If Obama's top intelligence advisor can't come up with an estimate...
President Obama’s “cybersecurity” speech on Friday included an unattributed estimate so bizarre that I’m tempted to label it an urban legend. Quoting him:
“It’s been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.”
Let me remind you what I said back in February. Obama’s top intelligence advisor, Dennis Blair, “all but admits the entire U.S. intelligence community lacks data concerning one of the five most important threats America now faces. The mighty Blair himself can do nothing more than quote wild dollar values spouted by two companies — one of them not even involved in economic assessments.”
Federal agencies rely on superstitious rhetoric when it comes to cyberspace security. Obama doesn’t want change here — he clearly wants Americans to accept the status quo.
If America’s top intelligence official can’t produce an economic cyber-damage estimate, then how on earth can Obama do it? And why is it such a “clean” number like $1 trillion?
Answer: Obama had no choice but to use someone else’s wild guesstimate. Without attribution.
I’ve railed for at least a decade on the utter lack of metrics in the computer security industry. “The average high school keeps statistics on its girl’s softball team,” I sneered in 2005, yet “the average computer security expert keeps no statistics on virus infections. What’s wrong with this picture?”
Hysteria thrives in computer security because the experts rely on superstition, not metrics. “President 2.0″ now supports their goal to frighten Americans with superstition. Again, what’s wrong with this picture?
My good colleague Mich Kabay, Ph.D, recently chimed in yet again in a column titled “Security Metrics Research.” He bemoans the fact “our statistical information is [still] so poor” after fully two decades. Among many other problems, “we use dreadful methodology for collecting information using poorly constructed surveys that have tiny percentages of respondents…”
Vmyths alumni George C. Smith, Ph.D, plowed into the president earlier today for using bad guesstimates. “When Barack Obama reverts to citing dollar figures on losses due to cyberspace incursions, these repeat a general practice of fudging…”
President Obama rode into office on a platform of “change.” Federal agencies rely on superstitious rhetoric when it comes to cyberspace security. Obama clearly wants Americans to believe this superstitious rhetoric—
—what’s wrong with this picture?