[debate] cyber defenses
Alan Light
alanlight at yahoo.com
Sat Jun 6 12:08:25 UTC 2009
Since there are a number of computer security professionals on this list, I thought this article might get a conversation going:
http://www.thedailybeast.com/blogs-and-stories/2009-05-29/obamas-cyberwar-misfire/p/
I came across it on another list, and a few things popped into mind.
(1) Quote: "Cybersecurity is not like protecting a cannon or some nuclear fissile material. The barbarians are not at the gates. They're inside your PC right now, or just behind that banner ad—the fake one telling you there's a spybot on your hard drive and to "click here" to remove it. Because of the 'Net's decentralized nature, cyberwarfare is less like an artillery battle than it is like hand-to-hand combat."
Despite the scare-of-the-day tactics, the author is correct that a top-down bureaucracy is unlikely to be sufficient (and might even be counterproductive, as usual).
(2) Quote: "Our vulnerabilities are the passwords they "phish" from us by faking messages from the bank, the Social Security numbers they pry from poorly managed university servers, and the computer-processing power they rob from the laptops of millions of porn users whose hard drives are now nodes in our enemies' bot-nets."
In other words, of the three major weaknesses the author notes, one involves government-issued identity numbers that were originally explicitly intended only for use within the social security system, but have evolved into a national identity number which makes identity theft much easier, especially when they are not secured properly (frequently by government agencies, all of whom require the numbers), and another involves the social and legal stigma attached to pornography, which has given attackers inroads to create bot-nets and compromise the security of everyone.
The obvious lesson is that instituting means of top-down, centralized control on a society makes that society more vulnerable to catastrophic disruptions or incursions. Unfortunately, the lesson that all governments will take from this is that they need to try even harder to control everyone and everything.
(3) Quote: "Instead of learning how to program a computer, our kids learn how to use one as it has been delivered. In a computing marketplace where altering one's iPhone will "brick" its functionality and where user improvement to programs is treated as an intellectual-property violation, it's no wonder we have adopted the attitude that our technology is finished and inviolable from the minute it has been purchased."
Again, attempts at centralized control (whether by governments, or by businesses that enjoy a government-backed monopoly) tend to weaken society.
What do other members on the list think?
Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://whitestar.linuxbox.org/pipermail/debate/attachments/20090606/edea4c04/attachment.htm>
More information about the debate
mailing list