Why Were Losing the Battle Against Cyber-Attackers
Insurance Experts' Forum, March 4, 2010
Is there any group of people on Earth who are more obviously useless than politicians and their lapdog appointees? As a shining example, I offer you Homeland Security Secretary Janet Napolitano.
BBC news reports that Napolitano, speaking recently at security conference in San Francisco hosted by security vendor RSA, offered the following brilliant insight into the problem of cyber-threats: “We need to do more and we need to do it faster.” She said the government was working with a "sense of urgency," and that the Department of Homeland Security “stands at a very important juncture.”
Tell us something we don’t know.
How very typical of the current administration. When a crisis arises, they do what they do best—in fact what got them elected. They give speeches that trumpet the problem, then proceed to implement no workable solutions. And the secretary was not alone. Michael Chertoff, former DHS secretary under President George W. Bush, chimed in with: “We are seeing in the intervening time the adversaries, whether they be criminals or nation states or terrorists, are not taking time off. So with each passing year, the need to move faster becomes greater.”
Uh, yes, Michael, we’re aware of that.
So what are the solutions from the government’s view? According to the BBC, Napolitano listed a number of government efforts to tackle the problem. These include using intrusion detection systems. That’s fine as far as it goes, but if it were the solution, there would be no attacks on companies that already use such systems and, sadly, that is not the case. The secretary also made an appeal to security professionals and industry leaders at RSA to go the extra mile to increase security and improve their products so that security is automatic, says the BBC.
In other words, our clever-talking federal officials have no real strategy, and are begging private industry to solve the problem. In 1950s-era monster movies, the captains of industry would all band together and pool their resources and knowledge to defeat some slavering invader from another planet. Don’t count on that happening in the super-competitive environment of the 21st Century.
Chertoff, meanwhile, suggests that we lay out what the penalties would be for anyone who compromises U.S. systems—a kind of deterrent threat. What he fails to add, however, is that political moves, such as sanctions and U.N. slaps on the wrist, are meaningless to criminal syndicates and rogue government entities that are often successful at hiding their identities. Governments find themselves in the unenviable position of having to fight an enemy that is immune to the things that governments usually do to get what they want.
One thing should be clear from this mess: Political action is not the solution. The only effective thing that governments can do to deter cyber-crime is to punish it severely. Criminal hackers, when caught, must be put away for a long time in places that are not pleasant to live. Their cases should be highly publicized so that all can see the consequences of these crimes. Something like the medieval stocks that were once used for public humiliation comes to mind.
But before you condemn me for being too draconian, let me assure you that you needn’t worry. This will never happen. Governments move too slowly and are too bogged down in trying to be “politically correct” to even entertain such notions. Cyber-criminals, on the other hand, move swiftly to stay on the cutting edge of technology and to defeat any measures the good guys may take to stop them. They are not hampered by political realities or any kind of moral restraint. In addition, crooks can always count on privacy advocates to stand staunchly in the way of any government effort to monitor Internet traffic—even if the aim is to stop crimes that could damage the nation as a whole.
And that, ladies and gentlemen, is why we are losing the battle against cyber-crime. Things will only change when the pain gets bad enough, meaning that businesses and individuals will no longer stand for the deteriorating status quo.
When will we finally throw open the windows and tell the whole world: “We’re mad as hell and we’re not going to take it any more!”?
Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.
Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at firstname.lastname@example.org.
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.
Add Your Comments...
If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.
You must be registered to post a comment. Click here to register.