“The best defense against something like Stuxnet could not possibly be a strong offense – how can you pre-empt something unknown that was released without attribution? Stuxnet was exactly adequate for its job. How do you prevent such a thing from working on you? You do exactly the opposite of what we’re doing everyplace: you in-house security, in-house IT, and begin to build your infrastructure so that there are unpredictable and unknown barriers within it, including critical sections that are air-gapped and closely monitored. Yes, that is expensive and inconvenient. The question is whether the alternative is even more expensive and inconvenient.”
And that is why outsourced government clouds will not work. We only have to wait until the first major event to see this. The lean behavior is to build people so as to control the infrastructure. Short term cost cutting practices are for bonus hunters who will be long gone (disclaiming any responsibility) when disaster strikes.
Won’t “free market” advocates love this, I wonder.