This evening I was very happy to attend a live taping of CNBC's Fast Money program in Washington, DC. Several years ago my wife and I saw a live taping of CNN's old Crossfire program, but this event took place in a huge hall with over 2,000 audience members.
Before the broadcast Fast Money host Dylan Ratigan addressed us and shared his thoughts on current economic conditions. He said that a lack of transparency was a fundamental problem on Wall Street and in Washington, DC. He stated he is on a crusade to obtain from those in power the information investors and citizens need to make sound decisions.
This point resonated with me. Looking at the financial wreckage around us, I remembered my post Bankers: Welcome to Our World. I wondered if I might have to write a post where bankers tell digital security people "welcome to our world." In other words, what bubbles of false security have we encouraged thanks to low security spending, lack of management interest, and lack of visibility? (The financial equivalents might be low interest rates, poor oversight, and off-balance-sheet activities.)
In my post General Chilton on the Cyber Fight I used this language:
Imagine that you defer that cost by not detecting and responding to the intrusion. Perhaps the intruder is stealthy. Perhaps you detect the attack but cannot respond for a variety of reasons. The longer the intrusion remains active, I would argue, the more debt one builds.
For my keynote at the 2008 SANS Forensics and IR Summit I coined the term intrusion debt to describe the costs I outlined in my Chilton post. (Slides from my SANS talk are here. [.pdf])
When does that intrusion debt become too great? How many CEOs/CIOs/CTOs/CISOs/CSOs will look at the digital wreckage of an incident and wonder "why didn't we see this happening?"