Shockingly Unshocking: 'Cybersecurity' FUD Has Been Big Big Business For Contractors
from the well,-look-at-that dept
Back when this hype about “cybersecurity” and “cyberwar” first started to hit the mainstream (early on, “cyberwar” was more common, but lately people focus on “cybersecurity”), we had an article which suggested that much of this really seemed to be about scaring up a panic for the sake of throwing money at defense contractors who wanted to charge crazy huge sums for “helping” with cybersecurity. And, as we noted, that push was leading to hundreds of millions of dollars in government contracts. It appears that, with cybersecurity FUD only getting bigger and bigger, the folks who are making out like bandits are all those defense contractors who are jumping in to fan the flames of FUD… and then taking our taxpayer money to “fix” the problem.
In that link above, they talk about Lockheed and Raytheon signing agreements with Homeland Security in which they get to “help” the government out by scanning email and other info collected by the NSA.
Under the program, critical infrastructure companies will pay the providers, which will use the classified information to block attacks before they reach the customers. The classified information involves suspect Web addresses, strings of characters, email sender names and the like.
None of this necessarily means that online attacks aren’t a real threat… but I’d feel a lot more comfortable about where things were heading if there weren’t a whole bunch of defense contractors gleefully rubbing their hands together as they scoop up more and more contracts while the FUD keeps spreading.
Filed Under: business, cybersecurity, defense contractors, fud
Comments on “Shockingly Unshocking: 'Cybersecurity' FUD Has Been Big Big Business For Contractors”
It’s no surprise that defense contractors are stoking the FUD for contracts.
What is surprising to me, and maybe this is because I’ve lost sight of what its like to not be aware of security issues, is somehow they’re selling the notion that giving up all our data to the government will somehow help improve system security.
The best thing government could do to improve their security practices is to beg knowledge from private sector engineers. Most executive branch sites have been repeatedly rolled hard by amateurs, and there’s no excuse for that.
Gathering Personally Identifiable information from the masses will accurately identify precisely zero real threats when it comes to actual hackers. That’s the nature of a well designed attack. What government needs is technical accumen and to RTFM.
Re: Re:
What government needs is technical accumen and to RTFM.
Correct. Which is precisely why it’ll never happen.
Instead, the government will spend millions (if not billions) on ineffective “cybersecurity solutions”, allowing the politicians involved to grandstand about their supposed efforts in making the country safer.
Actually making the country safer would prevent further grandstanding, so it won’t happen. In fact, just the opposite: the government will make its servers more vulnerable, intentionally allowing attacks to happen, and then spin the attacks into a need for further absurd legislation and even more “cyberdefense” spending.
Re: Re: Re:
You’re presuming that the government is capable of that kind of coordination. Have you ever actually worked for/in the federal government?
Re: Re:
While I agree the government is wasting millions, I think your comment on the private sector is probably apt. In fact it’s the private sector fixing and causing most of the issues.
I’ve been reading for the past couple of days about recursive DNS issues and BCP38 not being implemented on service providers here in the US. Next thing up was the news of Spamhaus being DDoS’d by recursive DNS attacks. http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
I would suspect that most of these attacks are originating from private companies not implementing technology already available and TCO is probably rather low. (It was a few hours time from my perspective at least.)
Do we need new laws? I would say no, but I think we do need public outcry of companies not following best practices. A good example would be when Comcast decided to use DPI to block BitTorrent.
Re: Re:
Couldn’t agree more. I’ve seen typical government security practices first hand, and they’re not pretty.
First sell the problem… so then you can sell the solution.
Re: Re:
Institutions will try to preserve the problem to which they are the solution.
Heligan Dialectic
Cuz dats what we do
http://www.washingtonpost.com/blogs/worldviews/wp/2013/02/19/chinese-hacking-obama-admin-signals-it-will-elevate-issue-with-beijing/
It’s just moving to the virtual field since it’s getting harder to go to war in the physical realm without people criticizing the expenditures and the collateral damage (civilians causalities, misbehavior from the troops with even raping included and so on). The virtual world is ethereal and what’s done there can’t be easily caught on camera or things like that.
I’m expecting some cyber-9/11 with a following cyber-Patriot Act soon. That’s how the US has been doing business since Marshall Plan (probably some time before that). USSR tried too with the Warsaw Pact. It’s pure greed and it’s much older than we think.
There are reports that money going to rebuild a lot of countries simply go to the hands of huge American consultants and companies instead of benefiting the public. It’s a huge scam.
