Pages

19 January 2015

Murphy's Law: China And The Dark Side Strategy To Computer Security

January 12, 2015: A recent survey of in American civilian and government organizations found that civilian firms short about 40 percent of the computer security staff they had jobs for. In the government it was worse, with government and military organizations having far more unfilled tech jobs. Worse, the government and military were more likely to put unqualified people into the Internet security jobs and hope for the best, just so they could show better stats on their Internet security staffing. One thing you cannot fake is that 2014 was, like 2013, record breaking in the number of Internet system breaches and quantities of data stolen.

The most common reason for the staffing problems was the unwillingness of senior management to pay competitive salaries. This means that the companies were not able to pay what qualified people demanded. The firms that were willing to pay, and got the people they needed, were usually banking and financial firms, who seemed to better appreciate the importance of Internet security. 

Meanwhile military and government outfits in general, cannot compete (in terms of pay and benefits) for the best people and are forced to hire temps. The top tech people can be hired temporarily as consultants, but the government has to pay the very high going rate. The consulting firms snap up a lot of the qualified people by paying them what they are worth and then renting these experts out to the government and military at a high profit.

Eventually, probably sooner rather than later, the military will have access to the expensive and capable talent they need on a regular (not an emergency, “call in the consultants” basis). That's because this sort of thing has happened before. The Internet is but the latest new technology to arrive and upset the traditional way of doing things. This sort of thing got going in a big way during the 19th century, when telegraph, steam powered ships and railroads quickly became key military technologies. The military was almost entirely dependent on civilian experts to use these technologies and it took decades before the military was able to establish its own supply of experts.

Going into the 20th century it was the same problem with the flood of new technologies (radio, flight, still more electronic devices, modern cryptography and major advances in medical tech). In all these cases the military had to compete with better paying civilian organizations for the people who knew how to use and exploit these technologies.

The Internet is worse because the tech spread faster and farther than anything in the past and had bigger payoffs for criminals who could exploit the web. This led to more talented people coming in to take advantage of high pay offered to Internet security experts. As usual, the government and military have to be creative to get the talent they need. Some countries, like China, worked with Internet criminals, offering them sanctuary and high pay for obtaining data from other nations. This did not make Chinese Internet users immune from Internet scams, because there were so many Internet gangsters out there and the Chinese government only worked with some of them (who had to restrict their attacks in China to obtain sanctuary).

The highly qualified the government and military do have, or develop themselves, are always tempted to leave and take better paying civilian jobs. This happens despite the military offering, as they do with other specialists (like Special Forces troops, SEALs and electronic experts of all sorts) offer big cash bonuses to stay in.

No comments:

Post a Comment