InfoSec is Ritualistic, Not Innovative … It’s a SIN!

The 6th Annual IT Security Entrepreneurs’ Forum (ITSEF 2012) took place at Stanford University on March 21, 2012. It was produced by the Security Innovation Network, which is careful to call itself SINET rather than SIN. You can see the conference agenda  While I did not attend the forum, I suspect that it was an interesting get-together judging from the topics and the credentials of presenters.

The “big thing” in cyber security today is innovation—game changing, clean-slate innovation— which, to my mind, is a clear admission that current approaches aren’t hacking it (pun intended). My March 26, 2012 BlogInfoSec column, “Infosec Defenders are ‘Losers’ per RSA,” focused on the reported comments of big-name presenters and attendees at the 2012 RSA Conference. To a person, they admitted that the attackers have the upper hand and we don’t have the tools or other mechanisms to take back the initiative.

This view was further exemplified in an article in The Wall Street Journal of March 28, 2012 by Devlin Barrett with the title “U.S. Outgunned in Hacker War.” The article is mostly about Shawn Henry, executive assistant director of the FBI, who is leaving the agency for the private sector after more than 20 years of service. He is quoted as saying “You never get ahead, never become secure, never have a reasonable expectation of privacy or security.” If this gloom and doom attitude, accompanied by the even gloomier view of CSIS senior fellow James Lewis, is intended to invoke action to remedy the situation, then I have to say that it doesn’t appear to be working. Some other comments later in the article seem to be somewhat more productive.

Post a Comment

Your email is never published nor shared. Required fields are marked *