2005 a Bad Year For Security

Greyfox writes "According to CNN, 2005 was a record year for security breaches, with cybercrime netting an estimated $105 billion and the Department of Homeland Security getting its cybersecurity budget cut 7%, to $16 Million. Apparently the government, just like private industry, doesn't pay attention to security until something bad happens to it."

DHS Cybersecurity?

[Anonymous Coward]

So what do these guys actually do? Hunt eOsama bin Laden on the intarwebs, along with other famous cyberterrorists?

Well really.. Its not their job to secure our computers, is it?

Repost

[NBarnes]

Governments, Not paying attention to things until something bad happens; See also September 11, 2001

I'm interested in how they calculated this number

[antifoidulus]

$105 billion is more than the trade deficit between the US and Japan, in other words a VERY significant chunk of change. How much of this damage was "real" as oppossed to existing in name only? How did they manage to calculate such a number, and what is the overall effect on the economy? Who are the real winners and losers in this battle?

Alternatively...

[Anonymous Coward]

Agents acting on behalf of the very highest level of the United States Government creating such problems to distract citizens from other problems, and to soften them up for fear-induced manipulation.

Frustrating but not surprising, really.

[Parallax Blue]

I'm not surprised. From what I hear, viruses/trojans/cyber attacks are increasingly done for profit only and not fame. And boy, money does talk... in this case, it's 105 billion doing the talking. And t3h h4x0rz are listening.

Meanwhile, a 7% drop in budget for cybersecurity under the dept. of Homeland Security! To how much? A billion, you say? Nope... 16 million. Ouch. I don't think that's nearly enough money... not by a longshot. And what about terrorist attacks on our nations internet infrastructure? I'm sure that's been considered by the terrorists.

Doesn't sound like a good situation to me, not at all..

-PlxBlu

The Twelfth Step in TrustABLE IT

[NZheretic]

From Twelve Step TrustABLE IT : VLSBs in VDNZs From TBAs [blogspot.com]

[12] Governments, organizations and individuals are becoming increasingly concerned about software compatibility, conflicts and the possible existance of spyware in the software applications they use. If you have access to the source code, then you can check it and compile it for yourself. This is not an option for closed source proprietary applications, and not everyone has the resources to check each line of source code. One solution for these issues is to employ a trusted third party, separate from the application developer, who is tasked with maintaining a trusted build environment, to build the binaries from source code. The Trusted Build Agent (TBA) would hold the source to each build in escrow, releasing the source code for only open source licensed code. Competing businesses providing a TBA service in a free market would compete with each other in not only price and level of certification, but also on the ability to detect hostile, vulnerable, incompatible or just plain buggy source code. You could request a trusted build from multiple TBAs test the ability to detect defects. Defects would be reported back to the application developers, along with any patches and suggestions that provide a fix. To a lesser extent, most Linux distributions and other operating system vendors that build and redistribute open source licensed code already provide this role.

Re:I'm interested in how they calculated this numb

[gbobeck]

"How did they manage to calculate such a number"

Its actually fairly easy to calculate this number.

First, pick a LARGE random number. This number should be roughly equivalent to the biggest number you can think of. Next, multiply this number by 4. Finally, divide by a suitable power of 10 so that the number doesn't seem too impossible.

More seriously...

I recommend people to check out attrition.org's Statistics section ( http://attrition.org/errata/statistics/introductio n.html [attrition.org] )

One section I feel obligated to quote is:

"One of the largest things media outlets use to back their claims are statistics. It is absolutely incredible how many times a media outlet will quote a statistic and not credit where it came from. Further, they are fond of taking creative liberty with how they quote the article to suit their needs.

These stats cover damage to systems, percentage of intrusions, and everything else. There are simply too many instances of suspect statistics as they relate to the computer security industry to read, match and provide analysis of them all." (from http://attrition.org/errata/stats.html [attrition.org] )

My information got compromised twice

[cyberkahn]

My information got compromised twice. The first incident was with eCheck (used at the time by Scottrade), which got hacked into. The other incident was with Colorado Technical University, in which an employee inadvertently mailed out an attachment with a roster of students. This roster included my whole life basically. Perhaps until there is some general law of accountability e.g. SOX, GLBA, or HIPAA companies and institutions will take protecting information more seriously? Perhaps when the cost of security is less than the legal suits that will follow the incident, they will be more proactive? The hacking incident might have been more difficult to guard against, but the email incident could have easily been prevented with something like Entrust [entrust.com].

It Is NOT Just The Net

[camperslo]

They're talking about tech (data) security overall, not just the net. The losses result from a variety of problems. Identity theft is high on the list I'm sure. While the online side of this is the first thing we tend to think of, it is also occuring at the retail/mailbox/trashcan/employee level. I read a recent article which pointed out that law enforcement was only fairly recently catching on to the motivation behind one large segment of identity theft. An increasing number of meth addicts are turning to identity theft in addition to more traditional crime to finance drug purchases. An deep understanding of what is happening is essential to dealing with our problems. While efforts to go after criminals after the fact are very important, we need to go beyond that and work at many types of prevention. Education of the public, data handlers, and other areas of law enforcement are essential. Some businesses need some major changes to improve security, and they have been too slow in coming. When companies focus on profits while neglecting the public good, regulation has failed. It's partly the fault of laws limiting liability that Windows continues to be so insecure. Credit card companies seem to be too busy ripping of their customers through obscenely high interest rates and fees generated through unethical behaviours including unethical promotions, contract terms, and business practices. If the credit industry were properly regulated and having to function on more reasonable rates, they'd have more incentive to protect those profits by improving the security of the system. As it is, as long as we're healthy enough for them to feed on, they're happy. (Sounds like the Wraith??)

It is very misleading to measure what's going on here by the amount of funding to one agency. The roots of our problems go far deeper than that. What we're needing is increased insight, reform, caring, and honesty in all levels of government and throughout society. Much of what government has done through improper regulation, especially at the federal level, has permitted us to be ripped off from all directions.
The banking deregulation act of 1980 let banks profit while the public was ripped off. It cost us over $1300 PER HOUSEHOLD. The picture grows larger. Some of the bad regulation and enforcement is from political corruption. Still other regulations encourage that. The F.C.C., who has left us ripe for feeding the cable/ISP/cellular/phone companies, has also undermined a core part of our society by changing regulations in a way where commercial broadcasters have strayed far from being responsible trustees of the public interest. We ought to have locally owned licensees (living in the coverage area of stations they own). Instead we've got the broadcast counterpart of Wal-Mart. They're masking much news that matters, and pushing many bad products and behaviours. As a start, if broadcasters had to provide fair and equal political information for free (NO PAID POLITICAL ADS), we'd have far less trouble with politicians needing to sell their souls to fund their campaigns. The media is also more directly connected to some of the lower-tech scams. Has anyone else noticed all of the scammers on info-mercials? Most are not high-tech, although some hide behind satellite phones.
Changing the rules relating to advertising brought us infomercials, drug ads, and attorney ads. If station ownership was far more diverse, we'd have fewer bad regulations sneaking though while the media acts like one giant eye focusing on one thing excessively while something much worse is happening.
I think many of our problems, including financial security, are more effectively tackled through good policy than brute-force spending.

"Good God Katie! This is supposed to be a news show!" - Jim Carrey on the Today Show, as Katie goes into the usual fluff in spite of the people of New York struggling with freezing temperatures outside while having no pubic transportation.