Tuesday, April 14, 2009

Cyber Security Hype Reloaded

Following up on our original discussion about the hype surrounding the threat to the power grid, Nart Villeneuve shreds the myths surrounding the WSJ story and shines a light on the more pressing threat to critical infrastructure.

Nart writes,

Now, the point here is not to diminish the threat of attack against critical infrastructure but to point out that the hype-based approach ends up bringing focus on the wrong kinds of threats. By focusing on external Internet-based threats (that may or not really exist) the focus on the insider threat is lost.

In many cases the insider threat is of more importance than an external, Internet-based threat (especially when such systems are *not* connected to the Internet).
As a point of reference, Nart helped lead the Ghostnet investigation and is widely respected throughout the Information Security community. His opinions should be taken very seriously. You can find him online here.

1 comment:

Jeffrey Michael Comfort said...

I would be quite willing to agree with Mr. Villeneuve on this particular point. While it is obvious that this nation faces a distinct threat from cyber attack, the threat of an opposition force penetrating our own infrastructure is just as worrisome. Government hiring policies don’t seem stringent enough to me, with the FAA serving as a key example of systemic incompetence. The standards for workers are far too low and background checks likely are not thorough enough to prevent someone from infiltrating a key utilities operation. I think preventing such a thing would be difficult at best considering how vast our government run utilities networks expand. Having a more strict hiring policy and requiring constant surveillance as well as extensive background checks would be much safer but also cost an incredible amount to the tax payer. The decision now seems to be how willing are we to pay more in order to feel safe?