Yeah… this is an example of what I’m talking about. It’s the romanticized version of the wild west online right now, and whenever you talk about the need for increased security, you’re subjected to a propaganda lecture (edit for clarity:) lecture about propaganda and the political implications of fucking twitter or something. Everyone is so primed to respond along the party line to the idea of troll farms that the conversation about how they’re used outside of influencing our elections never even occurs to people. Most don’t even realize it’s an issue that could be discussed.
So lets be clear here, while you’re absolutely correct about what you’re saying, that’s not related to what I was saying.
The near constant spear phishing, network intrusion, ransomware, impersonation, false landings, etc. attacks that every government, medical, social and technical system in the country is being constantly subjected to is the issue I am qualified to speak about. It’s an area where the US isn’t even attempting to fight back, and as beautiful as headline-darling things like stuxnet were, the developers that worked on it haven’t figured out how to mitigate ex: the rampant identity theft throttling the country. My favorite new one has been the theft of identity and thence blackmail of recently paroled prisoners, since a bad actor can easily get them returned to prison by just, say, using their credit card at a walmart out-of-state, or applying for public benefits in a different city. This happens all the time and nobody, at all, is talking about it. It’s so common I was brought in to write a set of tools that auto-generate the letter informing out-of-state LEO agencies that the person was the victim of identity theft and should not be found in violation of their parole terms, since that was so common it was all their entire staff were spending their time doing.
That’s just the one example that has occured to me, if you want more I can go on for very literal hours (just ask my students (who are no doubt quite stick of the topic…)). There’s no systems, or even the political or social will to investigate developing systems, that could even begin to address the most basic issues in this realm. That is the problem I was screaming helplessly into the void about.
(I made “false landings” up.)
No, it’s not unique to the US. But we’re by far the most dependent on technology out of any country and knowing this we talk a big game and do nothing to back said game up. The frequency with which [any agency you care to name] fails information security audits is pretty much just one long interrupted string of failures, and having worked with many western non-US governmental groups, the difference in security culture is pretty shameful.