I feel like I’m taking crazy pills here . . .

The Homeland Security Department finally named an assistant secretary for cybersecurity last year, and the Senate ratified the first international treaty on cybercrime.

The Computer Security Industry Alliance had lobbied for these achievements for more than two years and counts them as big wins, said acting executive director Liz Gasster. But the nation still lacks a comprehensive data security law, and DHS needs to develop response and recovery plans for disruptions of our critical infrastructure.


CSIA has set out a cybersecurity agenda for government for the last two years, with only indifferent results. In its Federal Progress Report for 2006, it gave the administration an overall grade of D because of failures to pass privacy legislation and to set clear priorities for future work.

It seems like just yesterday that RTM shut down the inter-tubes with his Sendmail experiment. In the aftermath CERT/CC was born (gov’t sponsored but run by the academy – a foreshadowing) and annual projections of a) the death of the Internet, b) the need for more cooperation, and c) the need for more legislation followed. In the mean time we’ve had a few Digital Battle of Wake Islands, the .com boom and bust (and .com bust-boom), too many parallels to Snow Crash to count and version .9 of Hari Seldon’s Encyclopedia Galactica.

Every year the same discussions, every year the same problems, every year more threats, every year we expose ourselves more and every year no forward progress. Why?

Leave a Reply