Shostack + Friends Blog Archive



The WSJ has an article up today about how the Russians and Chinese are mapping the US electirical grid.  What I thought was more interesting was the graph they used (which is only mildly related to the article itself).

If I’m reading this correctly, the DHS is claiming that there were just under 70,000 breaches that were reported to them from somewhere.  That I’m willing to believe.  But check out that red line for Commercial there – how interesting is that?  And then compare the red bands of ’06, ’07, and ’08…

Now in interpreting the graph, I’m not sure how “complete” the DHS’s Commercial data set is.  After all, businesses will only report a breach when necessary, and it’s not clear where DHS got it’s information from.  But Commerical compared to Government is an interesting contrast (I suppose I’d be willing to put a lower “uncertainty” value on the government reported breaches number reported by DHS).  And then there’s “Individuals”.

I find it real interesting that somewhere south of 50,000 individuals told someone that they had a cybersecurity breach (I apologize for using the term “cyber”, btw). And it’s interesting that this number doubled between ’07 and ’08.  I’m not sure what to make of that, or how these numbers are arrived at.  Are these people reporting directly to DHS?  Do any readers know how DHS gets these numbers?

3 comments on "Cyber-Spies!"

Comments are closed.