2012/09/10

Civilian internet defence

.
I don't think that defending a country against malware is a job for the military. This doesn't change when the aggressors (supposedly) wear uniform.
Military bureaucracies do not attract the right people for the job, it's that plain and simple. They're not exactly competent at contracting software-related services, so there's no reason to trust them with "cyberdefense".

Sadly, the very same applies to the police forces as well. They're routinely lagging behind ad hoc efforts of clubs and even individual users when it comes to dealing with crime in the internet, i.e. child porn.

The first stop for "cyberdefense" should be the commercial PC security suite developers with their anti-virus fight experience. Such companies exist in most larger Western countries. The Russia-based Kaspersky has ruined the CIA's day more than once when it began to deliver protection against its attacks while Western competitors appeared to collaborate.

I'm still trying to figure out what "U.S.Cyber Command" wanted to tell us by
publishing this photo op of a clueless-looking soldier with lots of nonsense on computer screens.
Let's assume we would be sensible enough to foster at least one such company in our country instead of allocating millions at incredibly inefficient efforts to the same ends in our uniformed bureaucracies.
Would that suffice?

Well, there's a huge motivation problem at work. Sellers of protection software are not interested in keeping the malware from reaching computers in the first place. They're interested in it reaching the computer, so their product gains importance.

Safety precautions such as deactivating USB ports, limiting connectivity of company or agency computer networks to the internet to necessary connections and so on would be outside the interests of such a software provider.
Civilian IT security advisors can do this, but the small companies (even self-employed individuals) have varied standards of quality and big companies in the business suffer from the typical efficiency and service quality deficiencies of large consulting companies (which focus on attracting customers with much show, and pay less attention to substance).

The government might thus find that certain safety precautions should be sponsored through publication of security standards, enforcing minimum security standards and through controlled efforts at government-influenced companies (including the monopoly electricity network providers).
Whatever efforts of its own it's going to have in regard to IT security; it should be modest. The government is not going to attract many really good employees even if it tried to recruit them to a civilian, non-uniformed agency is a city with great quality of life and better pay than usual for public employees. The few it's going to get should be put to best use.


Finally; kick every bureaucrat in the ass who purports that IT defence specialists could be created by sending someone normal to a course!


S Ortmann
.

7 comments:

  1. The message from the photo is clear: PANIC NOW, your cyberdefense is in the hands of this guy :)

    ReplyDelete
  2. First of all, he isn't a soldier, he is in the Air Force.

    Secondly, it's only nonsense to someone who has to use Google Blogger to make a web page.

    ReplyDelete
  3. It helps not to import the stuff either. The link covers alot.

    "The survey represents “very high-level” concern that China and other countries may be using their growing export sectors to develop built-in spying capabilities in U.S. networks, said a senior U.S. intelligence official who asked not to be named because he wasn’t authorized to speak on the matter."

    title is "Obama Invokes Cold-War Security Powers to Unmask Chinese Telecom Spyware" Nov 2011.

    http://www.bloomberg.com/news/2011-11-30/obama-invokes-cold-war-security-powers-to-unmask-chinese-telecom-spyware.html

    ReplyDelete
  4. Anon, I learnt to write computer programs back in '90, wrote my first webpage in html source code in '97 before I read the slightest bit about how html worked. I looked at source codes of webpages with elements I liked and deduced which command did what.

    I happen to have an idea how IT stuff works and I also happen to appraise the comforts of certain modern editor programs.

    Your second statement is thus falsified.
    Now that was simple.


    Furthermore, you appear to distort the meaning of the word "soldier" intentionally, but that word was defined already and attempts to change or deny its meaning are futile.

    ReplyDelete
    Replies
    1. Dictionary.com:
      soldier: a person who serves in an army.

      army: the military forces of a nation, exclusive of the navy and in some countries the air force. (one of those countries would be the US)

      Now that was really simple. I'll just ascribe your faux pas to your general lack of any real military knowledge.

      Delete
  5. Whom are you trying to fool?

    http://dictionary.reference.com/browse/soldier?s=t
    "sol·dier
       [sohl-jer]
    noun
    1.
    a person who serves in an army; a person engaged in military service.
    2.
    an enlisted man or woman, as distinguished from a commissioned officer: the soldiers' mess and the officers' mess.
    3.
    a person of military skill or experience: George Washington was a great soldier.
    4.
    a person who contends or serves in any cause: a soldier of the Lord.
    5.
    Also called button man. Slang. a low-ranking member of a crime organization or syndicate."


    http://www.thefreedictionary.com/soldier
    "sol·dier (sljr)
    n.
    1. One who serves in an army.
    2. An enlisted person or a noncommissioned officer.
    3. An active, loyal, or militant follower of an organization."


    That was your last post for a long time, troll. My patience with trolls has limits.

    ReplyDelete
  6. I like the caption. I guess they wanted a guy who looked not at all like Bradley Manning.


    ReplyDelete