[Infowarrior] - Cyberpanic: It Sells

[Richard Forno]

Cyberpanic: It Sells

     * By Sharon Weinberger
     * April 28, 2009  |

http://www.wired.com/dangerroom/2009/04/cyberpanic-it-sells/

If you are the kind of person who isn’t going to buy bacon because of  
the swine flu scare, then you should definitely not read up on the  
latest story on cyber threats to national security, at least not if  
you want to avoid trashing all of your tech gear.

To the cynic this is the government-industrial complex at its worst:  
federal bureaucracies doing their best to jockey for the most  
resources and authorities; and defense contractors doing their best to  
sell products and services to the government. That system isn’t going  
to change and I could argue that on a fundamental level it shouldn’t.

What we should be concerned about is that although cyber threats have  
been an issue for decades, all the president’s horses and all of Wall  
Street’s men still haven’t produced a national information  
infrastructure that can withstand a hatchet, much less a malicious  
attack by a determined adversary.

Information warfare pioneer and impresario Winn Schwartau demonstrated  
just how little progress we have made in this arena in a recent  
briefing to a large audience of military and intelligence types. At  
the end of the briefing, as everyone was about to congratulate him on  
a job well done, he revealed that the deep, insightful briefing he had  
just delivered was ten years old. He’d recycled it because the  
problems of 1998 still existed in 2008.

For the more technically inclined, there is my friend Gunnar  
Peterson’s graphic that illustrates how cyber threat vectors have  
evolved over the years, while defenses . . . not so much. The system  
isn’t going to change but it doesn’t have to. The bottom line is that  
there are still plenty of ways to acquire a lot of bureaucratic power   
and make a lot of money actually defending government or national  
networks. That we continue to do the same thing over and over again is  
a reflection of both governmental and commercial laziness.

Given that, during a period of significant economic turmoil, we are  
about to drop $17 billion dollars on improving the nation’s cyber  
security capabilities, wouldn’t it be smart if we did so in a fashion  
totally unlike what we’ve been doing to date?A real cyber security  
capability would start out by embracing and co-opting the government- 
contractor system to get what we need, not the tired and failed  
solutions of the past. Insist on comprehensive solutions and  
deliverables that are demonstrably functional, not simply hardware and  
software glued together with buzz-words.

We could determine the best solutions to pursue if we injected  
external thinking - and a lot of it - into the debate. There is  
nothing new about cyber-based threats; there is nothing secret about  
what external powers are doing to government networks. Keeping the  
development of solutions secret made sense when the problem was atomic  
in nature and the government had more or less a monopoly on people  
with the physics chops.

The number of people who know computer security outside of government  
today is several orders of magnitude larger than the number of  
civilian scientists who could have built an atomic bomb during the  
cold war. Tap all the expertise you can because the other side is, and  
on most days they’re winning. Finally, break out of the “legacy  
futures” mindset.

We should respect the knowledge and service of our predecessors, but  
anyone who speaks in throw-back metaphors and spent a lot of time  
preparing for an attack through the Fulda Gap is only ever going to  
offer you a digital Maginot Line for a solution.

There are serious problems associated with our national information  
infrastructure and real threats to it exist, but we are not going to  
solve these problems effectively or in a timely fashion by recycling  
rumor and pimping hyperbole.

– Michael Tanji, cross-posted at Half of the Spear