They are just adapting to times.
Attacks depend on Microsoft mono-culture.
IF we had a HEALTHY market and less-than-comatose DOJ Anti-trust div, then would be more than the ONE operating system worldwide so that attacks wouldn’t always succeed. (Yeah, yeah: Apple. Pffft! Even if there’s now TWO, it’s not a healthy market, not with those super-control-freak weenies.) But, that too is now a vanished dream stolen by corporate greed.
Re: Attacks depend on Microsoft mono-culture.
Considering most significant attacks would be against servers and not individual users, and considering how many servers are running some variant of UNIX, I’d say you don’t really know what you’re talking about. I mean, not that that surprises anyone.
Re: Re: Attacks depend on Microsoft mono-culture.
The attacks may be on Lunix/Unix servers but they usually originate from botnets that run solely on virus infected Windows machines.
Re: Re: Attacks depend on Microsoft mono-culture.
Surprisingly he’s not wrong for once. Our government has been unwilling to adopt a non-Microsoft OS for any large scale deployment so it wouldn’t be all that strange for the Government’s servers to be Windows as well. And since it’s Windows it is gonna be more vulnerable.
I think he just failed at trolling this time. Time will tell.
Uuugggghh! “Cyber”…so 1992! They’re tossing this term around, attaching it to this and that (invoking images of Dr. Who and the Cybermen), and it means NOTHING! It is a word-shaped noise!
Gah, I can’t take them seriously at all and that’s before all the fearmonger fingering of money holes…which sounds like cybersex. Wanna cyber? Guh! Quittit!
how many times has it been said here and elsewhere that those that are promoting the ‘cyber security’ crackdowns that are needed are probably on the take from particular companies. if contracts are awarded, the profits are huge and the rewards for giving those contracts, after spreading the lies about how the world will end if there aren’t stricter laws brought in, would be massive to the sponsors. it’s so obvious, it hurts. it must also indicate how many in Congress are going to benefit from it as well.
FUD has been normal operations for as long as I can remember. The entire Cold War was FUD as the Russians never at any time were a credible military threat despite all their nuclear missiles. We had them nailed and knew what they were doing at every moment with vastly superior high altitude reconnaissance (the U2, SR-71 Blackbird and eventually satellites).
Yet the Air Force constantly begged for and got more nuclear missiles plus a (really) nasty plutonium based nuclear energy program to go with it. Thorium is arguably safer and its potential breeder reactors don’t produce bomb grade material. Massive overkill.
So now we have cyber threats and cyber security from cyber warfare. As if anyone had to actually use an almost meaningless movie/Hollywood (Dr Who! Yes.) term for marketing purposes. The only threat I feel is from the gullible Washington politicians able to swallow the FUD whole. Am sure the special interest money lozenge helped it go down easier.
Its not hundreds of millions its way past billions and to what effect? None. Spamhaus is arguably doing a better job than the entire US government despite the recent tassel with Cyberbunker spammers.
In no way do I think US government will be able to guard any house or corporation from china or whoever wants to attack. Happens all the time and its the best way to get security to a level that works for all. A lot of it was lax open un-updated browsers anyway.
Were the rumors true that some US gov back-doors were used? Hahaha. If so, I bet both sides actually thought they were clever. Making something secure (good) is harder than breaking it. Some 12 year olds could have done that and probably someone of equal age that pointed out the security leak. (To be thrown in jail by CFAA TOS violations of course.)
Its a shame that people like Weev (whatever anyone thinks of him) are kicked around with the CFAA and actually helping ignorance instead of working with the smarter hackers who know what they are doing.
What has the government been doing except trying to enforce the completely unenforceable copyright laws at the behest of Hollywood? Meddling is more like it. A drain on the economy and of no benefit to society at all. Please toss off the old legacy corporate monopolies and embrace technology and how it can help society grow through cultural sharing.
What cyberpublic-domain expansion plans does washington have to increase the media material for the public to build cool web aps and specialized sites? What cyber-copyright reduction plans to reduce the civil and criminal liability to the public at large of the casual Fair Use of media? (or of even just using the media itself? FCOLoud) How about a Cyber-Cultral revival plan? How about some cyber diapers to keep in all the cyber bullying?
-toss another 2 page rant- (no theme)
Why the fuck do you need to go through peoples houses, when what you need to do is build a fucking wall around the settlement
Defensive security, not bloody offensive intrusions