Educause Security Discussion mailing list archives
Re: New Internet for Security
From: Gene Spafford <spaf () CERIAS PURDUE EDU>
Date: Sun, 15 Feb 2009 11:51:58 -0500
The following link is to a blog entry someone wrote about John Markoff's piece in the NY Times yesterday. Not surprisingly, I agree with it: http://davidakin.blogware.com/blog/_archives/2009/2/14/4093378.html On Dave Farber's list there was some discussion of this, and then a post about yet another breach of a credit card processor. I wrote the following:
Consider that some estimates of losses to computer crime and fraud are in the many billions of $$ per year. Consider how much money is repeatedly spent on reissuing credit and debit cards, restoring systems from backups, trying to remove spyware, bots, viruses, and the like. Consider how much is spent on defense mechanisms than only work in limited cases -- anti-virus, IDS, firewalls, DLP, yet latest fad. What effect does that play on global economic downturn? It is certainly a drag on the economy. Now, think about the solutions being put forward, such as putting all your corporate assets and sensitive records "out in the cloud" somewhere, on servers that are likely less well-protected or isolated than the ones being regularly compromised at the banks and card processors. But it will look cheaper because organizations won't need to maintain resources in-house. And it is already being hyped by companies, the NSF and CCC as "the future." Who can resist the future? Now, stir in the economic conditions where any talk of replacing infrastructure with something that costs more at first, or that needs more than a minor change of business processes is going to be dismissed immediately as "crazy." And let's not forget that when the economy goes bad, more criminal behavior is likely as people seek value wherever they can find it. And yet, the institutional responses from government and big vendors will be more of the same: update the patches, and apply another layer of gauze. The situation isn't going to get better -- it's going to get worse. Much worse.
--spaf
Current thread:
- New Internet for Security Theresa Rowe (Feb 15)
- <Possible follow-ups>
- Re: New Internet for Security Marty Manjak (Feb 15)
- Re: New Internet for Security Gene Spafford (Feb 15)
- Re: New Internet for Security Tracy Mitrano (Feb 15)
- Re: New Internet for Security David Shettler (Feb 15)
- Re: New Internet for Security Jeffrey I. Schiller (Feb 15)
- Re: New Internet for Security John Bambenek (Feb 15)
- Re: New Internet for Security Leo Song (Feb 15)
- Re: New Internet for Security Dennis Meharchand (Feb 15)
- Re: New Internet for Security Kevin Shalla (Feb 16)
- Re: New Internet for Security Hugh Burley (Feb 16)
- Re: New Internet for Security Keith Schoenefeld (Feb 16)
- Re: New Internet for Security Valdis Kletnieks (Feb 17)
(Thread continues...)