Friday, June 26, 2009

They Shout Jump and We Ask "How High?"

On Tuesday, Canada's key IT security providers announced a joint security task force:

A group of five Canadian IT associations have joined forces to launch a national security research group in an effort to advance the country’s cyber security strategies.

The Canada Advanced Security Initiative will develop a study, survey and workshop program to develop a new strategic vision for the security industry in Canada and its ability to support users at home and abroad.
This is on the heels of Security Minister Peter van Loan's announcement of a cyber security initiative for Canada in which he compared security concerns to "a new arms race." For a government that seems unable to comprehend economic threat, these folks verge on paranoia regarding crime and terrorism. And of course the security industry is ready to belly up to this new trough.

For those who want a more balanced and less breathless evaluation of the cyberterrorism and cybercrime threats might wish to read Evgeny Morozov,s article in the current Boston Review. Morozov, a fellow at George Soros' Open Society Institute, writes on the role of the internet in authoritarian societies. His concern in this article is that governments, encouraged by providers who would profit, are insisting that

[t]he age of cyber-warfare has arrived. That, at any rate, is the message we are now hearing from a broad range of journalists, policy analysts, and government officials. Introducing a comprehensive White House report on cyber-security released at the end of May, President Obama called cyber-security “one of the most serious economic and national security challenges we face as a nation.” His words echo a flurry of gloomy think-tank reports. The Defense Science Board, a federal advisory group, recently warned that “cyber-warfare is here to stay,” and that it will “encompass not only military attacks but also civilian commercial systems.” And “Securing Cyberspace for the 44th President,” prepared by the Center for Strategic and International Studies, suggests that cyber-security is as great a concern as “weapons of mass destruction or global jihad.”

Unfortunately, these reports are usually richer in vivid metaphor—with fears of “digital Pearl Harbors” and “cyber-Katrinas”—than in factual foundation.

But of course, whether true or false, they represent opportunity. Thus

Cyber-security fears have had, it should be said, one unambiguous effect: they have fueled a growing cyber-security market, which, according to some projections, will¬†grow twice as fast as the rest of the IT industry. Boeing, Raytheon, and Lockheed Martin, among others, have formed new business units to tap increased spending to protect U.S. government computers from cyber-attacks. Moreover, many former government officials have made smooth transitions from national cyber-security policy to the lucrative worlds of consulting and punditry. Speaking at a recent conference in Washington, D.C., Amit Yoran—a former cyber-security czar in the Bush administration and currently the C.E.O. of NetWitness, a cyber-security start-up—has called hacking a national security threat, adding that “cyber-9/11 has happened over the last ten years, but it’s happened slowly, so we don’t see it.” One way for the government to protect itself from this cyber-9/11 may be to purchase NetWitness’s numerous software applications, aimed at addressing both “state and non-state sponsored cyber threats.”

So much of the so-called war on terror has been about the erosion of freedoms. Yes freedom involves risk, but it is worth recalling the dictum that those who would trade freedom for security inevitably end up with neither.

No comments:

Post a Comment