT. There's no evidence presented, just speculation which then becomes the headline. This escalate something that's at best a sector specific issue into irresponsible loose talk along the lines of "cyber cold war" claptrap. The Cold War, if memory serves, was two competing ideologies that did not trade with each other or allow/encourage free movement of people, ideas, and goods with each other.
On the other hand, we have deep personal, economic, technological, supply chain, and digital relationships with China. And oh by the way they are better capitalists than we are. Its night and day to the USSR and cold war, and to conflate these two is both sloppy thinking and missing the point.
Just to ram home how far out to lunch some of the thinking is, we have this from today's Financial Times:
Russia proposed to China that the two nations should sell Fannie Mae and Freddie Mac bonds in 2008 to force the US government to bail out the giant mortgage-finance companies, former US Treasury secretary Hank Paulson has claimed.
The allegation is in his memoir On the Brink in which he also suggests that Alistair Darling, the UK chancellor, blocked a rescue takeover of Lehman Brothers by Barclays Bank when he refused to support special treatment by UK regulators.
Mr Paulson said that he was told about the Russian plan when he was in Beijing for the Olympics in August 2008. Russia had gone to war with Georgia, a US ally, on August 8.
“Russian officials had made a top-level approach to the Chinese, suggesting that together they might sell big chunks of their GSE holdings to force the US to use its emergency authorities to prop up these companies,” he said.
Fannie and Freddie are known as GSEs or government sponsored enterprises.
“The Chinese had declined to go along with the disruptive scheme, but the report was deeply troubling,” he said. A senior Russian official told the Financial Times that he could not comment on the allegation.
Needless to say, the Chinese piling out of Fannie and Freddie at the height of the financial crisis would have been a coronary for the US economy. Of course, they would have been crazy to do this because we owe them $2 trillion, they would probably like to get paid back at some point.
Anyway, back to security and incentives. Its never a bad idea to ask cui bono in security, after all the harrumphing over APT who ended up with the big oil contracts in Iraq? Russia and Norway.
Comments