A cybersecurity lobbying boom in DC, as congress considers new laws

Recent actions by Congress and the Obama administration to "protect networks of critical U.S. industries from hackers and cyberspies" have led to an explosive growth opportunity...for lobbyists. Bloomberg reports that there were "513 filings by consultants and companies to press Congress on cybersecurity by the end of 2012, up 85 percent from 2011 and almost three times as many as in 2010."


  1. I think it’s important for people to realize that computer security can be properly fixed. 

    Fixed as in no more computer viruses, etc.

    The Genode project is going in the direction required for this to happen, towards a system based on capabilities.

    In such a system, you always tell the computer what to use when running a program, and thus always know the exact extent of change that can happen BEFORE you run a program. No more corrupted systems, no more virus scanners, none of that.

    It will happen eventually…. 10 years from now… as people figure out that they’ve all been making bad assumptions, and realize that a better reality is possible.

    1. While that approach is a huge step up, is is not a silver bullet. Systems like this have been in practice for years (Java, for instance) and have been studied for decades. Like I said, huge improvement, but hardly an end to security woes. Most bugs that lead to security vulnerabilities would not be thwarted by such a system. Not SLQ injection, not ROP-based memory corruption vulnerabilities.

      NaCl, the Java sandbox and permissioning model, proof-carrying code, etc enable the building of more secure applications, but there will always be bugs, and when there are bugs, there will be vulns.

Comments are closed.