“Infosec, You’re Doing a Heck of a Job!”

However, there is an aspect of these somewhat ostentatious celebrations of infosec grandeur that is both pretentious and sad at the same time. Here are the leaders of our field pontificating about the great things of which our profession is capable, while, at the same time, information security is in the worst state that it has ever been. Successful exploits are way up. Millions of computers have been taken over and fraud is rampant.  Foreign groups have infiltrated government systems and our electrical grid, as reported on the front page of the April 8, 2009 issue of The Wall Street Journal. Also, just as the RSA attendees bask in their self-congratulatory glory and “fiddle while Rome is burning,” we learn (in an article on the front page of the April 21, 2009 issue of The Wall Street Journal) of another major breach. Computer spies, who have also infiltrated into the Air Force air-traffic control system, stole terabytes of data about the Joint Strike Fighter project. The infosec New Orleans is already under water … the only questions are how high will the flood rise and how long will it take to crest?

One Comment

  1. James Anderson Apr 27, 2009 at 5:26 pm | Permalink

    Hmmm. Axelrod — who I think was a recent winner of the Infosec Executive of the Year Award — believes that the RSA Conference was an example of “…ostentatious celebrations of infosec grandeur that is both pretentious and sad at the same time. Here are the leaders of our field pontificating about the great things of which our profession is capable, while, at the same time, information security is in the worst state that it has ever been.” Well, at least he’s got pretentious down to a science: blogging about RSA when he didn’t attend — in fact says he has never attended and could not justify a week-long conference… As for pontificating, he takes a great run at that one also: stating that industry better “step up to its responsibilities or else the government will have to step in and take control.” Oh, yeah, that’s the ticket. A little bit more of “C2 by 92” and we’ll all be buttoned up. Shoot, as long as we can nationalize all the big banks, nationalize the automakers, and borrow unlimited funds to do it from the taxpayers, almost anything is possible. So you RSA attendees better suck it up and get things fixed pronto. Or uncle Hugo Chavez will step in and take care of things and it won’t be funny… I for one think we need a little less pontification from all sides and recognize one essential truth about information security: INFOSEC IS GETTING ALL THE EMPHASIS THAT CAN BE EXPECTED GIVEN THE LEVEL OF PRIORITY AND SUPPORT IT HAS RECEIVED FROM GOVERNMENT AND ENTERPRISE. The notion that we can fix infosec while at the same time we fix the economy, health care, energy, global warming, Afganistan and Iraq is just absurd. While we have bigger fish to fry right now, infosec professionals will continue to guard the ramparts — we should not however, expect to win the war tomorrow.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*