Cybersecurity Hype

[InfoSec News <alerts () infosecnews org>]

http://www.cato-at-liberty.org/cybersecurity-hype/

By Jim Harper
Cato @ Liberty
February 21, 2012

The approving response of an IT security professional last week pointed 
me to a story about cybersecurity in which I’m featured. The story and 
accompanying video are called: “Is Cyberwar Hype Fuelling a 
Cybersecurity-Industrial Complex?” It’s a really good look at how 
government contractors, many former government officials, are working 
Washington to generate an issue.

How rare is it that a cybersecurity news report includes even a word of 
doubt about the nature and scope of the threat? How rare is it that any 
news report includes a word of doubt about the nature and scope of 
threats?

My correspondent, who works at a public utility in IT security, said 
some things that are fascinating and important.

    We are being asked to do things that have no practical risk
    reduction value purely for the perceived benefit. It takes no
    effort to say that the cyber world is about to end yet it takes
    tremendous effort to continually demonstrate that we are prepared
    for anything.

In other words, operators of so-called “critical infrastructure” are 
already wasting effort on things that look like improved security 
because they’re in the position of proving that nothing could ever go 
wrong. This is because cybersecurity fear-mongerers are spinning 
apocalyptic tales. Imagine what it will be like when varied government 
bureaucracies are calling on the private sector to prove they are 
implementing endlessly varying, imagination-based federal cybersecurity 
dictates.

[...]

______________________________________________________________________________
Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get
a free class invitation and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill