Reuters just published a story entitled Analysis: The near impossible battle against hackers everywhere on the current state of panic in the industry. Earlier this week the security firm Mandiant published their assessment of the state-run hacking program operated by the Chinese government. It was tempting to pull the entire article as a quote. The rhetoric in the article reflects a state of panic held by many security professionals:
“They outspend us and they out man us in almost every way,” said Dell Inc’s chief security officer, John McClurg. “I don’t recall, in my adult life, a more challenging time.”
“There is a battle looming in any direction you look,” said Jeff Moss, the chief information security officer of ICANN, a group that manages some of the Internet’s key infrastructure.
“Everybody’s personal objectives go by the wayside when there is just fire after fire,” said Moss, who also advises the U.S. Department of Homeland Security.
“Your average operational security engineer feels somewhat under siege,” said Bruce Murphy, a Deloitte & Touche LLP principal who studies the security workforce. “It feels like Sisyphus rolling a rock up the hill, and the hill keeps getting steeper.”
“I don’t remember a time when so many companies have been so visibly ‘owned’ and were so ill-equipped,” said Adam O’Donnell, an executive at security firm Sourcefire Inc, using the hacker slang for unauthorized control.
“Our biggest issue right now is getting the private sector to a comfort level where they can report anomalies, malware, incidences within their networks,” McFeely said. “It has been very difficult with a lot of major companies to get them to cooperate fully.”
He said what worries him the most is Chinese presence on networks that have no espionage value, such as systems that run infrastructure like energy and water plants. “There’s no intellectual property to be pilfered there, no trade secrets, no negotiating positions. So that makes you frightened because it seems to be attack preparation,” Hayden said.