Why Chinese Hacking Is Only Part of the U.S. Security Problem

An anonymous reader writes "Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration,' argues a U.S. Air Force cyber security researcher. 'It is technological vulnerabilities that create the ability for actors to exploit the information system and gain illicit access to sensitive national security secrets, as the previous examples highlight. Yet software and hardware developers are not regulated in the same way as, say, the auto or pharmaceutical industries.' 'The truth is that we should no longer accept a patch/configuration management culture that promotes a laissez-faire approach to cyber security."

So start demanding changes.

[khasim]

First off, demand that every software vendor provide a list of files that their product installs, where those files are installed by default and different checksums/hashes/etc for them.

It should be possible to boot a machine with a live CD (or PXE) and inventory every single file on that machine and identify the origin of each of them.

At least you'd know whether a machine was cracked or not.

Right now, with existing anti-virus, all you can say is that a machine does not have anything that matches the signatures that you have right now.

is there anyone who takes the opposite position?

[Trepidity]

That is: someone who actually argues that Chinese hacking is the entirety of the U.S. security problem?