Day 3 at CORE

Yet another day of fun at CORE today. Spent the day getting to know the people, figuring out critical strategies, and places where I can start inserting myself to have some immediate impact.

Started working on goals for the next 90 days with my boss, as well. Always good to know what you are supposed to do for the next quarter.

Today a few folks who have been reading Instapundit came over and read a few things I’ve written here when Glenn linked to my post about my new job. A few left comments and many thanks to them for starting to create a conversation. A prevailing theme appeared in those comments, both here and on Glenn’s blog, that I thought I would say something about.

I spoke of being in a war that we (the guys who are trying to protect information and property) are losing. The general tenor of the comments was that our government refuses to acknowledge there is a cyber war happening. And that even if they do, the government has made it much worse through the spying, eavesdropping done by government agencies and the insertion of security holes and backdoors in certain types of software products that provide protection of data through encryption.

Although I often am critical of the Obama administration, this is an area where I am not particularly critical. Here’s why.

1. About the war. Actually, the Obama administration has been much more conscious of cyber-security and the conflict around data theft, cyber warfare attacks and much more. The FBI and other agencies have been willing, nearly, to name names when it comes to who the bad guys are. And the administration has definitely tried to do some decent work around improving government cyber-security. Now, to call it a war is not something the government should do if we aren’t prepared to wage war at a national level. And frankly, we aren’t and we shouldn’t be.

2. About the NSA spying on Americans and back doors in encryption tools. I am quite critical of what is happening here and very strongly opposed to it. However, to be frank again, the issue is one that has been going on for years, decades even. It’s not an Obama administration only issue, or a Democrats only issue. It’s a significant governance and constitutional problem. But let’s be really clear. The bad guys are not succeeding because of any of this. The reality is that they are winning because we are not doing the basic job of securing people and computers that should be done. It’s a big part of why I joined CORE, they are bringing new capabilities to bear that can really change this issue.

On this particular topic, I believe I can speak with some authority. I’ve been part of work groups that have provided input, advice and expert opinion to the Obama administration on what the Federal government can do to improve cyber-security in meaningful ways. And they have actually listened to some of what the industry experts had to say.

On top of that, I have spent time and energy (like my whole life) in this field, first military, then physical and then information security. I can claim to know something about it. I can say, with great accuracy I believe, that those of us on the good side of this fight are definitely way behind the bad guys right now in terms of processes, tools and capabilities. We need to change that before we start claiming that NSA back doors are the problem.

Advertisements

About Eric Cowperthwaite

Nearly 30 year security professional, 11 years in the US Army, and another 18 in the civilian world. Worked for EDS for 9 years, then for Providence Health & Services as their CSO for 7 years. Now I work for CORE Security as their VP, Advanced Security & Strategy. This blog is not just about security, either physical or information. You can expect to read about cigars, my life, things I think are funny and much more. And I will rail about the FUD that so many security practitioners toss around on a regular basis. Plus, once in a great while, I might actually share a thought or two about security. Did I mention that I will probably blog about cigars? Just to be clear, nothing that I write here represents the position or opinion of my employer. Nothing I write here is proprietary or confidential to my employer. Everything I write here is my personal opinion.
This entry was posted in CyberWar, FUD, General, InfoSec, Life and Times and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s