Did you ever notice a politician will never say "war" when it's an actual war. They like "police action", "reconnaissance in force", "interdiction", etc. They use it all the time though for items they want you to rally behind like the War on Drugs, the War on Poverty, and the War on Obesity. Why are they so keen on calling that which is, anything but? However for that which isn't, they stop just short of naming it genocide? It's the same reason a car dealer uses "certified pre-owned" instead of "used". One conjures thoughts of an almost-new vehicle. The other is makes us feel like we are going to spend the next 6 months just getting the smell of farts out of there. I wish the government had as much zeal in naming laws and departments honestly as they do in food labeling.
This same nonsense is true with the term "cyber warfare". I am still trying to remember the last time someone was cyber'ed to death. Was there ever a time where we had to drape a flag over a Dell Optiplex and bury it at Arlington? Are we giving out Silver Stars to the guys pushing "Enter" in the Metasploit-console window? They are on the cyber-front, using cyber-arms. Should they be denied their due commendations and VA benefits? Surely not, if we are being at all consistent between our words and actions.
What we have here is a new dynamic in the field of salesmanship. We can gin up a scare with no casualties, and get millions of dollars in return. We can receive accolades and promotions with absolutely no risk of battlefield losses outside of the occasional ESX server running too hot. This is a win-win solution for the politically inclined and the cyber-salesman. One convinces the other more money is needed, they both get to reap the rewards sans a crying widow(er).
I am not saying we shouldn't take threats in the cyber domain seriously. I am also not saying it should be absent from an intelligence operation. I simply don't think we ought to treat it even remotely the same as we do a bomber or an AK-47. Ask a serviceman sometime if they ever lost someone close due to a malicious email attachment or PDF. And yes, there are different levels of service to your country. Being a linguist at Fort Meade your whole career is not the same as being an asset in-country. Piloting a drone is not the same thing as flying an F-16, but is something a 16-year old can probably do. (I don't allow comments, so whine to your Facebook or the Twitter-verse) Finally, being a "cyber warrior" is not the same as being front-line infantry; no matter how many air-conditioned Commander's Calls pats on the back there are. (Please see my previous comments on whining).
Let's leave the computer security field as what it is; an exercise in risk-mitigation and intelligence gathering. This way we can talk in a non-hyperbolic manner about the subject. We can discuss flaws and methods openly without fear of Wassenaar or other hastily put together Federal dictum. There's nothing wrong with a firm selling services that reduce their odds of revealing user information. It is a mutually beneficial transaction. We get money, they get some assurance their business isn't flying blind against potential theft. If we are terrible at our jobs, we lose them to a better competitor or have to compensate the client for negligence on our part. This is a business, not a war with winners and losers. Those who wish to label it so seek to increase profits on the back of a lie. Their time would be better spent on improving security products instead of practicing pomp and political posturing.
No comments:
Post a Comment