Sometimes I sound like a doom and gloom fanatic. I promise you I am not, really; my friend Zoltan is the true king of doomsaying. But I am realistically very deeply concerned about, oh, a number of things, like SCADA systems accessible over the Internet, and custom malware for industrial controllers. So in a sense it’s reassuring to read in NetworkWorld.com that I’m not the only one.
The U.S. is headed toward a “cybersecurity disaster,” according to a Bloomberg Government study. The Ponemon Institute said that to stop 95% of the cybersecurity attacks, companies would need to spend nine times as much, which would “boost spending to a group total of $46.6 billion from the current $5.3 billion.”
http://www.networkworld.com/community/blog/can-homeland-security-prevent-cybersecurity-critical-infrastructure-disaster
Given the extremely weak private sector economy right now, and the impending economic disaster of tax increases and federal spending cuts, it’s not bloody likely that private enterprise is going to spend like that. My personal experience bears this out: everyone is holding off on spending, and getting buy-in on security is practically impossible.
If our infrastructure is being hacked is not in question. It is and has been for years. China is our bigtime cyber-enemy. A recent counterintelligence report basically said, “China and Russia cyberspies are hell-bent on espionage and trying to steal U.S. secrets in cyberspace.” Nation states have hackers who hammer away at us every single day.
(same URL)
Yes, that bears out: I’ve pored over too many logs, done too many reverse DNS lookups showing domains in Chinese universities in particular as the assailants. By no means should you take my word for it, but I personally am convinced that the Chinese are siccing their students on us to train them in cyberwarfare.
We’d better get our butts in gear if we plan on surviving. May I suggest a solution from a European colleague: disinformation.