Sunday, April 20, 2008

More scaremongering on cyber-terrorism

Watch out everyone, any second now we could all crash and burn due to massive cyber terrorist attacks which might paralyse our entire existence blah blah oh please, this really is the biggest amount of stupid stirring scaremongering...

Today's bandwagon jumper is the SMH with Tom Allard panicking about "cybergeddon" as the dust continues to stir around McClelland's snooping on employees without their knowledge or consent law.

The practitioners, both actual and potential, of cyber attacks are numerous. Nation states, whether acting alone or in alliance with "technopatriots" are using it for espionage and as a potential weapon for military actions.

Organised crime is also deeply involved. The threat of crashing a valuable computer network is a powerful tool for blackmail, as is the pilfering of commercially sensitive information. Commercial secrets can also be sold to rivals.

Come on guys. Any company worth its salt should have some sort of back up contingency plan. I'm sure the US NSA is hardly sitting on its butt wondering why they're losing sensitive information.

But the big problem I have here is just the whole article seems to want to back up the A-G's proposed law, yet all the examples mentioned in the article are about people outside the company ... no, not employees! And if it is an employee it's more likely to be through some sort of horrid virus that's turned their computer into part of a bot net.

Companies need to stop pointing fingers at other people to try to deal with the threat of cyber terrorism. It's like building a safe deposit room without hanging any doors and then trying to foist the protection of it off onto the police. It's just stupid. Companies and governments need to take responsibility for the information that's available on networks that are hooked up to the internet. They need to take responsibility to set up secure networks that are continuously monitored and updated to the latest threats. It'll take a few bad experiences I'm sure but eventually people will cotton on to the notion that cyber-security is your own responsibility, and noone else's -- it's just too risky.

No comments: