Wednesday, October 17, 2007

So what did we expect?

With the major malware detection companies out there screaming bloody murder and how there are now several thousand new permutations of viruses, worms and various malware out there every other week... we as security researchers and US patriots need to investigate what's going on. I find it my civic duty to apply some logic, a little research, and do some basic 2+2 -style math to come up with this analysis.

Let me lay out some facts, first, to make my following point more clear:
If this is all still obvious to you, then I applaud you for noticing the obvious. What I don't hear about in the papers, the digital media, or any security-related publications, etc is how much these political tensions are directly impacting the IT Security space via the malware business. Malware as a business is booming. Developers are writing re-usable code modules, programs and scripts, selling these off or even doing SAAS (Software as a Service) in some cases. When investigators identify and attempt to track some of these software writers they often realize that they are in politically unfriendly countries to the United States and therefore cooperation is difficult to come by if not impossible. More often than not requests for foreign support go ignored, or given little attention.

Again, this may be completely obvious to you, and I will not disagree. What I am disgusted with is the following:
  • The US government is absolutely clueless on digital security and digital asset protection
  • The US government and most specifically the current administration (and some candidates for the 2008 Presidential race) are creating a hostile global climate for US-based interests when it comes to security
  • No one has been successfully (in my humble opinion) able to put these simple facts together and speak these in an open forum, to the highest heads of state
To sum this up in a nutshell... the US is creating a hostile environment, which the digital security forces in the US will suffer the consequences of. Given the current degree of apathy and cluelessness by the United States government in digital security, this does not bode well for our national secrets and "secret/secured" systems. This bodes even worse for our economic situation as it relates to fraud, identity theft and resulting losses, and commerce disruption in general.

Unless the efforts to fix this obviously political time-bomb are started soon, we in IT Security are going to be pushing an even bigger boulder up the hill of our daily jobs... this one will be ticking.

Good luck out there.

No comments: