The Worst Article You Might Ever Read About 'Cybersecurity'

from the this one's special dept

There has been a lot of discussion lately about “cybersecurity” “cyberwar” “cyberattacks” and all sorts of related subjects which really really (really!) could do without the outdated and undeniably lame “cyber-” prefix. This is, in large part, due to the return of CISPA along with the White House’s cybersecurity executive order. Of course, the unfortunate part is that we’re still dealing in a massive amount of hype about the “threats” these initiatives are trying to face. They’re always couched in vague and scary terms, like something out of a movie. There are rarely any specifics, and the few times there are, there is no indication how things like CISPA would actually help. The formula is straightforward: fear + handwaving = “we must have a law!”

However, I think we may now have come across what I believe may top the list of the worst articles ever written about cybersecurity. If it’s not at the top, it’s close. It is by lawyer Michael Volkov, and kicks off with a title that shows us that Volkov is fully on board with new laws and ramping up the FUD: The Storm Has Arrived: Cybersecurity, Risks And Response. As with many of these types of articles, I went searching for the evidence of these risks, but came away, instead, scratching my head, wondering if Volkov actually understands this subject at all, with his confused thinking culminating in an amazing paragraph so full of wrong that almost makes me wonder if the whole thing is a parody.

The piece starts off, though, by playing up those supposed “risks,” discussing how companies face “economic devastation” due to the “theft of valuable trade secrets.” Here’s an exercise: name one such company that has been so devastated. We’ll wait. Then he talks about how these hacks could lead to “disclosure of consumer and employee information.” Of course, he seems to be mixing and matching the types of hacks he’s talking about. The “trade secret” stuff is generally corporate espionage, whereas the leaking of data tends to just be more general malicious hacking. Very different issues that probably require very different responses. But they’re lumped together here.

So we’ve got an ill-defined problem, but have no fear, because the answer is here: Congress!


At the core of the problem is Congress’ failure to act. For years now, Congress has tried to enact meaningful cybersecurity legislation.

Any analysis of whether or not the attempts at “meaningful cybersecurity legislation” would have any impact at all on the kinds of attacks discussed in the first paragraph? Why, no. Because that would be useful. But that’s okay, because Congress needs to act!


The risks are too large and the consequences of failing to act can result in serious economic consequences.

Again, can someone point to any evidence of cybersecurity issues having “serious economic consequences” to date? Yes, it’s possible they might in the future, but let’s put these things in perspective.

And then we get to this. I warn you ahead of time: reading the following paragraph may cause certain knowledgeable brains to experience something akin to spasms.


Recent cyber-attacks have illustrated the ability of terrorist groups and foreign governments to cause havoc on the Internet. The United States Sentencing Commission’s website was destroyed when activists attacked the site to protect the federal prosecution of Bart Swartz which eventually led to Mr. Swartz committing suicide. For years, the Chinese government has launched massive daily attacks against our government and private industry which are aimed at disrupting government operations, stealing trade secrets and undermining economic activity.

Let’s break this down. Bit by awful bit.


Recent cyber-attacks have illustrated the ability of terrorist groups and foreign governments to cause havoc on the Internet.

Where and how? So far, the only example of any government causing any sort of “havoc” appears to have been the US with Israel with their attacks on Iran via Stuxnet, Flame and possibly some other very targeted malware attacks. What “terrorist groups” or “foreign governments” have actually caused any actual “havoc on the Internet”? The answer is none. It’s certainly not what comes next:


The United States Sentencing Commission’s website was destroyed when activists attacked the site to protect the federal prosecution of Bart Swartz which eventually led to Mr. Swartz committing suicide.

Yeah. Okay. (1) The United States Sentencing Commission’s website was temporarily hacked (and later taken down). It was not “destroyed” in any sense of the word. (2) Activists are neither the “terrorists” nor “foreign governments” we were promised in the preceding sentence. (3) Taking down the site briefly did not cause “havoc.” (4) BART Swartz??!??!? (5) The hack was to protest the federal prosecution of Aaron Swartz, not to “protect” it. (6) While many of Swartz’s friends and families do say that the prosecution likely led to his suicide, no one can say for sure. (7) Nothing about the hack by Anonymous had anything to do with “cybersecurity” nor would CISPA have protected the Commission’s website (better programming might have). Basically, this sentence is just about as wrong as it could possibly be, and has nothing to do with what the article is about, other than drumming up fears about “cybersecurity.”


