Cybersecurity

'Patch and pray' remains the norm nearly 20 years after hackers warned US lawmakers about risks

  •  
  •  
  •  
  • Print

Hacker

Image from Shutterstock.

In 1998, a group of young hackers testified before a U.S. Senate committee, warning that what one describes as a “patch and pray” after-the-fact approach to cybersecurity was bound to create serious Internet security repercussions sooner or later. Any one of the seven had the skills to take down the Internet in about half an hour, lawmakers were told.

Although lawmakers on the governmental affairs committee agreed that more protection was needed, essentially the same lack of cybersecurity still exists today, reports the Washington Post (reg. req.) in a lengthy article.

Fred Thompson, a Republican senator from Tennessee, was the committee’s chair at the time, although his career as a federal lawmaker ended more than a decade ago. A lack of security on the Internet is a tough problem for the government to solve, he said. “Number one, it’s very difficult, and number two, there’s no immediate political payoff for anyone.”

To be effective, security needs to be built into software before it is released. But profit-driven private companies tend to take short-cuts to get their products to the market more quickly.

Chris Wysopal, one of the group of seven who testified in 1998, started a security consultant business known as Veracode in 2006. It took the Great Chicago Fire to get government building standards upgraded there, and it will take a similar disaster on the Internet to get adequate government security standards imposed on the worldwide web, he predicts.

“The market didn’t solve the problem of cities burning down,” he said. “It seems to me that the market isn’t really going to solve this one on its own.”

See also:

ABAJournal.com: “Home Depot confirms data breach”

ABAJournal.com: “After Sony hack attack, companies are curtailing email use”

ABAJournal.com: “Hackers may have accessed records of 4 million federal workers; was China responsible?”

Risk Assessment/Security & Hacktivism (Ars Technica): ” ‘EPIC’ fail—how OPM hackers tapped the mother lode of espionage data”

Give us feedback, share a story tip or update, or report an error.