Stories
Slash Boxes
Comments

SoylentNews is people

Why We Can't Teach Cybersecurity

posted by janrinok on Monday November 29 2021, @06:01PM   Printer-friendly
from the security-theatre-guild dept.

canopic jug writes:

At Tux Machines, educator and author, Andy Farnell, explores the problem of why we can't teach cybersecurity, whether at universities or trade schools. We've gotten to the point where neither the politicians nor the vendors themselves know or care what they are talking about in regards to device ownership, trust models, updates, conflicting laws, and most of all security theatre.

Big-tech corporations are insinuating themselves into our public education and health systems without any proper discussion around their place. It is left to well educated individuals to opt-out, reject their systems, and insist on secure, interoperable choices. Advisories like the European Interoperability Framework (EIF is part of Communication COM134 of the European Commission March 2017) recognise that tech is set to become a socially divisive equality issue. The technical poverty of the future will not separate into "haves and have-nots", but "will and the will-nots", those who will trade their privacy and freedom for access and those who eschew convenience for digital dignity.

As the word "infrastructure" (really vertical superstructure) has slyly replaced ICT (a horizontal service) battles have raged between tech monopolies and champions of open standards for control of government, education and health. The idea of public code (see the commentary of David A Wheeler and Richard Stallman) as the foundation of an interoperable technological society, has been vigorously attacked by tech giants. Germany fought Microsoft tooth and nail to replace Windows systems with 20,000 Linux PCs in 2015, only to have Microsoft lobby their way back in, replacing 30,000 desktops with Windows 10 in 2017. Now the Germans seem poised to switch again, this time taking back all public services by mandating support for LibreOffice.

He closes by calling out the current computer technology sector as being about power and alliances. It is more a part of the problem than a part of the solution in regards to ransomware, malvertising, and political manipulation.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Why We Can't Teach Cybersecurity | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by crotherm on Tuesday November 30 2021, @01:22AM (3 children)

    by crotherm (5427) on Tuesday November 30 2021, @01:22AM (#1200754)

    This is why it has to be the responsibility organizations that offer the services to keep things secure. User should not get to decide security policy. Well that's the way it used to be, so long ago, when sysadms were king. :p

  • (Score: 4, Insightful) by JoeMerchant on Tuesday November 30 2021, @02:24AM (2 children)

    by JoeMerchant (3937) on Tuesday November 30 2021, @02:24AM (#1200760)

    In the end, this is what regulations are all about.

    CE mark rolled out design controls in the mid 1990s, FDA followed suit for US medical devices shortly thereafter. They did it because the nature of competitive business is to cut corners, take risks, and if the shit hits the fan: file bankruptcy. Not a great standard for making products that put the consumers at risk of death or serious injury when they fail.

    We're getting to the point where insecure networks are literally putting people's lives at risk. I'd like to see industry self-regulate and keep their own house in order without mandatory audits, procedural requirements, etc. but if history is any guide, we can expect those kind of regulations to start affecting large swaths of the internet in a few years.

    --
    Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end

    • (Score: 3, Insightful) by MostCynical on Tuesday November 30 2021, @04:29AM (1 child)

      by MostCynical (2589) on Tuesday November 30 2021, @04:29AM (#1200781) Journal

      one of the fundamental questions that needs to be answered is "why are so many systems accessible on the internet?"

      "Convenience"? Not really much of a reason/excuse//
      Banks have to provide web pages and apps or lose customers..
      Hospitals?
      Medical practices?
      Lawyers?
      Schools?

      A simple web-based client booking system covers most "consumer" interactions for most of these..

      "Cloud" isn't a good enough excuse, either.

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex

      • (Score: 2) by JoeMerchant on Tuesday November 30 2021, @12:54PM

        by JoeMerchant (3937) on Tuesday November 30 2021, @12:54PM (#1200833)

        For sure... the first step I take in securing a system is to cut off un-necessary attack surfaces, starting with anything exposed to the open internet.

        Thing is, inside a hospital the network is so large and uncontrolled, it's almost as hostile as the open internet. Once you get more than about 5 users on a network, you really need to switch it to zero trust footing because one of them will be bringing in a trojan or virus sooner or later. And hospitals do have legitimate needs to communicate internally among hundreds, sometimes thousands, of users / endpoints.

        --
        Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end