The fact that so much of the preventative work had been effective appears to fly right past those who think that it was a waste of time and money.
The legacy of this latter attitude is, I believe, mostly behind the lack of energy in regard to protecting against cyber attacks. If it continues and, as McConnell asserts, not much will be done until the cyber “black swan” actually occurs, then the potential costs could be enormous, easily in the trillions of dollars. And the truth of the matter is that a cyber meltdown could occur spontaneously due to human error or a natural disaster … we don’t need to wait for a targeted attack.
Y2K contingency planning is touted to have helped significantly in the aftermath of 9-11. Since we do not know what might happen, when and where, it pays to plan for surviving and recovering from potential major cyber events. While there are strategic components in the long-term effort to secure cyberspace, there is much to be done in the short term. This will not be accomplished through casual discussions of potential disasters. It requires strong and fervent leadership able to convince government and the public of the urgency of the task … otherwise McConnell’s low-key assertion of having to wait for a cybergeddon before we get any real response, will turn out to be prescient. In which case we all lose.
Popularity: unranked
One Comment
Great point about something terrible needed to happen before anything is done: our government system is by and large a reactionary one rather than a proactive one. When it comes to preventing catastrophic issues we have major obstacles unless the threat is imminent. Unfortunately the “invisibleness” and complexity of cyber security lends itself to never seeming like a threat (unless one is one the front lines witnessing the attacks). In regards to the Y2K syndrome, I wrote something similar about general H1N1, InfoSec and human behavior here:
http://www.bloginfosec.com/2010/01/27/h1n1-threat-overblown-information-security-relevance-a-logic-proof/