Educause Security Discussion mailing list archives

Re: New Internet for Security

From: Gene Spafford <spaf () CERIAS PURDUE EDU>
Date: Sun, 15 Feb 2009 11:51:58 -0500

The following link is to a blog entry someone wrote about John
Markoff's piece in the NY Times yesterday.  Not surprisingly, I agree
with it:
http://davidakin.blogware.com/blog/_archives/2009/2/14/4093378.html

On Dave Farber's list there was some discussion of this, and then a
post about yet another breach of a credit card processor.  I wrote the
following:

Consider that some estimates of losses to computer crime and fraud
are in the many billions of $$ per year.  Consider how much money is
repeatedly spent on reissuing credit and debit cards, restoring
systems from backups, trying to remove spyware, bots, viruses, and
the like.  Consider how much is spent on defense mechanisms than
only work in limited cases -- anti-virus, IDS, firewalls, DLP, yet
latest fad.

What effect does that play on global economic downturn?  It is
certainly a drag on the economy.

Now, think about the solutions being put forward, such as putting
all your corporate assets and sensitive records "out in the cloud"
somewhere, on servers that are likely less well-protected or
isolated than the ones being regularly compromised at the banks and
card processors.   But it will look cheaper because organizations
won't need to maintain resources in-house.  And it is already being
hyped by companies, the NSF and CCC as "the future."  Who can resist
the future?

Now, stir in the economic conditions where any talk of replacing
infrastructure with something that costs more at first, or that
needs more than a minor change of business processes is going to be
dismissed immediately as "crazy."

And let's not forget that when the economy goes bad, more criminal
behavior is likely as people seek value wherever they can find it.

And yet, the institutional responses from government and big vendors
will be more of the same:  update the patches, and apply another
layer of gauze.



The situation isn't going to get better -- it's going to get
worse.   Much worse.


--spaf

Current thread:

New Internet for Security Theresa Rowe (Feb 15)
- <Possible follow-ups>
- Re: New Internet for Security Marty Manjak (Feb 15)
- Re: New Internet for Security Gene Spafford (Feb 15)
- Re: New Internet for Security Tracy Mitrano (Feb 15)
- Re: New Internet for Security David Shettler (Feb 15)
- Re: New Internet for Security Jeffrey I. Schiller (Feb 15)
- Re: New Internet for Security John Bambenek (Feb 15)
- Re: New Internet for Security Leo Song (Feb 15)
- Re: New Internet for Security Dennis Meharchand (Feb 15)
- Re: New Internet for Security Kevin Shalla (Feb 16)
- Re: New Internet for Security Hugh Burley (Feb 16)
- Re: New Internet for Security Keith Schoenefeld (Feb 16)
- Re: New Internet for Security Valdis Kletnieks (Feb 17)

(Thread continues...)