Create an Account
username: password:
 
  MemeStreams Logo

RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks

search


RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks
by noteworthy at 2:37 pm EST, Jan 29, 2008

If it's not OK for health care, how could it be a good idea for firewalls? The Internet doesn't even kill people!

The two are not unrelated. If I may be a bit dramatic for a moment:

In the Litvinenko affair, a man traveled from Moscow to poison his victim. He did this not because it was a practical necessity, but because he wanted his victim to know who killed him.

In an alternate scenario, the attacker might have just changed one of his prescriptions, surreptitiously -- an electronic attack with fatal consequences. (I readily admit that the details of such an attack would be quite subtle and target-specific. More plausible, perhaps, would be attacks on the integrity of medical records, or simply on insurance rolls.)

... problems are eliminated by simply making this a private sector endeavor motivated with the right economic incentives.

I certainly agree that security is about incentives; I have made that clear by my repeated citation of Ross Anderson's work on the subject. I intend(ed) to mention incentives over on the black box economy thread.

There are a number of companies who provide managed security services for thousands of customers from centralized NOCS, customers who include Fortune 500 companies who have extremely complicated infrastructures. I think its practical, particularly if you have billions at your disposal.

I have visited several such facilities. I accept that they will help you keep your Bind and Sendmail up to date, and they will detect and block people who port-scan your address space. I do not believe they are conducting counterespionage and I do not believe their customers expect that of them.

If the state posted armed guards in front of your Bank would you hire your own guards too on the presumption that the ones the state hired are incompetent? I think its unlikely that their level of incompetence would allow enough fraud to justify hiring private equivalents.

I would not expect these armed guards to prevent another Enron.

RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks


 
 
Powered By Industrial Memetics