Depending on where you sit in the spectrum of security, you might think that the Internet is unguarded and that hackers run about unchecked. You might think that, without a government organization to dictate security stances and push the Internet kill switch, we are all unprotected from the evils of the world. You might even think that, with the advent of the US Cyber Command, the DHS and Joe Lieberman, we could all sleep better tonight. You could be forgiven for thinking this, but you'd also be completely wrong.
Both publicly and privately, commercial vendors, security researchers and private-sector operations teams work together every day to hold back the (highly sophisticated) barbarian hordes. Some of them are easy to find, but examples are probably in order:
- The SANS Internet Storm Center is staffed every day with an incident handler taking reports from the Internet, providing assistance and passing information to the public.
- The Shadow Server Foundation, "comprised of volunteer security professionals from around the world", provides exceptional, timely and actionable information on botnets and malware threats.
- In the face of the Conficker worm, a collaborative working group named (appropriately and somewhat unimaginatively) the Conficker Working Group was formed as "a collaborative effort with technology industry leaders and academia to implement a coordinated, global approach to combating the Conficker worm".
But the most interesting action occurs behind the scenes. Security vendors, Internet service providers, domain name registrars and some of the most talented individual researchers on the planet communicate every day on new attacks, compromises, bots and threats. Malware and exploit samples, locations of compromised hosts and information on crimeware are shared as quickly as the information is generated.
Most importantly, the people who can actually make a difference are all there working together to keep you safe.
By way of contrast, let's look at US CERT, the U.S. government group charged with, among other things, working with the private sector. Under "Current Activity" on the CERT website, you'll see notification that Apple released security update 2010-007. This information was added November 12th, 2010. Apple released the update November 10th, 2010. To be brutally honest, if you can't get timely notification out when the vendor is providing you the information directly, you have no hope of ever actually being useful.
In truth, the government's role in Internet security is limited by practical realities. They are as nimble as a grounded whale and lack the authority and access to actually address issues. They can't take down websites, they can't turn off domain names and they can't publish protection. The one thing the government can do is the thing it hates to do more than anything: provide us information that we don't already have.
This fight is not, and cannot, be made by any individual government. All kidding aside (mostly) they do have a role when things have reached the "cyberwar" stage or in those rare cases where law enforcement can actually do something. Besides, it is fun to watch them work on "Cyber Security Awareness Month", which is about as effective as warning labels on cigarettes. But from a usefulness standpoint, they'll never compete with the public.
The boots on the ground in this fight aren't combat boots. They are Birkenstocks and Chucks. There is no David Petraeus. But there is Steven Adair, Johannes Ullrich and HD Moore. The true cyberwarriors aren't wearing fatigues and they sure as hell don't wear suits. (OK, I admit, I did see HD in a suit once and he was the cutest thing you've ever seen) They are non-governmental people, many of them working for free, doing the right thing.
So yes, Hannibal ante portas. And yes, he's a mean bastard. But don't let the fear mongers make you think there isn't an army already out there working for you. We've had troops deployed for years and they know exactly what we are facing. They don't have political motivations, aren't hindered by mistrust between nations and can actually do something. But most importantly they came together because the world needed them long before many understood there was even a threat. Governments around the world, predictably, are late to the party. And they always bring crappy gifts.