The intent to defend America’s IT infrastructure is quite old, but often even new initiatives are so mired in secrecy that nothing ends up happening. Recently, the Obama administration declassified pieces of the Bush era Comprehensive National Cybersecurity Initiative which was an effort to make sweeping changes to America’s security posture. A subsequent congressional review of the declassified portion concluded that while the plan had areas of significant merit, the declassified pieces presented various characteristics that were at odds with itself and along with hindrances to the development of solutions. For instance, the findings state the program was too secret for its own good (essentially nobody could work on it since nobody knew about it) and that R&D should be centrally managed by a specialized agency such as DARPA rather than parceled out piecemeal to competing academic environments.
In other cyber news, arrests were being made across the globe in conjunction with various operations to nab hacking rings. Captures were made of BotNet operators controlling networks exceeding 13 million infected hosts. But security analysts criticize the claims of victory because operating a BotNet or using attack tools often “takes no more skill than it takes to run Microsoft Office.” Researchers argue the underbelly of the hacking realm, where the exploits are being discovered and the tools themselves written are the high value targets, except those individuals are often shadowed so deeply its almost impossible to find them. The experts assert money chasing the criminals is practically a wasted effort and that it would be better spent on user education to combat them with a knowledgable defense instead.
Similarly tagged OmniNerd content: