I'm no expert on current corporate countermeasures either, but as far as I know its as you stated: US corporations are tightly focused on defensive measures, but they tend to be passive (at least with those that will discuss or publish security countermeasures in anything resembling a public venue appear to be that way). Some that would like to take active measures are deterred by concerns about legal liabilities resulting from the potential impacts of active measures along the lines of the counterattack type that you suggest - with liability being a constant concern of corporate lawyers in any case.Originally Posted by carl
Sam may have better knowledge of current private sector defensive actions, if he wants to jump in.
Also, there is a government-private sector information sharing entity that has been in existence for a few years now, the Domestic Security Alliance Council, which is intended to facilitate the sharing of critical information between corporations and the FBI and DHS. A substantial part of that is focused on the cyber threat. I'm not saying its really effective, but its there and can be leveraged by the private sector.
And Dayuhan and Ken's remarks about education are also important in the context of an evolving long-term cyber threat - for at least the past two years there have been intermittent reports about the number of computer science grads being too small to meet economic demands, which may or may not also factor in cyber security demands. Hell, just last month the University of Florida was about to eliminate its Computer Science department - while increasing the athletic budget by around $2 million - until a huge outcry resulted in the reversal of that decision. But it remains clear that focus is lacking too many institutions of higher education, let alone our weak and damaged primary education system.
Reply With Quote
Bookmarks