At RSA, Chertoff plucks wrong "heartstring"

Just a minute, Michael Chertoff. I'm not disagreeing with your contention that America needs its best and brightest to contribute to the cybersecurity effort. And no one sane would claim that the threat from Those Who Would Harm Us is not great and will not grow. But I'm not moved in quite the way you might have hoped by your talk at RSA, where you claimed that working for the government on cybersecurity would be

""doing something [more] for the common good than for your own enrichment."

I can't believe this progressive's got to say this to a Republican, but sir, do not take that tone about the free market with me. There are currently and historically plenty of good reasons for smart, highly qualified security folk to stick to the non-DC side of the military-industrial complex. A few off the top of my head:

- We're way ahead of you. The politest word I've got for government security efforts over the last, oh, 60 years or so is shambolic. (Readers who doubt me are recommended to Legacy Of Ashes: The History Of The CIA, that absolutely scorching tome by Pulitzer winner Tim Weiner.) Regular readers in this space are familiar too with DHS's thickheadedness. In any case, security folk are in far too scarce supply to be thrown into what is, at the moment anyway, an administrative quicksand pit. Talk to security folk and build an appropriate system, then ask us to step in and get cracking. I don't care how bright the would-be pioneers are -- if they have to wait around for you DC mooks to work out the administrivia, they'll be about as current as a 5.25" floppy.

- Ideology and tech don't mix. The administration now concluding has proven particularly disastrous for federally funded researchers in any reality-based discipline. Scientists in particular have expressed horror at systemic quashing of facts by ideologues. Why should we give you our best work if it's likely to be dismissed or gutted by a politician who believes that the facts are something s/he can make up to fit her or his ideology? And, on a related note, what are you going to do if the best and the brightest don't share your political beliefs?

- We've heard what you're like over there. Ancient machines, fossilized info-sharing packages, e-mail carved on stone tablets? Some purchasing program you've got there, guys. Sucks to be you.

- What makes you think the private sector doesn't address the common good? Funny, but I see a lot of companies out here who work hard for something beyond the paycheck, and who work hard to contribute to the group mind and to the general security-welfare. In fact, you don't work as hard as some of our smartest security folk do if you're in it just for the loot. We understand that security clearances and bragging rights are sort of incapable of co-existence, but if you think it's only about the paycheck, you don't get the culture well enough to be hiring folk.

There's no denying that security is big, big business these days, and it may be that the era of the for-the-glory hacker is truly over. But as long as you mistake money for a primary motivator of top-drawer security researchers, you're never going to get the guys who can really save the world.