Windows 7: Toward a Culture of Security Measurement

“Our dependence on all things cyber as a society is now inestimably irreversible and irreversibly inestimable.”

Yeah, I had to re-read that line a few times, too. Which is probably why I’ve put off posting a note here about the article from which the above quote was taken, a thought-provoking essay in the Harvard National Security Journal by Dan Geer, chief information security philosopher officer for In-Q-Tel, the not-for-profit venture capital arm of the Central Intelligence Agency.

The essay is well worth reading for anyone remotely interested in hard-to-solve security problems. Geer is better than most at tossing conversational hand grenades and then walking away, and this piece doesn’t disappoint. For example:

“Looking forward, without universal strong authentication, tomorrow’s cybercriminal will not need the fuss and bother of maintaining a botnet when, with a few hundred stolen credit cards, he will be able to buy all the virtual machines he needs from cloud computing operators. In short, my third conclusion is that if the tariff of security is paid, it will be paid in the coin of privacy.”