Technology

If You Were Going to Read Only One Thing About Cyber-Security...

Well, you should be reading more! But here's a place to start.

By James Fallows

... well, as the joke goes, you really should be reading more! Or in a variant on the joke, the one thing you read should probably be this, from our own magazine. Ho ho.


But if you were going to read one other thing today, you could do very well to choose this new essay by Jeffrey Carr, of IntelFusion. It is about the rich, ripe, sitting-duck target of myths and fallacies about security, and it begins:

Regardless of your position on the over-hyped and under-estimated realm of cyber conflict, crime, and espionage, you probably have a few pet fallacies. I thought it might be fun, and possibly instructive, to start a conversation about them. Here are my top five. Feel free to add yours in the comments section.

The TSA fallacy

The TSA approach to airline security has been completely reactive because they focus on the method of attack (e.g., liquids, shoes, underwear) instead of the person. Likewise, Internet security companies focus on the technical characteristics of an attack (e.g., code, malware, exploits) instead of the actors (State and Non-state).  As a side note, Harding was going to move TSA towards a more intelligence-driven model. That's precisely what the Internet security industry needs to do as well.


Hey, I can't resist one more, which is in keeping with my own view:

The China fallacy

This fallacy paints China as the number one adversary in anything having to do with cyber conflict in spite of the fact that there isn't a shred of historical evidence to prove it. The Peoples Republic of China has never engaged in military operations utilizing its IW capabilities against another nation state. The same cannot be said for the U.S., the Russian Federation, Georgia, Israel, and the Palestinian National Authority/Hamas. The PRC leadership are not religious extremists (e.g., Iran) or militaristic wildcards (e.g., DPRK, Myanmar). When you paint the PRC as the world's greatest cyber threat, you miss what China is actually excelling at (cyber espionage) and you overlook and/or underestimate the authentic threats from other nation states that are busy eating your lunch without you knowing it.


And if you were going to read only one more thing on the "Going to Hell" problem, you could do well to choose this big story by Ezra Klein, in Newsweek, which goes systematically into how dysfunctional the Congress, especially the Senate, has become, and what might be done about it. I know from experience how unusual it is to get articles this thorough and relatively subtle into weekly news magazines. Worth reading. (More to come shortly on the "going to hell" problem; links to past items when our "categories" function is restored.)