Diary

Cybersecurity follies

Unless you’ve spent some amount of time working in computer and networking security, I’m thinking this would probably not jump off the page at you. There was a story in Monday’s NYT, U.S. to Reveal Rules on Internet Security, which related that the minions of The One “… on Tuesday plans to declassify portions of the Comprehensive National Cybersecurity Initiative, created during the Bush administration as a secret effort to harness the nation’s defensive and offensive strategies for protecting commercial and government networks.” The story contains various strains of happy talk about civil liberties and international partnerships and so forth to which I say, so what?

All that stuff maybe great but the fact of the matter is the first rule in a security plan is revealing as little about it as possible. Security by obscurity we call it. You never give the other guy any insight into your capabilities, intentions, strategy or plans if at all possible. And let’s face it, when you have Congressional sieves privy to this kind of stuff, it’s not exactly well protected to begin with. Going to a national conference and spewing details for the world to take note of is tantamount to revealing the whole thing because I guarantee bad guys will be able to hold the incomplete picture up to the light and see what goes in the part that these geniuses think is still hidden.