I was listening to the rerun of File On 4 this evening, and a chap from the FBI said something very sensible about Cybersecurity.
Albeit the programme itself was nothing to do with cybersecurity and its tone was mildly hysterical in conflating domestic DIY-biologists and science experimenters - complete with fearsome plans downloaded from the internet - with anthrax outbreaks, vox-pop Oxford ethicists, and preparedness for "Olympic bioterrorism".
Oh, and the destruction of humanity was mentioned.
But still a FBI agent (from the Weapons of Mass Destruction Directorate) said something very clever about how to deal with biosecurity, and therefore how to deal with security in general, and thus how to deal with cybersecurity:
FBI Special Agent Edward Yue said:
Our approach is providing [the biology research community] the situational awareness that there are these risks and concerns [of bioterrorists manufacturing bioweapons] - and it's basically how do we empower [the community] to be able to have the ability to identify possible security concerns or potential criminal activity and take action? We're establishing what I like to call a neighbourhood watch-type type mentality...
And are you confident that that is sufficient to deal with the potential for harm which these biological techniques could introduce into the hands of someone who wishes us great ill?
It's gonna be an evolving process, right? Because of the fact that the science in all these different realms are moving so rapidly, it's going to be very challenging to get the requisite regulations or statutes to cover these very concerns that you're mentioning. So that's why our stance is to be proactive...
So your idea is that this will be a self-policing group of amateurs?
The impression I get is that the horse has already left the stable, and you're trying to come up with ways of dealing with its potential for bad behaviour? Is that right?
Partially. You're right on the fact that the horse has left the barn but that's been the case with the life-sciences for decades now; there's only a limited number of personnel in the law-enforcement arena, but then it's untenable to put everything on lockdown and provide oversight. That won't address the other potential issue of it becomes so onerous for the scientist to engage in their work we [would be] stifling, potentially, advances in beneficial technologies and solutions
(Minor edits in [brackets])
This community engagement is basically sound thinking - and it's not due to lack of funding because the US has spent $60 billion over a decade on biodefence; doubtless a lot of that has gone on complex projects and training, but the fact that at the end of that the FBI's approach is still to work with the community - to make them threat-aware and have them self-policing is very interesting.
Likewise for information security: I would greatly support efforts to spend money on grassroots community building over regulation, certification, monitoring and interception.
The programme also went to considerable lengths to suggest that biology research today is only slightly more complex than cookery, and took time to compare and contrast big "Level 4 Containment" research labs - with airtight doors and showers - with the home-brew equivalents made from bric-a-brac.
Strange to consider then that the laptops used by even the most elite of security pentesters use are precisely the same as those of any (other?) teenager.
 18Mb MP3 at the BBC
 spelling may differ, audio citation only