I suppose me being someone involved in “security” and it being the sixth anniversary of 9/11 (I guess 9/11 has become a noun now, like Christmas or Easter), I’m supposed to put out an obligatory post on my thoughts on the matter related to IT Security. Well, what I would ask of all you IT security folks, similar to Reagan’s campaign pitch in 1980 is “Are our networks and computers more secure” now than pre-9/11 (again, we need a word here for dates before 9/11 and after 9/11, how about B911 and A911). Have we learned anything from this?
Well the short answer is yes and no. We’ve certainly learned there is an industry in IT security. B911, IT security was a niche of former hackers and current geeks putting out stuff for only hyper paranoid companies and people could appreciate. Granted this industry was going to happen anyways, because of the rise of the internet and ecommerce, but 9/11 gave it a shot in the arm, certainly in the government and regulated industries end of the business. We also learned that you can’t legislate good security though that hasn’t stopped the government from trying. Laws make for great headlines and good election fodder, but poor computer security measures. Look at HIPAA, the set of laws that was supposed to secure our private health information. What did we get? More forms to fill out when you go to the doctor and you can’t call in for your test results. Remember that Can Spam law of a few years ago? It sure worked great, didn’t it? Why I cant remember that last time I received a spam.. it must have been like 10 SECONDS AGO!
But mostly, our government went back to same old tired way of doing business, IT Security wise. Doing the CYA IT security things and neglecting the important stuff like training and enforcing policies. The next time I see a government employee get fired for violating an IT security policy will be the first. In fact, the first time I find a rank and file civil employee who can tell me anything about the IT policies, I’ll eat my hat. No, all these gyrations are mostly to make the higher ups feel protected (politically, not computer wise) and satisfy the auditors/regulators/insert bureaucratic functionary here. Many government and military IT system are still woefully insecure as we’ve seen from the spate of cracks, hacks and info breaches over the last few years (remember the VA?, the Los Alamos Labs?). And that should have been the one important lesson to come out of 9/11. There are other areas that need to catch up too. I’ve blogged long and loud about the weakness in our national banking system and the havoc that could be caused there by an organized force. So it may take a digital 9/11 to wake the companies and government into implementing real IT security that doesn’t just inconvenience people but actually keeps out bad guys. So in short, the IT security lessons we have taken away from 9/11 are, well, not much. But at least a lot of IT security venture capitalists are wealthier and wiser.
Free Online Event! Virtualization:Get the Facts! Register now and attend this free, live in-depth online conference on November 13 and 20, 2008, produced by Windows IT Pro. All registrants are eligible to receive a complimentary one-year digital subscription to Windows IT Pro (a $49.95 value)!
Ease Your Scripting Pains with the Flexibility of PowerShell! Join MVP Paul Robichaux on December 11, 2008 at 11:00 AM EDT as he equips you with PowerShell basics in 3 introductory lessons, each followed by a live Q&A session—all on your own computer!
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
List Your Products in Our Technology Resource Directory Don't miss the chance to post your free listing in this comprehensive directory for IT and developer professionals, powered by Windows IT Pro. But hurry! Deadline ends Oct. 9.
Register
