Whether you agree or disagree with the recent legislation for stimulating the economy there are going to be some interesting outcomes. As an example, the homeland security department is getting much more funding to address issues such as airport security technologies as well as CYBER-SECURITY. This recent headline from HSWire (a homeland security journal) talks about the need to do more:
(click on the headline to see the whole article):
U.S. under growing cyber attacks
Published 18 February 2009
The number of cyber attacks on U.S. government computers and networks grow; there were 5,488 tracked incidents of unauthorized access to U.S. government computers and installations of hostile programs in 2008, compared to 3,928 such incidents in 2007, and 2,172 in 2006
Yesterday, Joe wrote about putting some wood behind the arrow. This funding is certainly a good start.
Joe also mentioned that we had attended a number of national meetings regarding technologies and priorities for national cyber-security initiatives. At these meetings we emphasized that complexity can be the enemy of security, and that today's operating systems are too large and too complex to even be capable of "security hardening". Our belief is that genuinely secure operating systems need to be deployed in critical infrastructure. Hardening will never be sufficient. I was interviewed on this topic by the SANS Institute on this topic a couple of months ago. To see the interview about fundamamentally secure operating systems, see this SANS article.
--all the best, Bill Worley
