Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI's Top Cyber-cop Says We're Losing the War Against Hackers

Posted by Soulskill on from the have-you-tried-bullets dept.

New submitter sienrak writes "Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is 'unsustainable.' 'I don't see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it's an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,' Mr. Henry said."

1 of 134 comments (clear)

  1. Re:Given the previous FBI story... by Anthony+Mouse · · Score: 5, Interesting

    Anyone anywhere can come up with a way ( if smart and motivated enough) to hack anything anywhere, it is completely different from invading another country or defending your own.

    You're completely right. And the idea of having some incompetent bureaucracy with the power to spy on everyone and shut down the internet is is totally insane.

    But let's not just complain about it, shall we? Why don't we do one better?

    Making systems totally secure is a pipe dream, but we can certainly make them more secure. And entirely without a surveillance bureaucracy.

    The key is to understand that secure software is a market failure: Nobody wants to pay for security until after they get hacked, which means software developers have the wrong incentives. The one that goes out of their way to do security right end up going out of business because they get beat to market by the ones that ship the first code that compiles. But let's resist the knee jerk government reaction to this, which is to pass laws telling everybody what to do. That isn't what's needed here -- the result of any sanctions will be a "teaching to the test" problem where developers do the bare minimum to avoid liability while not actually making secure software, and meanwhile software development is made far more expensive due to regulatory compliance burdens. So forget about that.

    What would actually work? SE Linux. It was produced by the NSA, it's open source, and it makes things more secure. Why don't we spend the money on that sort of thing? Use the carrot, not the stick. Have the NSA provide free, voluntary security audits to major infrastructure providers. Have them produce more software in the nature of SE Linux -- things designed by all those genius cryptographers they already employ, which can subsequently be adopted by everyone everywhere and make things more secure. Fund more software like TOR which can protect privacy, to get such things to the point that they're fast and efficient enough for regular use by everyday people (and screw over enemy countries that censor and oppress in the process). Provide incentives for the more rapid adoption of technologies that increase security, like DNSSEC and IPv6.

    These are the things that have the potential to actually work. If they're actually serious about improving security, and Something Must Be Done, let it be that. Because the last thing we need is another hopeless regulatory bureaucracy.