A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
November 9, 2012 at 5:13 am #172211
Proactive Defense Prudent Alternative to Cyberwarfare:
In cyberwar, having a good offense is not the same as having a good defense. It is much more dangerous. The current call to cyber-arms permeating Washington is a serious problem. The purveyors of cyber-offense and “active defense” seem to not understand the role that proactive defense through security engineering can play in averting cyberwar.
Cyber-information systems control many important aspects of modern society, from power grids, to transportation systems, to essential financial services. They sample air quality, spy on people, track movement of fissile materials, enable remote-controlled bombing, manage hardware and software supply chains, facilitate billions of dollars in fraud each year, form the core of massive botnets that can take giant corporations offline, predict weather events, and allow split-second financial trades that move world markets. Our dependence on these systems and their inherent complexity and interrelated nature is not well-understood by the “non-geeks” who make both policy and business decisions. This makes for a real and present danger of cyber-exploit. That’s because a majority of these essential systems are riddled with security vulnerabilities.
November 9, 2012 at 10:07 am #172217
More Pushback; From CSO online:
November 07, 2012 — CSO — The nation’s top national security leaders have convinced President Obama and much of the leadership in Congress that the U.S. is at risk of a “Cyber Pearl Harbor” or “Digital 9/11” if it does not take drastic measures to improve both defensive and offensive cybersecurity capabilities against hostile nation states.
But the leaders, Defense (DoD) Secretary Leon Panetta and Homeland Security (DHS) Secretary Janet Napolitano have not, however, convinced every expert in the cybersecurity community, and there is now some increasingly vocal push-back from some of them.
Critics argue argue that not only is the threat of a catastrophic cyberattack greatly exaggerated, but that the best way to guard against the multiple risks they agree exist is not with better firewalls or offensive strikes against potential attacks, but to “build security in” to the control systems that run the nation’s critical infrastructure.
Bruce Schneier, author, Chief Technology Security Officer at BT and frequently described as a security “guru,” has not backed off of his contention made at a debate two years ago that the cyber war threat “has been greatly exaggerated.” He said that while a major attack would be disruptive, it would not even be close to an existential threat to the U.S.
November 9, 2012 at 5:58 pm #172215
As a guy who still occasionally uses a manual typewriter and splits his own firewood, it’s fair to place me among those with insufficient knowledge of the “inherent complexities” of cyber-information systems control. How do we get up to speed and what are the essential things we need to know to participant in citizen discussions of general policy in this area?
November 9, 2012 at 7:25 pm #172213
Not sure that your critera places you in the category to have insufficient knowledge of this subject… I use a manual typewriter, AND a rotary phone, and although I have a log splitter I too split my own firewood and firewood was just recently the primary source of winter heating in my MA home…
Have spent more hours than I can count reading numorous articles/books on Cybersecurity and found that I don’t have near enough knowledge to classify myself as an expert…
The way that I involved myself in general discussions about policy/implementation/ is I attend “local” conferences where at least one of the issues is cybersecurity. Examples would be:
- the Annual meeting to discuss with the public the expenditures by the Port of Houston
- regular meetings by the local governments to discuss security
- FEMA “mandated” meetings to deal with disaster planning
- conferences which COULD have a security track (The most recent one was a gathering of Shiping companies)
At all these meetings I try to be an active participant, and ask questions that will solicit a professional response…
Have had less success attempting to impact these kind of issues with webinars/conference calls but will continue to keep trying….
You must be logged in to reply to this topic.