“Infosec, You’re Doing a Heck of a Job!”

Even the spending of ten of billions of dollars on an updated CNCI (Comprehensive National Cyber Initiative) – see my January 13, 2009 column – may be a case of too little, too late. The call for tens of thousands of cyber warriors is commendable, but it takes a fair amount of time, running into years, to find and train suitable candidates.

What we need now are strong, decisive, immediate actions, even if they intrude on the convenience and ready access to which we have all become accustomed. The patient is in the ER … first stop the bleeding, then treat the cause, and then worry about whether the patient’s pillow is soft enough. Perhaps it is necessary to take a step back, reduce ubiquitous access, and disconnect critical systems from public networks, before some foreign adversary or terrorist group decides to pull the plug on our critical infrastructure altogether.

One Comment

  1. James Anderson Apr 27, 2009 at 5:26 pm | Permalink

    Hmmm. Axelrod — who I think was a recent winner of the Infosec Executive of the Year Award — believes that the RSA Conference was an example of “…ostentatious celebrations of infosec grandeur that is both pretentious and sad at the same time. Here are the leaders of our field pontificating about the great things of which our profession is capable, while, at the same time, information security is in the worst state that it has ever been.” Well, at least he’s got pretentious down to a science: blogging about RSA when he didn’t attend — in fact says he has never attended and could not justify a week-long conference… As for pontificating, he takes a great run at that one also: stating that industry better “step up to its responsibilities or else the government will have to step in and take control.” Oh, yeah, that’s the ticket. A little bit more of “C2 by 92” and we’ll all be buttoned up. Shoot, as long as we can nationalize all the big banks, nationalize the automakers, and borrow unlimited funds to do it from the taxpayers, almost anything is possible. So you RSA attendees better suck it up and get things fixed pronto. Or uncle Hugo Chavez will step in and take care of things and it won’t be funny… I for one think we need a little less pontification from all sides and recognize one essential truth about information security: INFOSEC IS GETTING ALL THE EMPHASIS THAT CAN BE EXPECTED GIVEN THE LEVEL OF PRIORITY AND SUPPORT IT HAS RECEIVED FROM GOVERNMENT AND ENTERPRISE. The notion that we can fix infosec while at the same time we fix the economy, health care, energy, global warming, Afganistan and Iraq is just absurd. While we have bigger fish to fry right now, infosec professionals will continue to guard the ramparts — we should not however, expect to win the war tomorrow.

Post a Comment

Your email is never published nor shared. Required fields are marked *