It is interesting to note that the Public Health Service takes the cybernetic equivalent of hand washing seriously — not. I have been in too many businesses where despite written policies about personal use of computers it is too common to see staff surfing in their (hopefully) off minutes. Back when the Internet was first becoming an information source, the brokerage house I worked for had long discussions about how to make the service available without compromising the security of the internal network. There were no happy solutions. And over the years this situation has not improved.
Seems there are a couple of problems that intertwine, in my estimation, making this problem far more serious. One, people simply do not see the difference between a computer that they have on their desk at work and the machine at home — if they have the urge at the moment to surf for something they do it, regardless of whether it is relevant to their job. Two, enforcement by network monitoring, system policies and the like is messy and difficult and few places have the resources to do it. Three, the messiness of the web world makes it far too easy for malefactors to spread their stuff. And four, there is a general lack of appreciation as to how serious the problem is — it is invisible until it messes up a large scale system like the one in the article.
Over the weekend a favorite website of mine was hacked. It is an obscure religious site that has a practice of posting a new meditative quote daily. I find it very therapeutic to read these words of wisdom. The code did nothing overt, it just planted a small file on the users machine that would send information back to a site in China. What was it doing? Was this an attempt to plant the seeds of a cyber invasion? The problem was identified by accident and easily corrected. Registered users were all notified and appropriate scans were done by all — but since it was something new there is no guarantee that there is not something there, just that the scanners did not spot anything recognizable.
Makes me wonder how much stuff is out there that we are blissfully unaware of? Is some foreign power using our reliance on poorly protected and administered general purpose computers to lay the groundwork for a future invasion? (Just think what could happen if someone could shutdown all the computers in banks, utilities and hospitals on command. Complete control without firing a shot.) In the meantime we go on out merry way, cheerfully deploying ever more complex applications that we neither fully understand nor are capable of protecting. And then the users go surfing for porn or free music or shopping bargains in between updating drug inventories…
I don’t know about anybody else, but it makes me long for the ugly days of purpose-built 3270 screens that just did their job. At least then the users did not have the choice of opening their business systems up for infection. It was better than hand washing, though much less fashionable.