more on "The Sky Really Is Falling"

[David Farber <dave () farber net>]

Begin forwarded message:

From: Raymcfarld () aol com
Date: October 3, 2005 1:54:55 AM EDT
To: dave () farber net
Subject: Re: [IP] "The Sky Really Is Falling"


There has been a lot of good research done over the past 10 and even  
15 years on computer and network security. DARPA and NSF have both  
made major investments in that area over the years, not to mention  
other Federal Agencies.

The problem is not the Science, nor the Engineering. The problem is  
that the private sector experiences NO negative financial impact on  
their bottom line when they have a security breach. A study was done  
by the U Md Business School that found the stock value of a company,  
after announcing a major security breach, either did not change, or  
soon returned to its previous value.

Thus security technology is seen as a negative impact to the bottom  
line, with no commensurate financial gain. Were any of the companies  
ultimately financially hurt (i.e. did their stock value return to  
where it was before the breach?) when the credit card information  
they held on people were ripped off? Did they have to pay restitution  
to all those whose information were compromised? Did they have to pay  
a heavy fine for having been an agent (through lack of proper  
security) of the violation of the privacy of citizens?

There's your answer. Prior to retiring, I actually argued in an inter- 
Agency forum for the lack of need for funding even more new secuirty  
technology until we understood how to solve this fundamental  
businbess problem, and that funds should be redirected to that. At  
best, I was ignored. At worst, I was reviled. And so it goes.

Ray

PS      I am beginning to believe that some people are even going to  
find a way to blame their hemorrhoid problem on the Bush  
Administration. Anyone ever stop to think that all of the
idiot-ologies today on both (all?) sides have the Government in knots  
(especially the Congress) and incapable of doing anything reasonable  
because of the inability to find common ground?

In a message dated 10/2/05 12:45:02 PM, dave () farber net writes:


> PITAC's report on cybersecurity, called "Cyber Security: A Crisis of
> Prioritization," was published in February. "The title nicely  
> summarizes
> our findings," says Lazowska. "There is a crisis, and it is due to a
> failure to adequately prioritize this issue-a failure by CIOs, and a
> failure by the federal government."
>
> Lazowska doesn't pull any punches when discussing the Bush
> administration's approach to the issue. "In my opinion," he says,  
> "this
> administration does not value science, engineering, advanced education
> and research as much as it should-as much as the future health of the
> nation requires." As a result, he says, the private sector-and CIOs in
> particular-won't be able to buy the products that they need to  
> truly be
> secure unless they demand more from their government and, just as
> importantly, show a commitment to cybersecurity by paying for state of
> the art products.



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/