The Cybersecurity Industrial Complex

[Dave Farber <dave () farber net>]

The Cybersecurity Industrial Complex

The Feds have a massive, multiagency plan to protect the national
information infrastructure. Get ready for IT police and network smart bombs.

By Bruce Sterling

Since the dawn of the information age, computer security commandos have
battled the Four Horsemen of the Infocalypse: child pornographers, drug
lords, mafiosi, and terrorists. A noble struggle, to be sure, but mostly
vaporwar.

Computer cops have long predicted that a massive cyberdisaster would
transform their field from an underfunded annex into a law enforcement
cornerstone. On 9/11, disaster struck, and whileal Qaeda doesn't appear to
have mastered high tech, a year later the President's Critical
Infrastructure Protection Board has unveiled a comprehensive plan: "The
National Strategy to Secure Cyberspace." It's not a precise scheme for
defeating cyberwar, cyberterror, and cybercrime, but the 58-page document
does give a firm sense of the immense bureaucratic scale and vast budget
required.

Self-appointed security experts may scoff, yet "National Strategy" is
actually a well-informed report written by sober, career-oriented
functionaries. Richard Clarke and Howard Schmidt, the board's chair and vice
chair, respectively, have broad experience that ranges from police work to
the Air Force to the National Security Council to Microsoft. And there's
money on the table. The $1.4 billion a year currently spent to secure
federal computers is likely to expand by a factor of 10 during the rest of
the Bush presidency. Given the present lean times, many clever hands will
have their palms out. "National Strategy" cordially name-checks nearly every
outfit that might improve the situation.

Who will secure America's computing resources? Here's a brief list of
organizations mentioned in the report, ranked from most formidable to least
effectual, along with my best guesses as to their marching orders.
Cyberterrorists beware: This is what you're up against.

Defense Department
If you're operating on foreign soil, the DOD will blow up your desktop and
comb the wreckage for incriminating data.

National Security Agency/UKUSA Echelon
Outside and possibly inside the US, these spooks will listen in on your
phone calls and read your faxes and email.

Federal Bureau of Investigation
The FBI will continue being the FBI, only bigger and angrier.

Targets: global terror and multinational business crime.

Secret Service
The earphone army will collar money launderers, credit card and bank
fraudsters, plus anybody "of protective interest."

Federal Telecommunications and Information Systems Infrastructure
This hypothetical outfit will get federal communications off the hack-prone
Internet and onto safe, dedicated hardware.

National Homeland Security Portal
This is a one-stop Web shop for security patches and approved encryption,
still in the idea stage.

Office of Management and Budget
The OMB will map federal networks and issue security report cards. A bad
grade means you lose your computer money.

National Infrastructure Assurance Partnership
NIAP reps will make sure your workplace hardware meets their standards. Do
what they say or your insurance will skyrocket.

National Institute of Standards and Technology
NIST's Computer Security Resource Center will write primers, distribute
patches, and hand out cool security toys.

Federal Computer Incident Response Center
When new 'sploits devastate government routers, these white hats will man
the servers.

National Infrastructure Protection Center
This is an attempt to keep data lines open among 18,000 federal, state, and
local law enforcers should all hell break loose.

Federal Emergency Management Agency
The valiant disaster relief office will rush food and clothing to American
cyberwar casualties.

Task Force on Computer and Network Security
Responsible for locking down the .edu sector, this agency will sniff out
student hackers and have them expelled.

Partnership for Critical Infrastructure Security
This confederation will roll 13 federal agencies and 60 businesses into a
military-industrial complex for waging long-term infowar.

Information Sharing and Analysis Centers
Here, corporate players who otherwise would be conspiring in restraint of
trade can share "sector-specific security information."

Cyberspace Academy
This imaginary defense school will trade hordes of Cyber Corps soldiers for
the expanding security apparatus.

Forum of Incident Response and Security Teams
A vague diplomatic huddle where Americans will argue about security with
increasingly alienated Europeans, Japanese, Indians, Canadians, Australians,
and Chinese.
------------------------------------------------------------------------

Email Bruce Sterling at bruces () well com.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/