For years, the Chinese government has launched massive daily attacks against our government and private industry which are aimed at disrupting government operations, stealing trade secrets and undermining economic activity.

There’s been plenty of talk about these Chinese hacks, which definitely do appear to be happening. But, what economic activity has been undermined? So far, the hacks may have been a nuisance, but it’s unclear that they’ve done any real damage. It is also unclear how CISPA helps stop such hacks, other than making Congress feel like it’s “done something.”

Are there issues with online security that need to be taken seriously? Yes, absolutely. Do we need legislation to deal with those problems? That’s debatable, and we’re still waiting for some evidence not just of scary sounding threats, but that this kind of legislation will actually help. Unfortunately, this article keeps us waiting. But, it did make us laugh. Unintentionally (we think).

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The Worst Article You Might Ever Read About 'Cybersecurity'”

Subscribe: RSS Leave a comment
52 Comments
Anonymoussays:

Re: Can't help but wonder

A journalist or scientist, he will never be. The piece is a very bad post. Without the two-sides represented of a debate-piece, without the coherence or new views of an opinion-piece and without the specifics for a scientific piece or an expos?. Also its lack of fact checks truely leaves it in the dust of “junk you only find on the internet”.

The guy is even stupid enough to use the disclaimer:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Which makes your “consulting services”-theory pretty much confirmed…

Jaysays:

Re: Can't help but wonder

corruption laundering at its finest

Prior to launching his own law firm, Mr. Volkov was a a partner at LeClairRyan (2012-2013); Mayer Brown (2010-2012), Dickinson Wright (2008-2010); Deputy Assistant Attorney General in the Department of Justice (2008); Chief Counsel, Subcommittee on Crime, Terrorism and Homeland Security, House Judiciary Committee (2005-2008); and Counsel, Senate Judiciary Committee (2003-2005); Assistant US Attorney, United States Attorney’s Office for the District of Columbia (1989-2005); and a Trial Attorney, Antitrust Division, United States Department of Justice (1985-1989).

So rooting for more power is right up his alley.

Anonymoussays:

‘we’re still waiting for some evidence not just of scary sounding threats, but that this kind of legislation will actually help.’
what it most definitely will do is give Congress (or some member) the excuse to put yet another bill on the table of another reason why we must have CISPA! given that the guy is a lawyer, i hope when he goes into court he has researched the case fully. his poor defendant could end up in the shit when there was previously no shit to be in!

Jon Renautsays:

Typos and stuff

The United States Sentencing Commission?s website was destroyed when activists attacked the site to protect the federal prosecution of Bart Swartz which eventually led to Mr. Swartz committing suicide.

If you take “protect” as a typo for “protest”, substitute “Aaron” for “Bart”, let him say that the prosecution caused the suicide, which may be false but certainly isn’t an absurd position to take, and wave away “destroyed” as coming from someone who doesn’t understand websites, that sentence makes sense.

The United States Sentencing Commission?s website was hacked when activists attacked the site to protest the federal prosecution of Aaron Swartz which eventually led to Mr. Swartz committing suicide.

Mike Masnicksays:

Re: Typos and stuff

But then note that this follows a sentence in which he insisted that “terrorists” and “foreign governments” were causing “havoc” on the internet, which requires the need for CISPA. So you would expect the following sentence to support that. So even if you assume that those were mere sloppy typos, the whole sentence is problematic.

Josh in CharlotteNCsays:

Re: Re: Typos and stuff

he insisted that “terrorists” and “foreign governments” were causing “havoc” on the internet, which requires the need for CISPA.

There have ben a number of long running denial of service attacks on mostly US banking sites originated by Iranian groups, which are thought to be funded by the Iranian government. Now, I don’t automatically associate Iranian with terrorist, but it is easy for many people to ignore the distinction. And they’re pretty standard DDoS attacks, nothing particularly out of the ordinary.

Of course, the point about CISPA stands – there’s no need for it even in those cases.

