May 29 2009

Obama part 2: where did his “$1 trillion” guesstimate come from?

If Obama's top intelligence advisor can't come up with an estimate...
No Gravatar

President Obama’s “cybersecurity” speech on Friday included an unattributed estimate so bizarre that I’m tempted to label it an urban legend. Quoting him:

“It’s been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.”

Let me remind you what I said back in February. Obama’s top intelligence advisor, Dennis Blair, “all but admits the entire U.S. intelligence community lacks data concerning one of the five most important threats America now faces. The mighty Blair himself can do nothing more than quote wild dollar values spouted by two companies — one of them not even involved in economic assessments.”

Federal agencies rely on super­sti­tious rhetoric when it comes to cyber­space secu­rity. Obama doesn’t want change here — he clearly wants Ameri­cans to accept the status quo.

If America’s top intelligence official can’t produce an economic cyber-damage estimate, then how on earth can Obama do it? And why is it such a “clean” number like $1 trillion?

Answer: Obama had no choice but to use someone else’s wild guesstimate. Without attribution.

I’ve railed for at least a decade on the utter lack of metrics in the computer security industry. “The average high school keeps statistics on its girl’s softball team,” I sneered in 2005, yet “the average computer security expert keeps no statistics on virus infections. What’s wrong with this picture?”

Hysteria thrives in computer security because the experts rely on superstition, not metrics. “President 2.0″ now supports their goal to frighten Americans with superstition. Again, what’s wrong with this picture?

I’m certainly not the only one out there who feels this way about cyberspace security guesstimates. I call it “solar calculator math“; others describe it as “RUMINT” (short for “rumor intelligence“).

My good colleague Mich Kabay, Ph.D, recently chimed in yet again in a column titled “Security Metrics Research.” He bemoans the fact “our statistical information is [still] so poor” after fully two decades. Among many other problems, “we use dreadful methodology for collecting information using poorly constructed surveys that have tiny percentages of respondents…”

Vmyths alumni George C. Smith, Ph.D, plowed into the president earlier today for using bad guesstimates. “When Barack Obama reverts to citing dollar figures on losses due to cyberspace incursions, these repeat a general practice of fudging…”

President Obama rode into office on a platform of “change.” Federal agencies rely on superstitious rhetoric when it comes to cyberspace security. Obama clearly wants Americans to believe this superstitious rhetoric—

—what’s wrong with this picture?

  • By Charley BrownNo Gravatar, 19 September 2009 @ 10:45 am

    Although I am an Obama supporter, I can’t help but say that I’m not surprised. It seems as if the intelligence officials of each and every one of our past few presidents conjure up ridiculous numbers when trying to push their specific agenda. I had hoped Obama would be different, but I guess hope gets you no where.

    It is really sad that after 10-15 years, our top government intelligence officials have FAILED when it comes to compiling and understand cyber-security data. One would think the government could reach out to the most intelligent cyber-security experts to compile data that can help them better understand cyber-threats and the security measures that can be take at the least expense to the public. I’m not holding my breath.

    -Charley Brown

    Audio Engineering Schools

    Latest Hip Hop Music

Other Links to this Post