Prior to the Russian invasion of Ukraine, the infosec industry was hard at work pumping out warnings one after the other that "cyber war" was on the horizon. Everything was canvassed, except the end of the world as we know it.
[The industry has been using similar tactics to sell its wares — which often make things worse — ever since it came into being.]
Now, after more than three weeks of fighting, there has been hardly a squeak as far as this "cyber war" goes. Not even the sound of a trumpet. So, naturally, some of the better spinmeisters in the infosec community are coming out to try and justify the pre-invasion hysteria.
Stamos, of course, was once Facebook's chief security officer and one who could bowl a better googly than even Bernard Bosanquet. One recalls his valiant bid to try and blame Facebook's inability to keep fake news off its channels on "the algorithm".
Stamos and his ilk can peddle their outrageous claims because nobody in the US tech media will call them out. No, if anyone did, they would lose access to "news stories" and also risk not being invited over for the occasional drink and junket. Where have all the good old British cynics gone?
But back to Krebs. Given that he is a former head of the US Cyber Security and Infrastructure Security Agency, it probably wasn't too difficult for him to get his spiel published by a well-known and seemingly reputable platform: London's Financial Times.
It's a bit risible that while Krebs admits at every turn that the cyber prophets of doom have turned out to be wrong, he goes back to the old defence: "At least, not yet." Yes, doomsday is still around the corner, just waiting for the traffic light to turn green.
He cites the attack on satellite broadband provider Viasat that disrupted its operations in Europe - but is forced to admit that no connection has been made to Russia. Then why mention it? Did I hear someone talk about red herrings?
And then Krebs adds a caution, probably to himself first: "We also need to be realistic about the role of cyber attacks — they are not in the same league as the tools of conventional warfare."
In writing that, he has punctured a balloon that every infosec firm on the face of the earth pumps full of hot air at the slightest opportunity. What would the infosec industry be without the daily diet of fear and the Chicken Little-style sky-is-falling-on-your-head warnings?
Krebs tries to offer some reasons why Russia's "proven capabilities" took what he refers to as a back seat in whatever strategy it used against Ukraine. To him. it "seems" [note, nothing definitive yet] that the planning was kept to a small group that "may" [again hypothetical] have left out the cyber warriors.
He also claims that the lack of "cyber war" tactics may have been due to the fact that they were not needed. Ah, but where was this reasoning before the invasion? Probably didn't serve the strategy of the West at that point.
Following this, Krebs indulges in loads of spiel that has nothing to do with the invasion: Vladimir Putin is a bastard, things are getting worse for Moscow, "cyber warfare" may still eventuate as conditions in Russia deteriorate, Western support for Ukraine may have deterred these anticipated attacks etc etc.
He also cites the alleged poisoning of Russian dissidents, both in that country and abroad, but fails to mention the connection between these acts and "cyber war".
One might add here that Dr Lennart Maschmeyer, a senior researcher at the Cybersecurity Centre for Security Studies run by ETH Zurich, a public research university in Switzerland, dismissed this "cyber war" hysteria a week ago.
"In theory, everyone can become a billionaire. In practice, it is extremely difficult though - very, very few make it. The same is true for cyber operations to produce strategically relevant, and useful, effects as my research has shown," he told iTWire.
I await Stamos' contribution to this debate. If anything, one should be grateful to these infosec professionals as they provide plenty of fodder for a good op-ed, especially on a Monday morning.