Not an Electronic Rodentsays:

Re: Typos and stuff

If you take “protect” as a typo for “protest”, substitute “Aaron” for “Bart”, let him say that the prosecution caused the suicide, which may be false but certainly isn’t an absurd position to take, and wave away “destroyed” as coming from someone who doesn’t understand websites, that sentence makes sense.

Um, not really, no. Re-reading it again, it more looks like he’s trying to subtly make a link between the hacking of the website and Aaron Swartz’s suicide, which falls more into the disgustingly and cynically manipulative category.

Anonymoussays:

Re: Re: Re: Typos and stuff

I have to agree with you. Any way I read that sentence it comes of to me as meaning that the prosecution leading to the suicide. I also suspect that you are right that he meant to say protest instead of protect and just never proof read the sentence before putting it up. It makes a whole lot more sense then. It’s still DEAD WRONG, but it’s then at least coherent.

And don’t you know that that is what asteroids do – DESTROY THINGS… apparently even in cyberspace. ­čÖé

Not an Electronic Rodentsays:

Re: Re: Re: Re: Typos and stuff

Any way I read that sentence it comes of to me as meaning that the prosecution leading to the suicide.

In terms of that specific sentence out of context I’d tend to agree – I was more looking at the context of it being in the middle of a rant about “cyber-terrosism and scary-type-computer-stuff”. If he had directly inferred a link, there would have been outrage but to put the 2 things in the same sentence in the middle of the other things he’s talking about seems to me to try and infer a link purely by association – otherwise why refer to his suicide in that context at all?
But then maybe I’m totally wrong and giving him too much credit for rationality and subtlety. It’s entirely possible he’s just talking total bollocks throughout.

TasMotsays:

Another Law that will What

To repeat on the point of what will CISPA (or any law) do to help the situation. What evidence is there that any new law will stop the blankety-blank-war attacks. I mean just like laws against stealing, killing, and jaywalking have totally stopped all of those activities, passing CISPA will just instantly stop all of those activities that the insiders want to call Cyber something to make it sound ominous. Anyone with a computer hooked to the Internet will still need to put a lot of effort into providing security (to everything). The only thing a new law could possibly provide is the ability to go after suspected violators way after the fact AND to use to HARASS others who do something that is not liked. Its alredy illegal to break in and take things, now just better locks are needed, not new laws.

special-interestingsays:

Its more likely the sponsors of pork barrel spending needed a new piece of legislation, that the prez was likely to sign, to tack on some fat and this article was its foreruning rally cry. I agree this is some unsubstantiated (and even wrong) claim of terror.

The unanswered, unspoken question is what is really being attempted here. What self protectionism special interest (group?) is going on behind the scenes produces such wild, and certainly, unneeded proposed legislation. It is at least possible that this is just another way to legalize what has already been (being?) done.

The executive order definitely seems more rubber-stamping by the current administration. Its kind of irresponsible in the light of current politicians ability to create constitutionally viable law especially in the area of privacy.

Misspelling Aaron Swart’s name is almost comedic. Did anyone writing the article care about an activist anyway. Relating activists to terrorists the demonetization of a whole class of Americans. Would that be declaring class warfare in writing? If they would hire some of them to program their websites I’d bet their vulnerability to China hacks would be much less.

I said what I needed to about privacy in this recent post: http://www.techdirt.com/articles/20130226/14360422120/supreme-court-effectively-says-theres-no-way-to-challenge-warrantless-wiretapping.shtml#c681 which was one of my more difficult essays. It takes a bit to write my (wordy) posts and its at the end. The only error I made was not removing Carter as an exception.

The current US batch of politicians seem to have entered a no privacy zone. I hope the voters issue a stiff parking ticket.

The consequences of collecting private intel on the lifestyles of average citizens is summed up on this post: http://www.techdirt.com/articles/20130225/18022322104/north-carolina-newspaper-with-no-backbone-apologizes-its-request-public-records.shtml#c1019 (don’t be a bully!)

am glad I wrote those posts so this post can be so short. haha

special-interestingsays:

Re: Re:

If thats your opinion thats good really. ?Full of myself? would imply that I was just spouting my opinion alone with no substantiation of it. Furthermore. Much of what I write is not my original content but just an attempt to make sense of difficult to grasp concepts (and of what I read and hear) and possibly fill out some of the logic gaps.

