There Be Dragons

It's a sorry fact of human nature that you have to be fooled at least once before you can hope to avoid being fooled again.

It's a sorry fact of human nature that you have to be fooled at least once before you can hope to avoid being fooled again. Based on some recent reading material, spanning two different but strangely comparable realms, I herewith reaffirm this wisdom: Absent persuasive experience, abstract threats are insufficient motivation for developing truly effective countermeasures. It will take a devastating cyberattack to focus concerted attention on real solutions.

What have I been reading? A Government Accountability Office report with the unambiguous title "Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities" and a book of essays by journalist William Langewiesche called The Outlaw Sea: A World of Freedom, Chaos and Crime.

The GAO report on the middling efforts of DHS to safeguard cyberspace disperses blame in several directions: a dearth of institutional stability in DHS's formative period, its struggle to attract top talent, the slow pace in forging successful partnerships on all fronts and more. But itâ¬"s that lack of persuasive experience that seems a plausible cause as well. One of my colleagues, CISO Carlos Mena, observes that President George W. Bush has a rogueâ¬"s gallery of al-Qaida leaders on his desk, and when one of them is captured or killed, Bush X's out the face. Says Carlos, "This is a major priority for him."

By contrast, the disordered fabric of cyberspace offers the president no vivid equivalent of X-outable terrorist mug shots. More important, there have so far been no catastrophic loss-of-life cybersecurity events to stiffen the spines of the shock troops whose job is to secure that infrastructure. So far, as the GAO report makes clear, DHS has succeeded only in developing an orderly framework of good intentions to apply to the wholly intransigent domain of cyberspace. Too much work yet remains to be done to declare even midrange success.

In fairness, it seems likely that no matter how robust the defenses, there will always be ready weaknesses to exploit. The Internet is vast and deep, its possible points of failure too numerous to inventory. In an architecture of interconnectedness, the lowest common denominators can be shockingly low indeed.

Which brings me to my second realm: the planet's oceans. Langewiesche's The Outlaw Sea characterizes the worldâ¬"s watery parts as fraught with nearly ineradicable chaos, unamenable to genuine regulation. There are dangers from modern forms of piracy, from aging decrepit vessels that fly flags of convenience and endure only lax inspections, from unqualified or unvettable crews, and from virtually undetectable terrorism.