We need to recognize that some level of failure in systems will be the optimal level to balance the amount of funding that we get against the return that we're expected to provide. No rational person expects to get return on an investment portfolio with zero risk; and any portfolio with risk is going to have a few losers. We as a society make these tradeoffs in many ways: whether explicitly or implicitly. Two universal constants of computing remain operative today: computer systems fail, and people make mistakes. We need to build our infrastructures understanding these realities.
Now that "cybercrime" is being perpetrated by organized crime undoubtedly attackers will get more sophisticated. In light of this, Phil Williams of the CERT Coordination Center wrote in August 2001 that the real problem is not breaking into computers, but crime generally. If we mean to succeed, I believe that we will need to do three things:
Matt Curtin is a Columbus-based technologist, writer, and entrepreneur. Matt founded Interhack in 1997 as a research group that looked at the side-effects of using the Internet as a large-scale computing and communication platform. In 2000, he reorganized Interhack into a professional service practice focused on forensic computing and information assurance.