I get around a lot, and I mean that in the nicest possible way. Over the decades there seems to have been a seismic change in the government and organisational view of operational security and exactly what the function and charter of that role entails.
There have been some rather large changes along the way, probably the largest two have been the concept of information (as opposed to data) and privacy (in the personal information sphere).
However what I have witnessed has been the move over the past five years or so from one of optimism (in that we can build secure systems, PGP is a good example, TOR another), to one of resignation (risk assessment and classification) and the mentality which goes along with that—of accepting there is a good chance that at some stage, the flag will be taken.
We now see state sponsored information harvesting, and while the majority of the data is simply innocuous, there are threats, but there are also trade and corporate secrets out there in the ether.
So my question to the community from business, government and personal perspectives is; has the war been lost? And if so what is the cost and implication?