Comments on: Obama (!) spouts an urban legend in his cybersecurity speech http://Vmyths.com/2009/05/29/obama/ Truth about computer security hysteria Tue, 22 Sep 2009 01:09:03 -0700 http://wordpress.org/?v=2.9 hourly 1 By: Rob Rosenberger http://Vmyths.com/2009/05/29/obama/comment-page-1/#comment-504 Rob Rosenberger Tue, 22 Sep 2009 01:09:03 +0000 http://Vmyths.com/?p=656#comment-504 ::My question, though, is how much do you ::think cyber-terrorism/security affects ::and costs the United States annually? Great question, Charley! Before I answer it, let me stress that while the "inside experts" claim they DO know the true scope of your question ... I insist they DON'T know the true scope. Extraordinary claims require extraordinary evidence, which we lack. The inside experts tell the public they can't divulge the truth because Osama bin Laden will use the knowledge to destroy the United States. Everything the public does know, overwhelmingly points to hyperbole and hysteria. So the skeptics say "stop crying wolf" and the inside experts say "we're Cassandras, you just wait and see." So. How much does it cost? Skeptical expert Bruce Schneier describes the cost as a "terrorism tax," similar to the Cold War tax although much more directly extracted from every American's pocketbook. I myself engage in hyperbole when I say "I honestly believe the cyber-terror tax exceeds its return on investment." Why, then, would I let the inside experts turn on me to demand "what evidence supports your belief"? Because I can then respond "well, you're the only one here who can give our audience the evidence they need to disbelieve me. But you won't cough up any evidence for scrutiny, will you?" Still, it doesn't answer your question. So let's make a (somewhat invalid) comparison. "Rob, did we spend too much on the Y2K hysteria?" The answer is "businessmen spent the right amount, but if they spent it in fear, then they spent the right amount for the wrong reason." A college-level logic course will teach you that, given a chocie, you'd rather spend the wrong amount for the right reason, than spend the right amount for the wrong reason. Terrorism of any sort is simply a matter of risk; the money you spend to mitigate it (repeat "mitigate") is essentially an insurance bet. (Professional poker players understand this logic as the "expected value of a hand." Pros would rather lose a hand for the right reason than win a hand for the wrong reason.) So, the answer to your question. The computer security industrial complex doesn't mitigate cyber-terror in a logical manner. We're spending money "wrong," and that's not right. ::Should we be paying more attention to it, ::not necessarily through fear mongering, ::but rather through indepth and accurate ::analysis and understanding? Yes. And I think the government should do it. Sadly, their research remains highly overclassified even by the government's own admission. But it's even worse than most experts realize, and we can expose it with a simple observation. We know the U.S. military analyzes the attacks it gets each day -- knowledge that remains completely out of reach to airmen & soldiers who would use the info to defend their home networks. It's valid to assume major intelligence agencies both friendly (e.g. Israel) and hostile (e.g. North Korea) target the home networks of career officers & sergeants who habitually take FOUO and (yes!) classified info home to work on it after duty hours. Military analysis would at least yield a realtime blackhole list, yet the knowledge goes to waste on home networks where it would prove particularly useful. I forget who once said "analysis that cannot be obtained is analysis that does not exist." The military's (public) release of a realtime blackhole list would do wonders in the realm of information protection. But they don't release it ... so it doesn't exist for those who could benefit from it. Crud. Did I just say "we do analysis wrong"? ...Did I answer both of your questions, Charley? ::My question, though, is how much do you
::think cyber-terrorism/security affects
::and costs the United States annually?

Great question, Charley! Before I answer it, let me stress that while the “inside experts” claim they DO know the true scope of your question … I insist they DON’T know the true scope. Extraordinary claims require extraordinary evidence, which we lack. The inside experts tell the public they can’t divulge the truth because Osama bin Laden will use the knowledge to destroy the United States. Everything the public does know, overwhelmingly points to hyperbole and hysteria. So the skeptics say “stop crying wolf” and the inside experts say “we’re Cassandras, you just wait and see.”

So. How much does it cost? Skeptical expert Bruce Schneier describes the cost as a “terrorism tax,” similar to the Cold War tax although much more directly extracted from every American’s pocketbook.

I myself engage in hyperbole when I say “I honestly believe the cyber-terror tax exceeds its return on investment.” Why, then, would I let the inside experts turn on me to demand “what evidence supports your belief”? Because I can then respond “well, you’re the only one here who can give our audience the evidence they need to disbelieve me. But you won’t cough up any evidence for scrutiny, will you?”

