Anyone who follows the security field knows that protecting government systems can be an uphill battle. With thousands of systems in use, there is no shortage of vectors for attackers to target.
Still, most people expect officials to be confident in their ability to protect critical infrastructure from outside attack. Which makes the recent comments from US general Keith Alexander all the more disturbing,
A recent report from Wired quotes Alexander as saying that the NSA has essentially conceded its networks to outside attackers.
"15,000 enclaves: You can’t see ‘em all. You cannot defend them all," Alexander was quoted as saying.
"You've got to have an infrastructure that is defensible."
Alexander goes on to note that the government is looking to improve security by consolidating its networks and shifting data to centralised locations by way of hosted clouds, but the remarks underscore an ugly truth when it comes to government data security.
In many ways, agencies have already conceded to outside attackers. Recent security exercises all assume that hackers will breach critical systems, and governments have admitted that they cannot secure systems on their own.
Recently, the US has sought to enlist hackers in its efforts to lock down critical infrastructure. DARPA recently hired legendary hacker Peiter "Mudge" Zatko as a programme manager, and the Black Hat co-founder wasted little time in enlisting private security researchers to help with security projects.