Skip to content ↓ | Skip to navigation ↓

Monday on the plane, I was watching live coverage of the Boston Marathon bombings on in-flight TV, and I wondered:

What if the media covered cyber attacks the same way they cover physical terrorist attacks?

As I switched among several major news networks, there was a lot of unproductive (in my opinion, at least) speculation, “armchair quarterbacking,” and knee-jerk reactions to what happened.

On the news coverage during my flight, a lot of uninformed people with bully pulpits were speculating continuously.  I realize their job is to fill air time and hold the attention of viewers, but it still bothered me. There was a pretty wide range of styles across the network:

  • On one end of the spectrum, CNN was dramatic, but tended to stick with the facts “here is what we know so far,” and not a lot of interpretation.
  • In the middle, we saw Fox with the facts plus speculation like, “Could this be a message related to US Tax Day, since it’s April 15?”
  • On the other extreme, MSNBC’s coverage featured Chris Matthews and his guests who were already speculating that this could be a home-grown terrorist attack, due to the white smoke from the explosions.
Keep in mind this was Monday, about 90 minutes after the incident occurred, and very little was known.  This was a tragic event for those affected, and I don’t think too much speculation is helpful.

Can you imagine if we saw that kind of involvement and rampant speculation from the media (or even from executives within attacked companies) following a cyber attack?  As security incident responders, such speculation could definitely impede our ability to investigate, manage, and remediate the incident in an objective manner.

Sometimes, I think it’s best to get out of the way and let the professionals do their job and resist the temptation to jump to conclusions too quickly.

To a certain degree infosec media can fall into this trap, as well.  How many times do we see references to “Chinese IP addresses” when we know this means little to nothing in terms of attribution?  Or what about when we see articles that  make just as big of a deal out of an email database breach as they do about something much more serious like bank account or health data breaches?  Hype is not always helpful, and quantifying relative impact is important.

That said, I have seen some constructive coverage of this incident, such as Tuesday’s article from BankInfoSecurity on the problems of relying on wireless infrastructure in the event of a crisis.  I feel articles like this add to the value of our conversations around this without interfering.

What do you think?