According to NPR, Rep. Mike Rogers thinks that a piece of legislation is going to help stem the tide of IP theft on the part of foreign states like China. Rep. Rogers deserves credit for recognizing the problem and trying to do something about it, however the solution that he's considering - "naming and shaming" - not only won't work but completely misses the real problem.
The heart of the matter is not that foreign states are stealing U.S. intellectual property. Espionage is the 3rd oldest profession and our reliance upon cyber-space-time has made it easier than ever for agents around the world to not only take what they want but make it look like others are the culprits. The solution doesn't lie in deterrence because deterrence is a laughable concept among sophisticated attackers. While its natural to want to stop the "bad guys" from stealing what is yours, it's also naive to believe that you can do it. You can't stop bad guys from coming in, but you can stop your data from leaving. That's the key to ending China and Russia's relatively free access to U.S. technological secrets.
Don't threaten them. Don't pretend that you can deter them. Don't imagine that you even know which one of them is doing the attacking at any given time. Instead, Rep. Rogers should write legislation that requires U.S. companies to inventory their critical data so that they know where on their network it resides, then implement a set of security controls that monitors the behavior of authorized users and locks that data down when certain norms are violated. The hard truth of the matter is that most companies today don't have a clue about where on their network their critical data resides because they've bought into the old school security model of trying to stop attacks at the perimeter of their network. Until that changes, Rep. Rogers and others like him will just waste more taxpayer money and perpetuate the illusion that the problem is somewhere "out there" and can be stopped with U.S. muscle.
Add to Cart
The heart of the matter is not that foreign states are stealing U.S. intellectual property. Espionage is the 3rd oldest profession and our reliance upon cyber-space-time has made it easier than ever for agents around the world to not only take what they want but make it look like others are the culprits. The solution doesn't lie in deterrence because deterrence is a laughable concept among sophisticated attackers. While its natural to want to stop the "bad guys" from stealing what is yours, it's also naive to believe that you can do it. You can't stop bad guys from coming in, but you can stop your data from leaving. That's the key to ending China and Russia's relatively free access to U.S. technological secrets.
Don't threaten them. Don't pretend that you can deter them. Don't imagine that you even know which one of them is doing the attacking at any given time. Instead, Rep. Rogers should write legislation that requires U.S. companies to inventory their critical data so that they know where on their network it resides, then implement a set of security controls that monitors the behavior of authorized users and locks that data down when certain norms are violated. The hard truth of the matter is that most companies today don't have a clue about where on their network their critical data resides because they've bought into the old school security model of trying to stop attacks at the perimeter of their network. Until that changes, Rep. Rogers and others like him will just waste more taxpayer money and perpetuate the illusion that the problem is somewhere "out there" and can be stopped with U.S. muscle.
0 komentar:
Posting Komentar