Thursday, July 01, 2010

Killing Information Security To Save it

Beyond the fact that the so-called Cybersecurity bill grants government unprecedented power and is a chilling violation of the 1st amendment is the simple fact that it will make security worse, not better. Government agencies have in many cases failed to implement industry best practices, or keep up with changing threats nearly as well as the private sector. Yet a glacially-moving government bureaucracy will impose a centrally-planned security model - to be implemented by government-licensed security professionals. How will this monolithic bureaucratic nightmare react to new threats or spur competition for innovative approaches to security?

The Motley Fool comments:

Ostensibly, the govenrment claims that certain critical elements of the nation's infrastructure are not protected. That may be true, but that is not because the technology or expertise is unavailable. It is not because the market has failed to deliver what is required. It is because the government has failed to properly implement well-known, industry accepted standards and technologies that would protect America's critical assets.

Let me be perfectly clear. There is and never will be any technology that completely eliminates the risk of compromise. However, the govenrment's current lack of protection has nothing to do with that. It was to do with the failure of government to keep up with evolving technologies and ideas.

The key part to understand here is the "evolving" part. When allowed to operate without government direction, IS evolved quickly to a state of extreme competitiveness and ultimately ensured a far safer information sharing environment for all market participants.

Turning this paradigm upside down is foolish and ignorant. This is particularly obvious when the main reason for government insecurity is that it has not been able to keep due to its inability to evolve quickly.

What do you suppose will be the end result of the shift in Information Security from a decentralized model to a centralized one?

No comments: