The problem in using PDFs as a method of disseminating security information
When I first started in journalism 20 years ago I could only dream of access to the information contained in documents such as those just released by ENISA: a who’s who in security throughout Europe, and individual reports on the status of network and information security (NIS) in each of the EU countries. But today I can’t help thinking that big bureaucratic bodies are missing a trick.
I scanned parts of the Who’s Who relevant to the UK. Much of the information I am aware of in principle. Many of the contacts and details I already have somewhere or other on one or other of my computers. But to have it all in one place – that’s useful!
I came to CPNI. I have a passing interest in CPNI because of a longstanding interest in its WARP programme. The document says, “A government authority, CPNI provides protective security advice to businesses and organisations across national infrastructure.” So I clicked the link to see if anything had changed since my last visit.
It has a section called ‘Infosec Briefings’, containing a sum total of six briefings. All PDFs. One is called Social engineering against information systems. As it happens, I am currently writing an article for Infosecurity Magazine on social engineering – so I had a look. It was written four years ago. There is no mention of social networking. Facebook, Twitter and LinkedIn do not appear.
Next I glanced through the UK Country Report. Again, it provides masses of information. But there’s not a single mention of the Digital Economy Bill or Act. And bear in mind we’ve just had a change of government with very different views on security and civil liberties. It won’t be all change – but there will certainly be some change.
This is my complaint. Things change fast. PDFs do not. They present a slice of history, but they present it as contemporary fact; and that is misleading and potentially dangerous. By the time a major document is produced and released as a PDF report, it is inevitably out of date. Surely it is not beyond the wit of man to develop online databases of information that are continuously updated, and therefore accurate? Isn’t that what Wikipedia was invented for?