Profile picture
, 15 tweets, 4 min read
My Authors
Read all threads
In security, attackers have an easier job than defenders: an attacker has to find a single mistake that a defender has made; a defender has to make no mistakes.

But the best defense is NOT a good offense. Neglecting defense means abandoning the people you're defending.

1/
So guess how the US apportions its "cyber" budget.

It's all "deterrence" (i.e. offensive capability) and virtually no actual defense. As @Jason_Healey writes in @lawfareblog, this leaves Americans as "prey," not "predators."

lawfareblog.com/cyber-budget-s…

2/
Healey is writing about the Cyberspace Solarium Commission's report "on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences."

solarium.gov

3/
The report shows that the vast majority of information security spending in the US is though the military, not through defensive organizations like the DHS, a trend that began with Clinton and has been continued by every president since, with massive acceleration under Trump.

4/
Ironically, Trump has criticized previous admins for neglecting defense and pledged to increase it as a priority, but all he did was redefine "defense" to mean "punishing those who use cyber tools for malicious purposes" and attaining "peace through strength."

5/
Which is why the DoD's cyber budget is 25% higher than the total infosec budget of ALL defensive agencies, with US Cybercommand HQ getting 33% more to cover program ADMINISTRATION than the ENTIRE State Dept cyber budget, INCLUDING operations.

6/
The DoD's cyber ops budget is 250% of the budget for then entire Cybersecurity and Infrastructure Security Agency, and 1000% of the budget for the National Cybersecurity and Communications Integration Center.

7/
And that's just the part of the budget we know about; most of the DoD's budget is a secret. It's part of the trend Rosa Brooks spoke of: "everything became war and the military became everything."

8/
Healey: "There are tremendous risks when a fearsome offense is paired with a weak defense," because "a more fearsome cyber offense makes it more likely they will get in a sucker punch on the U.S. before Cyber Command can bring its big guns to bear."

9/
He's focused on the geopolitics, but we must attend to human costs. When computer criminals steal trade secrets or kompromat, steal identities or clean out your bank account, they get away clean because your government has prioritized attacking rivals over defending YOU.

10/
To take just one example: the NSA found a vulnerability in Windows that they codenamed "Eternalblue." Rather than report that bug to Microsoft so it could be fixed and everyone relying on Windows could be safer, the NSA kept the bug a secret so it could attack its enemies.

11/
Then Eternalblue leaked. It got picked up by dumdums and spliced into some not-very-effective ransomware, supercharging in and giving birth to the Wannacry epidemic. Wannacry went on to shut down numerous businesses and hospitals around the world, including in the US.

12/
But it did worse than that: Wannacry was used to shut down entire US CITIES. For MONTHS. Including, for example, Baltimore, a city that serves as a commuter town for Beltway Bandits, perhaps including some who decided not to fix Eternalblue.

nytimes.com/2019/05/25/us/…

13/
It would be one thing if the only people who suffered as a result of this ghastly blunder was DoD personnel and their overpaid contractors - but the collateral damage here is staggering.

14/
An offensive posture means you can make your enemy's rubble bounce after they slaughter your people. Only a general hoping for consulting work with a defense contractor could view this as a good tradeoff for the casualties experienced by the people they've sworn to protect.

eof/
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Cory Doctorow #BLM

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @doctorow see all

Profile picture
Cory Doctorow #BLM
@doctorow
Maybe you think cops have been with us forever. Didn't Robin Hood tangle with the Sheriff of Nottingham?

Nope! Sweary medievalist @GoingMedieval: "historically in the global north an established police force... is an extremely new development."

going-medieval.com/2020/06/17/on-…

1/ Image
In medieval Europe, communities were expected to raise a "hue and cry" when they witnessed a crime, bringing out people to apprehend the perpetrator and bring them to justice.

2/
"Elsewhere, adult men were organized into groups of ten called 'tithings' where each man in the group was tasked with bringing the others to justice if they committed a crime. "

3/
Read 8 tweets
Profile picture
Cory Doctorow #BLM
@doctorow
You've probably heard a lot about how robutts are coming to steal your jerb, but even a cursory look at both employment stats and the state of automation tell a very different tale.

1/
A pair of essays from @SareetaAmrute, @mawnikr, and @brian_callaci from @datasociety take a deep dive into the reality of precarious employment and its relationship to automation.

2/
In "Why Are Good Jobs Disappearing if Robots Aren’t Taking Them?" the authors blame the disappearance of good jobs not on automation, but on the ability of apps to circumvent employment law (the gig economy).

points.datasociety.net/why-are-good-j…

3/
Read 12 tweets
Profile picture
Cory Doctorow #BLM
@doctorow
The @CGPdc is an "independent, non-partisan American think tank working exclusively on issues at the intersection of U.S. foreign policy and Muslim geopolitics."

1/ Image
It's just published a major report by @dtbyler on the tech of the war on Uyghurs and Kazakhs in China's #Xinjiang province; a devastating high-tech panopticon whose most visible element are concentration camps where 1M+ people were imprisoned.

cgpolicy.org/articles/the-g…

2/
But the whole story isn't the walled prisons: it's the entire region, which has been turned into an open air prison where technology tracks and controls predominantly Muslim Turkic people while allowing Han people to go about their business largely unhindered.

3/
Read 21 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!