Re: Article in today's NYT - cybersecurity

[Joe St Sauver <joe () OREGON UOREGON EDU>]

Willis Marti <wmarti () tamu edu> commented:

#Not sure that this article is really news. And I wonder how confident people
#are in citing amount, or source, of increase. We've seen near constant
#"attacks" for years. 

Agree 100%.

As I mentioned in a discussion elsewhere, part of the problem is that 
this article (like most articles in the popular media) lacks hard 
longitudinal data on the problem. As the saying goes, "In God we trust; 
all others must bring data." As academics, we should always *insist* 
on seeing data, rather than just relying on subjective opinions.

> From my POV (purely a subjective opinion :-)), most of the security 
challenges we face on the Internet are the result of bots. So are we 
seeing more bots, or fewer bots? Check out this graph: 

   http://www.eleven.de/tl_files/timeline/index-en.html 

While that graph is now a year old, the picture it paints is quite clear:
the community can (and has) made substantial progress against botnets,
and that can be explicitly observed seen in things such as spam levels
(think of spam as being a nice easily visible proxy measure for underlying
security problems). 

Thus, from my POV, the sky is NOT falling, either in higher ed, or elsewhere.

Of course, that isn't the sort of response that popular journalists like
to hear -- you don't sell papers if the quote is, "The cyber security
picture? Well, it's pretty much the same as it was last year, or five 
years go, although it varies over time and from site to site, just like 
the weather."

Shrug.

Those who may want to read more about security metrics-related challenges
may want to see the report I wrote on behalf of Working Group 7 (Botnets) 
for the FCC Communications Security, Reliability and Interoperability Council 
in March, see p. 62-89 of
http://www.fcc.gov/bureaus/pshs/advisory/csric3/CSRIC_III_WG7_Report_March_%202013.pdf

Regards,

Joe

Disclaimer: all opinions my own.