Re: 10 easy steps to writing the scariest cyberwarfare article ever

[David Farber <dave () farber net>]

Begin forwarded message:

From: Gene Spafford <spaf () cerias purdue edu>
Date: April 14, 2009 11:21:17 PM EDT
To: dave () farber net
Cc: "ip" <ip () v2 listbox com>
Subject: Re: [IP] Re:   10 easy steps to writing the scariest  
cyberwarfare article ever

Let me also note that there are those with either political interests  
(e.g., Russia, China) or economic interests (e.g., some vendors of  
traditional anti-virus and firewalls) who would benefit from either  
ridiculing any stories of real problems or seeking to quash attempts  
to change "business as usual" cybersecurity approaches.   The usual  
methods work here -- select the comments that are the most difficult  
to verify and naysay them.  Aggregate a group of statements and  
statistics that weren't presented together so that the total sounds  
specious.  And, of course, prey on the skepticism that has been  
strongly reinforced over the last decade by the excesses of fear- 
mongering and secrecy by government officials.

Are there major problems?  Certainly, and we have lots of  
documentation that the problems are real and growing. But is the sky  
falling?  Probably not, but for a variety of reasons, most of us don't  
have access to all the data, so we don't know how bad things might  
really be.

Thus, I agree that we should be skeptical of accounts that present  
stories of pending disaster.   But we should also keep in mind that  
there are problems, those problems may well be worse than what we  
believe them to be rather than less severe, that there are those who  
would like us to minimize our response to those problems, and the  
risks posed by doing too little are significant.

Finding the right level of concern is not simple.



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com