WSJ Bisness Tehnology_DHS: Big on Security Hype, Short on Details (Aprill 8)

08.04.2008

Posted by Ben Worthen, April 8, 2008, 5:00 pm

A short while ago, Chertoff gave a speech about the cyber threat facing the nation. The threat is grave, he said, underscoring this by mentioning September 11, 2001 three times in one two-minute period. His evidence: Estonia, a country most Americans probably couldn’t find on a map, had many of its systems knocked offline by hackers last year.

Clearly, Chertoff knows thousands of stories that would illustrate how real the threat is – heck, we’ve heard dozens ourselves – but his reluctance to share them underscores the point we made this morning: Without specifics, security types come off as fearmongers.

At the end of his speech, Chertoff called on businesses to do more about security, saying it was everyone’s responsibility because an attack on one system could have a cascade effect across the Internet. At a press conference afterwards, we asked Chertoff how he expected people who weren’t security pros to appreciate the threat if the only example he could share was the Estonia story. (Reporters were only let into the press conference after dogs sniffed every bag and laptop; no one had to take off their shoes, though.) He acknowledged it was a problem and said that perhaps the government could be more open and encourage businesses who have suffered attacks to be more open as well.

Then he said that improving cyber security was an education issue and that everyone who uses a computer has to balance the convenience of a system they want to use with the security implications. Not that they know the security implications.

Image: Karabinier via Wikipedia