The Pentagon has disclosed that it suffered one of its largest ever losses of sensitive data in March when 24,000 files were stolen in a cyber-attack by a foreign government. There is talk of military responses against this kind of thing. William Lynn, the US deputy secretary of defence, said the data was taken from the computers of a corporate defence contractor.
Am I unusual in thinking that a military response is the wrong response to attacks on the US government's computer systems? It seems to me that a more effective way of discouraging the problem would be to make computer security the direct responsibility of the military. In the event of a breach of security those responsible could then be tried by Court Martial, just as a soldier would be if he neglected his rifle so that it failed to fire when required.
The simplest way to secure a computer or computer network is to disconnect it from the internet. But even if the network is connected, there is no excuse for information to be left open for outsiders to read. Effective encryption should suffice to prevent people from gaining access to the content of files. This loss of data sounds like a case of gross negligence.
Am I unusual in thinking that a military response is the wrong response to attacks on the US government's computer systems? It seems to me that a more effective way of discouraging the problem would be to make computer security the direct responsibility of the military. In the event of a breach of security those responsible could then be tried by Court Martial, just as a soldier would be if he neglected his rifle so that it failed to fire when required.
The simplest way to secure a computer or computer network is to disconnect it from the internet. But even if the network is connected, there is no excuse for information to be left open for outsiders to read. Effective encryption should suffice to prevent people from gaining access to the content of files. This loss of data sounds like a case of gross negligence.
Kommentarer