Have we got a cybersecurity problem like Y2K?

I have been thinking, and I hate to put a spoiler on the whole cybersecurity problem but when it comes to the sky is falling, the technology industry are very good at putting their point forward.   They are also very good at scaring the crap out of everyone.   I know this from my own experiences and just talking to people and businesses in normal everyday circumstances.

We have all been through similar circumstances – look at Y2K and the beat up that was involved with the turn of the century.   Yes there was cause for concern but how many critical systems were written in 1970 and 1980 code at the time of the change.    The Y2K problem cost millions if not billions of dollars but was it a fix or was it just a way for technology companies to make large profits.   Was it all worth it?   Was the perception greater than the actual risk – we will never know!

Before we all go off the deep end and say that the everyone is after critical infrastructure maybe we need to step back and really analyse the problem of cybersecurity.   The US government keep saying that they are being constantly attacked by china, Iran or North Korea and yes this maybe true but isn’t it about time that we started seeing some proof of the attacks.

The targeted and specific attacks maybe perpetrated by foreign governments but as I said, where is the proof that it is a targeted and specific attack and not just a random attack created by some script kiddy.

In the industry, we all know about anonymous and how insidious they are, but unless there is a specific reason for one of their attacks – usually money or internal political rat beggary – then it is not immediately obvious why they would target a countries critical infrastructure.   If, on the other hand, it is a politically motivated attack from another country then hiding the fact is actually playing into the attackers hands.

To say that the critical infrastructure is being attacked takes proof, this is not a “we think we are being attacked because of X” type of scenario, we need positive proof that the attack is imminent or actually happening or has happened.

Before governments go off and spend billions of dollars of public money, we the general public need to see and know what is happening.   This is also something that cannot be hidden under the smoke screen or the normal cry of “top secret”.    If it is a blatant attack then bugger the diplomatic mumbo jumbo, show us the proof.   If it is happening, and they can proof it then everyone will be and should be hell bent on exposing the perpetrators and bring them to light in the court of public opinion.

Don’t get me wrong, I know and understand how much of a target critical infrastructure across the world is and how important it is to protect it but I think we really need to know that the targeting is specific and intent on destruction.   Throwing billions of dollars at the problem is good for the technology companies concerned but there have to be other types of resources that can be used to minimise the impact of an attack.

All countries have a cybersecurity attack profile, policy and governmental stance, what they are going to do if X happens, and yes these need to be kept secret.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.