Despite some education I find the gaps to be huge especially in the areas of monopolies and top down media business models and the effects on shared culture areas. I am of course hoping to get some commentary/feedback involving this. Its a wonderful intellectual exercise full of discovery.

I put a bit of effort into the logic behind the topic each post is about. They can be a bit wordy and the time that takes usually means they are near last and comments are sparse. Argue with me. Tell me I’m wrong. But. Please explain how so I can elaborate as it seems each paragraph and sentence of my posts can be a whole essay in themselves. I’m kind of eager for it.

Thanks for commenting.

Anonymoussays:

If Cybersecurity is such an issue, why aren’t these people calling on Microsoft to produce a more secure product? Why are they not jumping on the doorsteps of those that make the SCADA systems for not designing better security within? Why are they not ramping up efforts to change the basic way email works?

If this were something besides misdirection for more draconian laws to allow more invasion of privacy, it would seem that addressing where the points of weakness are, would be the solution. Those solutions that work pretty much always address the root cause, not the hand waving, vaporous, symptoms.

Anonymoussays:

Re:

  1. People have been yelling at Microsoft about security forever.
  2. It’s a lot easier (and cheaper) to scream for draconian laws than it is to do a major overhaul of those sorts of software systems.
  3. Email was never intended to be secure in the first place. There is a reason why the protocol is called the SIMPLE Mail Transfer Protocol. You don’t send cash through the USPS for a reason and the sooner people learn that you don’t send sensitive information through email, the better. Besides any change in the standard would require every email server on the planet to simultaneously adopt the new standard which is a feat that is next to impossible to accomplish.
Anonymoussays:

Anyone with a server knows this is nothing new

And not that big a deal.

Anyone who has a server gets probed on a regular basis. They come from everywhere (including the US). I don’t know why China is being singled out (other than they’re a convenient bogeyman).

Just for fun sometime, everyone should have to put up an old server with an old un-patched OS without any firewall or NAT. Within a day, your login prompts will generally be swapped out with some gotcha message. These attacks generally come from script kiddie thrill seekers, not malicious communists trying to destroy the Internet.

And it doesn’t take much precautions to keep fairly safe on the Intertubes.

Mosquitoes are a good analogy. Mosquitoes do cause billions of dollars of damage in the world (real dollars, not hype dollars). And I often get some mosquitos outside my windows. But I’m not giving the cops the keys to my place because of the problem. First of all, I don’t need the invasion of my domain, secondly I don’t see the cops being able to do much more than I can. So what’s the point?

Not an Electronic Rodentsays:

Re: Anyone with a server knows this is nothing new

Within a day, your login prompts will generally be swapped out with some gotcha message

That’s optimistic… last time I tried that a few years ago the thing was penetrated practically in minutes and totally hacked to hell and gone in hours… ‘course that was on a corporate address range, I guess it might last a bit longer on a generally less target-rich environment like a bog-standard home broadband DHCP range….

Ninjasays:

Re: Fixed one mistake, left the rest.

Come on Mike, a lawyer (?!) of his caliber wouldn’t have committed such mistake. I’m sure this was a result of Bart Simpson hacking into his site and writing something that’s akin to “Bart was here”. If CISPA was already up and running none of this would have happened!

On a more serious note my brain skipped a few electric pulses while reading all that bullshittery.

The Real Michaelsays:

The scary thing here isn’t the threat of ‘cyberwar’, which is absurd. No, the real scary thing is that some people are dumb enough to actually believe this nonsense.

Anyone can conjure up hypothetical scenarios of doom and gloom playing out in the future; that doesn’t make them true or inevitable. From what I gather, some people’s job in government is solely to drum up fear and panic over manufactured what-if scenarios, then attempt to shift responsibility to Congress to act or be held accountable for the ‘consequences’ of doing nothing to prevent it. Yes, somehow, it’s government’s job to be future-proof against all manner of crime. Invariably the idea is to give themselves more extraordinary powers. They’re so predictable, they may as well be a broken record.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ┬╗

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it