08 August 2009

Ghosts in the machine?

I think we're about to get hit, and hit hard. And by "we" I mean the U.S. Reading reports lately I've been noticing a trend. "N Korea behind U.S. cyber attacks", or "Cyber attack on U.S. nuclear arms lab linked to China", or how about "Military Looking Abroad for Source of Cyber Attack on Pentagon". If you'll notice, a couple of those articles are older, but I think it's enough to demonstrate my point. Now, read this article "Hathaway resigns as acting cybersecurity czar".

Anybody else see something wrong with this? The acting "cyber czar" takes herself out of the running after completing a 60-day review of our nation's gov't wide cybersecurity preparedness. Her reasoning? Personal. Yeah, methinks she discovered something and decided to pull out before something happened and they pointed the finger at her.

I'm sure you've all seen Die Hard 4, and as unrealistic as the technical details were, there was some truth behind the ideas. What would we do if our military networks were compromised? Our financial networks? These attacks are designed to test our weaknesses, find the holes in our firewalls. The scary question no one seems to be asking is this: what are they leading up to?

Other countries are proactively trying to compromise our infrastructure. They don't have our rules and regulations about playing nice. Sure we have gov't agencies that don't always play by those rules, but every time they do something there is a media flurry about civil rights violations or some other hippy, liberal bullshit.

Right now there is a call out for cyber gurus. Our gov't is finally coming to the realization that we are far behind the times when it comes to cyber security. Our nation's I.T. is being run by a bunch of fossils whose concept of security went the way of the dodo a long time ago. They are actively calling for information security students to join their ranks. The problem is they are also actively pursuing and prosecuting anyone good enough to do the job. Sounds kind of like cutting off one's nose to spite one's face if you ask me. The only way anyone is going to be good enough with something other than security theory is if they are actually breaking into systems, which is a felony. Sure there are lots of programs offered by online schools (ITT Tech, DeVry, UofP, etc) but those are $60k for a degree. And even then nobody really takes those graduates seriously. None of your traditional colleges are offering any serious security courses. Maybe Carnegie Mellon, or MIT, but there aren't enough graduates to fill the ranks. Even then they're usually too paranoid or liberal to be willing to work for our nation's government.

So it seems like we're kind of stuck in a grave of our own making. The question now is what the fuck are we going to do about it?

1 comment:

  1. Important question!

    Interresting thoughts.

    A bit to many heavy incidents seems to have taken place and that do not give trust.

    ReplyDelete