“Infosec, You’re Doing a Heck of a Job!”

By the way, have you wondered why it is The Wall Street Journal, of all news sources, which is getting all these scoops on cyber attacks and cyber espionage? I attribute it to the outstanding investigative reporting of Siobhan Gorman, who has appeared from relative obscurity to achieve front-page status in a matter of months.

Two keynote presentations at the 2009 RSA Conference were by very prominent government officials, laying out the current known state of cyber security affairs and what generally needs to be done to achieve an acceptable level of protection of our critical systems, networks and infrastructure. That alone is a telling statement of the condition that we are in. It points to a clear failure of the private sector to protect the more than 80 percent of the critical infrastructure that it is purported to own, and of the public sector’s protection its even more critical 20 percent. As with the financial crisis, government can only go so far. The private sector has to step up to its responsibilities. If not, then government will just as surely step in and take control.

One Comment

  1. James Anderson Apr 27, 2009 at 5:26 pm | Permalink

    Hmmm. Axelrod — who I think was a recent winner of the Infosec Executive of the Year Award — believes that the RSA Conference was an example of “…ostentatious celebrations of infosec grandeur that is both pretentious and sad at the same time. Here are the leaders of our field pontificating about the great things of which our profession is capable, while, at the same time, information security is in the worst state that it has ever been.” Well, at least he’s got pretentious down to a science: blogging about RSA when he didn’t attend — in fact says he has never attended and could not justify a week-long conference… As for pontificating, he takes a great run at that one also: stating that industry better “step up to its responsibilities or else the government will have to step in and take control.” Oh, yeah, that’s the ticket. A little bit more of “C2 by 92” and we’ll all be buttoned up. Shoot, as long as we can nationalize all the big banks, nationalize the automakers, and borrow unlimited funds to do it from the taxpayers, almost anything is possible. So you RSA attendees better suck it up and get things fixed pronto. Or uncle Hugo Chavez will step in and take care of things and it won’t be funny… I for one think we need a little less pontification from all sides and recognize one essential truth about information security: INFOSEC IS GETTING ALL THE EMPHASIS THAT CAN BE EXPECTED GIVEN THE LEVEL OF PRIORITY AND SUPPORT IT HAS RECEIVED FROM GOVERNMENT AND ENTERPRISE. The notion that we can fix infosec while at the same time we fix the economy, health care, energy, global warming, Afganistan and Iraq is just absurd. While we have bigger fish to fry right now, infosec professionals will continue to guard the ramparts — we should not however, expect to win the war tomorrow.

Post a Comment

Your email is never published nor shared. Required fields are marked *