Since the beginning of the cybersecurity FUDgasm from Congress, we’ve been asking for proof of the actual problem. All we get are stories about how airplanes might fall from the sky, but not a single, actual example of any serious problem. Recently, some of the rhetoric shifted to how it wasn’t necessarily planes falling from the sky but Chinese hackers eating away at our livelihoods by hacking into computers to get our secrets and destroy our economy. Today, Congress is debating CISPA (in secret) based on this assumption. There’s just one problem: it’s still not true.

The 27 largest companies have now admitted to the SEC that cyberattacks are basically meaningless and have done little to no damage.

The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen.

MetLife Inc., Coca-Cola Co. (KO), and Honeywell International Inc. were among the 100 largest U.S. companies by revenue to disclose online attacks in recent filings with the Securities and Exchange Commission, according to data compiled by Bloomberg. Citigroup Inc. (C) reported “limited losses” while the others said there was no material impact.

So what’s this all really about? It goes back to what we said from the very, very beginning. This is all FUD, engineered by defense contractors looking for a new way to charge the government tons of money, combined with a willing government who sees this as an opportunity to further take away the public’s privacy by claiming that it needs to see into corporate networks to prevent these attacks.

If this was a real problem, wouldn’t we see at least some evidence?

via As Congress Debates CISPA, Companies Admit No Real Damage From Cyberattacks | Techdirt.

…check some history:

http://en.wikipedia.org/wiki/Bomber_gap

The “bomber gap” was the unfounded belief in the Cold War-era United States that the Soviet Union had gained an advantage in deploying jet-powered strategic bombers. Widely accepted for several years, the gap was used as a political talking point in order to justify greatly increased defense spending. One result was a massive buildup of the United States Air Force bomber fleet, which peaked at over 2,500 bombers, in order to counter the perceived Soviet threat. Surveillance flights utilizing the Lockheed U-2 aircraft indicated that the bomber gap did not exist. Realizing that mere belief in the gap was an extremely effective funding source, a series of similarly nonexistent Soviet military advances were constructed in a tactic now known as “policy by press release.”

http://en.wikipedia.org/wiki/Missile_gap

The missile gap was the term used in the United States for the perceived disparity between the number and power of the weapons in the U.S.S.R. andU.S. ballistic missile arsenals during the Cold War. The gap only existed in exaggerated estimates made by the Gaither Committee in 1957 and in United States Air Force (USAF) figures. Even the CIA figures that were much lower and gave the US a clear advantage were far above the actual count. Like thebomber gap of only a few years earlier, it is believed that the gap was known to be illusionary from the start, and was being used solely as a political tool, an example of policy by press release.

http://en.wikipedia.org/wiki/Policy_by_press_release

Policy by press release refers to the act of attempting to influence public policy through press releases intended to alarm the public into demanding action from their elected officials. The practice is frowned upon, but remains effective and widely used. In modern times, the term is used to dismiss an opponent’s claims, suggesting they are lacking in substance and created to generate media attention.

Now: Compare with:

You Call This an Army? The Terrifying Shortage of U.S. Cyberwarriors.

The United States doesn’t have nearly enough people who can defend the country from digital intrusions. We know this, because cybersecurity professionals are part of a larger class of workers in science, technology, engineering, and math–and we don’t have nearly enough of them, either. We’re just two years into President Obama’s decade-long plan to develop an army of STEM teachers. We’re little more than one year from his request to Congress for money to retrain 2 million Americans for high-tech work (a request Republicans blocked). And it has been less than a month since the Pentagon said it needed to increase the U.S. Cyber Command’s workforce by 300 percent–a tall order by any measure, but one that’s grown even more urgent since the public learned of massive and sustained Chinese attempts at cyberespionage last month.

Where are Cyber Command’s new hires going to come from? Even with so many Americans out of work, it isn’t as though there’s a giant pool of cyber professionals tapping their feet, waiting to be plucked up by federal agencies and CEOs who’ve suddenly realized they’re naked in cyberspace. In fact, over the next couple of years, the manpower deficit is only going to get worse as more companies come to grips with the scale of the danger.

Demand for cyber labor is still far outstripping supply, Ron Sanders, a vice president at Booz Allen Hamilton, told National Journal in a phone interview. “With each headline we read,” he said, “the demand for skilled cyber professionals just increases.”

The number of industry employees is already growing at double-digit rates. A new report released Monday finds that the number of people working in the cyber field is going to grow worldwide by 11 percent every year for the next five years. In North and South America, according to the paper–published by the International Information System Security Certification Consortium (ISC2)–that will mean almost a million more workers in the field by 2017. Many of them will be highly qualified. But not all of them will be in the employ of U.S. entities, to say nothing about working in the United States itself.

“…doomed to repeat it.”

I am wondering if we are going to end up with people who are skilled in security getting quite literally drafted in order to quell the panic?