Good news, cyber security nerds: You ain’t running out of work, any time soon. As last week’s cyber panic about North Korea showed, when there isn’t a teenager-simple denial-of-service attack that delays your access to a government web site, there is a voracious hype machine that feeds on the tiniest slivers of data – both significant and trivial – and expels massive quantities of fear and misinformation. And where there’s cyber fear, there’s cyber security work to be done.

It’s sad that this sham is allowed to continue unabated. But worse still, it’s dangerous. Despite the expenditure of tens of billions of dollars and countless studies on what needs to happen (not to mention all the offices, centers and commands, that are supposed to implement those reports), we’re still largely screwed when it comes to threats of the online variety.

The problem is multi-faceted, but can be broken down into three meta-categories:

1. Bullshit. It’s the North Koreans! It’s the Chinese! It’s the Ruskies out to steal our essence! The one thing you can be sure of is that very few people know who is behind any cyber attack. Code analysis helps to a degree (”Hey, there are some Chinese characters in here!”) but code-reuse is not exactly an unknown phenomenon online. There is no serious attribution methodology, so to some extent everyone is guessing.
2. Ineptitude. There are a lot of people working cyber security issues, a lot of people “managing” these issues, but not a lot of people leading on these issues. Cyber security doesn’t lack for brainpower; it lacks vision, the juice and the intestinal fortitude to realize the vision. When your focus is billets and resources and dollars and org charts (read: management) it’s easy to see why cyber security fails. Why? Cyber doesn’t kill, it doesn’t maim, it rarely has negative impact on any scale and when it does it is almost always a readily recoverable event. Managers don’t deal with the nebulous, intangible and anything that involves “maybe” very well.
3. Complexity. The people at Verizon look on bemused when the military talks of achieving information-space dominance, when with the flick of a switch technician in overalls and a tool belt can render inert our digital military might. Attack and defense tools are built for computer-based warfare, but planet-wide more people access the ‘Net via phones than desktops. There has yet to be a study that has looked at these problems in a truly comprehensive manner (read: not dominated by geezers who have other people read and respond to their e-mail). Mostly they’re focused on legacy-futures, which is cool if you’re not interested in forward progress.

Cyber security is a real problem. It has been since computers were invented and connected to one another but we’re no better off today than we were then. It is not as if we don’t have any lessons-learned to draw from. We are in fact worse off because of the extent of our inter-connectedness, and that says a lot more about those who purport to be about enhancing cyber security than it does those who are out to subvert it.

[Photo: USAF]

ALSO:

• U.S. Cyber Command: 404 Error, Mission Not (Yet) Found
• Lazy Hacker and Little Worm Set Off Cyberwar Frenzy
• Lawmaker Wants ‘Show of Force’ Against North Korea for Website …
• Air Force Wobbles on Plan for Cyber ‘Dominance’
• Air Force Will Fight Online, Without Cyber Command
• Ex-Spook Blasts New Net-Spying Plan