Saturday, December 11, 2010

Wikileaks, Assange, Cyberwar and the Real Information Security Story

Time for some perspective on Wikileaks, the cyber attacks against it, and for it, and the real informaton security story that may get lost in the mix. (Note: I am not under any illusion that the world has been holding its breath waiting for me to weigh in on this subject, this is more of a "memo to the file" undertaking).

For me, the real meat of the Wikileaks story is the content of the documents that are being leaked. Coming a close second is the pathetic state of information security within the US government in general and military/intel systems in particular.

(BTW, I commented on this in the context of a Danger Room story on Wired which apparently was not deemed worthy of approval--one reason I am repeating myself here: American taxpayers have been thoroughly ripped off when it comes to the money spent protecting state secrets.There used to be policies and procedures in place to prevent something like Pfc Manning recording secret documents on a CD-RW labeled Lady Ga Ga, but the army brass likes its tunes too much to put up with that kind of inconvenience, part of the same mindset that leads so many of them to use the same lame password for everything).

However, the BIG story may be the implications of hactivists taking up cyber-arms against the perceived foes of Wikileaks. It reminded me of a Network World column by my friend Mark Gibbs in 2005 titled "The selfish 'Net and the Big One." In that piece I reiterated my longstanding opinion that "the Internet continues to function at the whim of those who know how to bring it down."

As the hactivist fans of Wikileaks tone down their attacks on dot com sites there may be a temptation to dismiss them as a sideshow. However, it would be a big mistake to just say "Those guys couldn't take down Amazon.com" and leave it at that. I would argue that the only reason Amazon.com or any other website is still online is that the people who know how to take it down have decided not to do so. Remember: "the Internet continues to function at the whim of those who know how to bring it down."

To put it another way, the world's virtual economy is built upon a web of trust and mutual self interest, not a bullet-proof framework of resilient technology. To think otherwise is to risk massive losses should a real cyberwar break out.