It was hyped as the first cyberwar: Russia attacking Estonia in cyberspace. But nearly a year later, evidence that the Russian government was involved in the denial-of-service attacks still hasn’t emerged. […] You know you’ve got a problem when you can’t tell a hostile attack by another nation from bored kids with an axe to grind.
Because attackers and defenders use the same IT technology, there is a fundamental tension between cyberattack and cyberdefense.
You have to buy computers for all your government employees. Consolidate those contracts, and start putting explicit security requirements into the RFPs. You have the buying power to get your vendors to make serious security improvements in the products and services they sell to the government, and then we all benefit because they’ll include those improvements in the same products and services they sell to the rest of us. We’re all safer if information technology is more secure, even though the bad guys can use it, too.
Schneier on Security: Dual-Use Technologies and the Equities Issue
Excelente articulo de Schneier, mostrando como los sistemas usados por los “buenos” y los “malos” son los mismos, y sus consecuencias.
Y tambien: Memo to the President donde le hace algunas sugerencias en politicas de seguridad informatica al proximo presidente de USA.
Schneier es grosso.
