Begin forwarded message: From: Raymcfarld@xxxxxxx Date: October 3, 2005 1:54:55 AM EDT To: dave@xxxxxxxxxx Subject: Re: [IP] "The Sky Really Is Falling"There has been a lot of good research done over the past 10 and even 15 years on computer and network security. DARPA and NSF have both made major investments in that area over the years, not to mention other Federal Agencies.
The problem is not the Science, nor the Engineering. The problem is that the private sector experiences NO negative financial impact on their bottom line when they have a security breach. A study was done by the U Md Business School that found the stock value of a company, after announcing a major security breach, either did not change, or soon returned to its previous value.
Thus security technology is seen as a negative impact to the bottom line, with no commensurate financial gain. Were any of the companies ultimately financially hurt (i.e. did their stock value return to where it was before the breach?) when the credit card information they held on people were ripped off? Did they have to pay restitution to all those whose information were compromised? Did they have to pay a heavy fine for having been an agent (through lack of proper security) of the violation of the privacy of citizens?
There's your answer. Prior to retiring, I actually argued in an inter- Agency forum for the lack of need for funding even more new secuirty technology until we understood how to solve this fundamental businbess problem, and that funds should be redirected to that. At best, I was ignored. At worst, I was reviled. And so it goes.
RayPS I am beginning to believe that some people are even going to find a way to blame their hemorrhoid problem on the Bush Administration. Anyone ever stop to think that all of the idiot-ologies today on both (all?) sides have the Government in knots (especially the Congress) and incapable of doing anything reasonable because of the inability to find common ground?
In a message dated 10/2/05 12:45:02 PM, dave@xxxxxxxxxx writes:
PITAC's report on cybersecurity, called "Cyber Security: A Crisis ofPrioritization," was published in February. "The title nicely summarizesour findings," says Lazowska. "There is a crisis, and it is due to a failure to adequately prioritize this issue-a failure by CIOs, and a failure by the federal government." Lazowska doesn't pull any punches when discussing the Bushadministration's approach to the issue. "In my opinion," he says, "thisadministration does not value science, engineering, advanced education and research as much as it should-as much as the future health of the nation requires." As a result, he says, the private sector-and CIOs inparticular-won't be able to buy the products that they need to truly besecure unless they demand more from their government and, just as importantly, show a commitment to cybersecurity by paying for state of the art products.
------------------------------------- You are subscribed as roessler@xxxxxxxxxxxxxxxxxx To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/