The article tries to make it sound like the failure is a lack of prioritization and if they just focused correctly the problem could have been avoided, but I do not see why anybody would assume they would be able to protect their systems even if they tried.
How well protected do you think cyber-weapons designed to surveil countries, disable infrastructure, and destabilize governments should be? How capable and well-funded should the attacker need to be before gaining access to cyber-weapons designed to kill economies and people? $1B, $10B? A team of 1,000, 10,000?
Does anyone know of any system or organization in existence that would even be willing to claim they can stop a team of 1000 dedicated hackers working full-time for 10 years funded with $1B let alone put it in writing? What is the highest you have heard? Is it even in the general ballpark?
It is absurd to assume that the failure to solve the problem is just a lack of prioritization if no one even claims to be able to solve it and it is meaningless to propose that they should adopt policies that do not even claim to be able to protect against the actual threat model let alone have evidence of such protection. They either need to find someone who will make the extraordinary claim that they can provide an actual defense and have the extraordinary evidence to back up that extraordinary claim or they MUST NOT deploy such systems since they can not be protected.
Yeah I guess some people really misunderstood how hard making secure system is. Of course you can't claim to kill economy or too many people with it, but really you don't even need that kind of funding to break into most networks.
I guess it's safe to say that even with $1M of funding and small team of dedicated security researchers coupled with right people for social engineering you can break into any network. Everyone can be fooled and humans are always the weakest spot. Especially now when information about everyone is publicly available on social networks so you can gather all information you need remotely.
And when it's come to hacking into networks of company with no dedicated budget for cybersecurity cost of attack would be one or two orders of magnitude lower. Some self-organized groups of hobbyists prove you can even do it with no funding at all.
How well protected do you think cyber-weapons designed to surveil countries, disable infrastructure, and destabilize governments should be? How capable and well-funded should the attacker need to be before gaining access to cyber-weapons designed to kill economies and people? $1B, $10B? A team of 1,000, 10,000?
Does anyone know of any system or organization in existence that would even be willing to claim they can stop a team of 1000 dedicated hackers working full-time for 10 years funded with $1B let alone put it in writing? What is the highest you have heard? Is it even in the general ballpark?
It is absurd to assume that the failure to solve the problem is just a lack of prioritization if no one even claims to be able to solve it and it is meaningless to propose that they should adopt policies that do not even claim to be able to protect against the actual threat model let alone have evidence of such protection. They either need to find someone who will make the extraordinary claim that they can provide an actual defense and have the extraordinary evidence to back up that extraordinary claim or they MUST NOT deploy such systems since they can not be protected.