Shockingly Unshocking: 'Cybersecurity' FUD Has Been Big Big Business For Contractors
from the well,-look-at-that dept
Back when this hype about "cybersecurity" and "cyberwar" first started to hit the mainstream (early on, "cyberwar" was more common, but lately people focus on "cybersecurity"), we had an article which suggested that much of this really seemed to be about scaring up a panic for the sake of throwing money at defense contractors who wanted to charge crazy huge sums for "helping" with cybersecurity. And, as we noted, that push was leading to hundreds of millions of dollars in government contracts. It appears that, with cybersecurity FUD only getting bigger and bigger, the folks who are making out like bandits are all those defense contractors who are jumping in to fan the flames of FUD... and then taking our taxpayer money to "fix" the problem.In that link above, they talk about Lockheed and Raytheon signing agreements with Homeland Security in which they get to "help" the government out by scanning email and other info collected by the NSA.
Under the program, critical infrastructure companies will pay the providers, which will use the classified information to block attacks before they reach the customers. The classified information involves suspect Web addresses, strings of characters, email sender names and the like.None of this necessarily means that online attacks aren't a real threat... but I'd feel a lot more comfortable about where things were heading if there weren't a whole bunch of defense contractors gleefully rubbing their hands together as they scoop up more and more contracts while the FUD keeps spreading.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: business, cybersecurity, defense contractors, fud
Reader Comments
Subscribe: RSS
View by: Time | Thread
What is surprising to me, and maybe this is because I've lost sight of what its like to not be aware of security issues, is somehow they're selling the notion that giving up all our data to the government will somehow help improve system security.
The best thing government could do to improve their security practices is to beg knowledge from private sector engineers. Most executive branch sites have been repeatedly rolled hard by amateurs, and there's no excuse for that.
Gathering Personally Identifiable information from the masses will accurately identify precisely zero real threats when it comes to actual hackers. That's the nature of a well designed attack. What government needs is technical accumen and to RTFM.
[ link to this | view in chronology ]
Re:
Correct. Which is precisely why it'll never happen.
Instead, the government will spend millions (if not billions) on ineffective "cybersecurity solutions", allowing the politicians involved to grandstand about their supposed efforts in making the country safer.
Actually making the country safer would prevent further grandstanding, so it won't happen. In fact, just the opposite: the government will make its servers more vulnerable, intentionally allowing attacks to happen, and then spin the attacks into a need for further absurd legislation and even more "cyberdefense" spending.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
I've been reading for the past couple of days about recursive DNS issues and BCP38 not being implemented on service providers here in the US. Next thing up was the news of Spamhaus being DDoS'd by recursive DNS attacks. http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
I would suspect that most of these attacks are originating from private companies not implementing technology already available and TCO is probably rather low. (It was a few hours time from my perspective at least.)
Do we need new laws? I would say no, but I think we do need public outcry of companies not following best practices. A good example would be when Comcast decided to use DPI to block BitTorrent.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Heligan Dialectic
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I'm expecting some cyber-9/11 with a following cyber-Patriot Act soon. That's how the US has been doing business since Marshall Plan (probably some time before that). USSR tried too with the Warsaw Pact. It's pure greed and it's much older than we think.
There are reports that money going to rebuild a lot of countries simply go to the hands of huge American consultants and companies instead of benefiting the public. It's a huge scam.
They are just adapting to times.
[ link to this | view in chronology ]
Attacks depend on Microsoft mono-culture.
[ link to this | view in chronology ]
Re: Attacks depend on Microsoft mono-culture.
[ link to this | view in chronology ]
Re: Re: Attacks depend on Microsoft mono-culture.
[ link to this | view in chronology ]
Re: Re: Attacks depend on Microsoft mono-culture.
I think he just failed at trolling this time. Time will tell.
[ link to this | view in chronology ]
Gah, I can't take them seriously at all and that's before all the fearmonger fingering of money holes...which sounds like cybersex. Wanna cyber? Guh! Quittit!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Yet the Air Force constantly begged for and got more nuclear missiles plus a (really) nasty plutonium based nuclear energy program to go with it. Thorium is arguably safer and its potential breeder reactors don't produce bomb grade material. Massive overkill.
So now we have cyber threats and cyber security from cyber warfare. As if anyone had to actually use an almost meaningless movie/Hollywood (Dr Who! Yes.) term for marketing purposes. The only threat I feel is from the gullible Washington politicians able to swallow the FUD whole. Am sure the special interest money lozenge helped it go down easier.
Its not hundreds of millions its way past billions and to what effect? None. Spamhaus is arguably doing a better job than the entire US government despite the recent tassel with Cyberbunker spammers.
In no way do I think US government will be able to guard any house or corporation from china or whoever wants to attack. Happens all the time and its the best way to get security to a level that works for all. A lot of it was lax open un-updated browsers anyway.
Were the rumors true that some US gov back-doors were used? Hahaha. If so, I bet both sides actually thought they were clever. Making something secure (good) is harder than breaking it. Some 12 year olds could have done that and probably someone of equal age that pointed out the security leak. (To be thrown in jail by CFAA TOS violations of course.)
Its a shame that people like Weev (whatever anyone thinks of him) are kicked around with the CFAA and actually helping ignorance instead of working with the smarter hackers who know what they are doing.
What has the government been doing except trying to enforce the completely unenforceable copyright laws at the behest of Hollywood? Meddling is more like it. A drain on the economy and of no benefit to society at all. Please toss off the old legacy corporate monopolies and embrace technology and how it can help society grow through cultural sharing.
What cyberpublic-domain expansion plans does washington have to increase the media material for the public to build cool web aps and specialized sites? What cyber-copyright reduction plans to reduce the civil and criminal liability to the public at large of the casual Fair Use of media? (or of even just using the media itself? FCOLoud) How about a Cyber-Cultral revival plan? How about some cyber diapers to keep in all the cyber bullying?
-toss another 2 page rant- (no theme)
[ link to this | view in chronology ]
Defensive security, not bloody offensive intrusions
[ link to this | view in chronology ]