Still, it doesn’t answer your question. So let’s make a (somewhat invalid) comparison. “Rob, did we spend too much on the Y2K hysteria?” The answer is “businessmen spent the right amount, but if they spent it in fear, then they spent the right amount for the wrong reason.” A college-level logic course will teach you that, given a chocie, you’d rather spend the wrong amount for the right reason, than spend the right amount for the wrong reason. Terrorism of any sort is simply a matter of risk; the money you spend to mitigate it (repeat “mitigate”) is essentially an insurance bet. (Professional poker players understand this logic as the “expected value of a hand.” Pros would rather lose a hand for the right reason than win a hand for the wrong reason.)

So, the answer to your question. The computer security industrial complex doesn’t mitigate cyber-terror in a logical manner. We’re spending money “wrong,” and that’s not right.

::Should we be paying more attention to it,
::not necessarily through fear mongering,
::but rather through indepth and accurate
::analysis and understanding?

Yes. And I think the government should do it. Sadly, their research remains highly overclassified even by the government’s own admission.

But it’s even worse than most experts realize, and we can expose it with a simple observation. We know the U.S. military analyzes the attacks it gets each day — knowledge that remains completely out of reach to airmen & soldiers who would use the info to defend their home networks. It’s valid to assume major intelligence agencies both friendly (e.g. Israel) and hostile (e.g. North Korea) target the home networks of career officers & sergeants who habitually take FOUO and (yes!) classified info home to work on it after duty hours. Military analysis would at least yield a realtime blackhole list, yet the knowledge goes to waste on home networks where it would prove particularly useful.

I forget who once said “analysis that cannot be obtained is analysis that does not exist.” The military’s (public) release of a realtime blackhole list would do wonders in the realm of information protection. But they don’t release it … so it doesn’t exist for those who could benefit from it.

Crud. Did I just say “we do analysis wrong”?

…Did I answer both of your questions, Charley?

]]> By: Charley Brown http://Vmyths.com/2009/05/29/obama/comment-page-1/#comment-502 Charley Brown Sat, 19 Sep 2009 15:11:01 +0000 http://Vmyths.com/?p=656#comment-502 I probably should have read part one before parts 2 and 3 of this article, but I do have a question. You mentioned in part 2 that government intelligence officials have lacked data and appropriate computations regarding the prevalence and cost of cyber-terrorism and cyber-security. Obama, Clinton and past Presidents have used faulty intelligence information to push agendas. My question, though, is how much do you think cyber-terrorism/security affects and costs the United States annually? Should we be paying more attention to it, not necessarily through fear mongering, but rather through indepth and accurate analysis and understanding? Perhaps it is the fear mongering, but I do feel that as we progress further into a global, digital environment, there is a need for cyber-security. Do I agree with Obama and his numbers on this issue? Not at all, I feel as if its a tactic to push agenda rather than really focusing on what should be done about it. I'm just curious to see how you feel about the core of the issue beyond Obama's blunder. -Charley Brown <a href="http://www.welivethis.com/newsfeed/2009/09/13/audio-engineering-schools/" rel="nofollow">Audio Engineering Schools</a> <a href="http://www.welivethis.com/newsfeed/category/hiphop-music/" rel="nofollow">Latest Hip Hop Music</a> I probably should have read part one before parts 2 and 3 of this article, but I do have a question. You mentioned in part 2 that government intelligence officials have lacked data and appropriate computations regarding the prevalence and cost of cyber-terrorism and cyber-security. Obama, Clinton and past Presidents have used faulty intelligence information to push agendas. My question, though, is how much do you think cyber-terrorism/security affects and costs the United States annually? Should we be paying more attention to it, not necessarily through fear mongering, but rather through indepth and accurate analysis and understanding? Perhaps it is the fear mongering, but I do feel that as we progress further into a global, digital environment, there is a need for cyber-security. Do I agree with Obama and his numbers on this issue? Not at all, I feel as if its a tactic to push agenda rather than really focusing on what should be done about it. I’m just curious to see how you feel about the core of the issue beyond Obama’s blunder.

-Charley Brown

Audio Engineering Schools

Latest Hip Hop Music

]]> By: Andrews http://Vmyths.com/2009/05/29/obama/comment-page-1/#comment-176 Andrews Mon, 01 Jun 2009 21:14:45 +0000 http://Vmyths.com/?p=656#comment-176 <strong>One More...</strong> I will write on this alter, as I have to run in a few minutes, but here is an interesting article on Obama's speech spouting an urban myth. Can't wait for his task force to solve all those cattle mutilations and get the alligators out of the sewers..... One More…

I will write on this alter, as I have to run in a few minutes, but here is an interesting article on Obama’s speech spouting an urban myth. Can’t wait for his task force to solve all those cattle mutilations and get the alligators out of the sewers…..

]]>