Deliberation of "National Strategy to Secure Cyberspace"

An anonymous reader writes "Per the Federal Register the National Infastructure Advisory Council will have a public meeting (telephonically) from 3:00 pm to 5:00 pm EST on 1/8/2003 to deliberate on the National Strategy to Secure Cyberspace. 'Written comments may be submitted at any time before or after the meeting.' Details can be found in text format or in PDF."

opinions:

[SHEENmaster]

Libertarian: Leave cyberspace alone.
Linux: Leave cyberspace alone.
/.: Leave cyberspace the fuck alone.

Conclusion? "Cyberspace" isn't under anyone's control because it can't be bought, sold, or bribed.
U.S. law on the other hand, can be bought and sold like trading cards.

Centralized exchanges

[buss_error]

I was listening to NPR a few days ago (YES, I am a libral. That means I don't want to see your kids starve just because you are a crack head or kick the bucket.) and they were talking about centerlizing main internet exchanges to "protect them from terrorists." Now, I thought that odd, because the Internet was originally designed decenteralized to avoid any one node being knocked out (by nuke) and cutting off those not vaporized.

So I asked myself, how can centerlizing the internet prevent terrorists from taking out large chunks of the system? Answer: It can't, and in fact makes it easier to do so. But it does make intercepting e-mail much easier.... Ahh. That's the REAL answer.

Re:Keep yer cool

[XaXXon]

Jesus christ, people..

This is the second anti-RMS comment I've had to respond to in the past couple hours (first one).

What the heck does this have to do with RMS? RMS talks about freedom of software. This isn't even related to him in the slightest.

If you read the article, you'd see that the National Infrastructure Advisory Council "advises the President of the United States on the
security of information systems for critical infrastructure supporting
other sectors of the economy, including banking and finance, transportation, energy, manufacturing, and emergency government
services." And while RMS might have feelings about this, software Freedom doesn't come in to play.

I really wish bashing RMS wasn't so trendy on /. these days.

Isnt this plan an impossible boondoggle?

[rufusdufus]

My understanding is that what they want to do is require or ISPs to monitor all users and give all information to the goverment.

Isnt this basically impossible? First off, the bandwidth requirements alone would make the process unfeasable. The whole reason the internet is a called a network and not a bus is that the information is distributed. This distribution is what makes the internet possible. Funneling all the information into centralized locations would violate the network topology.

Next, many ISPs are not registered or licenced to be ISPs. What defines an ISP? Does my wi-fi count? Policing this would a complete farce, especially with freedom advocates taking every opportunity to bypass and befuddle the law.

Next, any terrorists/criminal would start using (if they are not already using) at least simple encryption which would not generally be detectible by monitoring bots. The amount of effort to avoid even the most sophisticated monitoring would be quite small.

Also, if all this data were stored up in some central location, wouldnt that be the best place for hackers to crack to get vast amounts of info? Has anyone ever made an uncrackable system connected to the public networks?

Over heard at the meeting...

[El+Camino+SS]

"There really is only one way to secure cyberspace as we know it. We need to create in secret an army of clones to protect us from all of our enemies."

-AZ Sen. James Palpatine (D)

GGardner's corollary to Godwin's law

[GGardner]

the Internet was originally designed decenteralized to avoid any one node being knocked out (by nuke) and cutting off those not vaporized

I would like to propose a corollary to Godwin's law: In any online thread, any mention about how the Internet was designed to survive nuclear attack immediately terminates that thread.

Re:GGardner's corollary to Godwin's law

[Ellen+Ripley]

... any mention about how the Internet was designed to survive nuclear attack immediately terminates that thread.

550 THREADTERM (nuclear)
223 DETECT THREADTERM (nuclear)
224 ACK THREADTERM (nuclear)
227 REROUTING TO ALTERNATE THREAD SERVER

Banks et. al. run on private networks

[msobkow]

Banks run on private networks like SWIFT, not on the internet. Your personal account might have some kind of web access, but not the intra-bank network.

The same goes for any large enterprise that gives a damn about their security and reliability. The internet is unreliable, insecure, and can never be anything but by the very nature of it's design. (Note: fault resilience such as rerouting around failed nodes is not the same thing as fault tolerant -- the segments behind the failed node are still unreachable.)

When you say they "aren't trying to control cyberspace", I just have these visions of the founding fathers of the US inscribing "the right to bear arms" with the intent of allowing the country to defend itself, and the modern twisting of those words to justify possession and use of assault weapons and handguns far beyond the defense of a nation.

I look at the "temporary" income taxes that were to pay for war costs, which are still in place and increasing.

I look at the insanity of a "War on Drugs" that destroys the careers of hundreds of thousands of people for smoking a joint, while the death toll on the highways and roads due to "legal" drunk drivers continues.

I look at Hollings & co. selling out to the entertainment industry, even though it damages an IT industry worth many times that amount to the nation.

Trust them? Sure, I trust them. I trust them to steal my income, invade my privacy, interfere with my life, and ignore our objections to what is rapidly becoming a police state.

Thank God I'm getting out of this screwed up country in a few days. Maybe in a few years after the American people have revolted against the insanity it will be safe to come back with the expectation of being allowed to live without excess interference from a corporate-run government.

Re:this is big..

[ceejayoz]

You sound lost. Perhaps you're looking for this thread?

Government's definition of "Secure".

[billstewart]

When the government talks about securing something, they don't mean the same things that your or I would mean.

• The Air Force's definition is "Write a purchase order to buy one."
• The Navy's definition is "Tie it down so it doesn't roll or bounce around."
• The Marines' definition is "Machine-gun it and post an armed guard once you're sure they're all dead."

They've already got their own Milnet, so they're not trying for the Air Force approach....

Democracy vs Safety

[chipwich]

The US was founded on the recognition that all governments tend, sooner or later, to oppress their citizens. Thus, the only government which wouldn't be oppressive is one that is of, by, and for its citizens ("the people").

We're at a pretty critical crossroads now, where the rights of large organizations (corporate and governmental) are at a precarious balance with the rights of individual citizens. In particular, democracy coming into direct conflict with safety, and, in other arenas (such as intellectual property issues [eg, RIAA, MPAA]), clashing directly with capitalism.

If the government feels that the best way to ensure safety is to prevent the unfettered, unmonitered flow of individuals, then one has to ask how true democracy can really be practiced.

The "war on terrorism" threatens to turn us from a nation-of-rules to a nation-of-men. Once we entrust *any* group of people to regulate us with minimal checks and balances, then any sense of democracy will is doomed. I can't think of a better environment for abuse then monitoring virtually all electronic communications between private citizens.

Imperfect security is the price we pay for our democratic ideals. This is a price I think most of us are willing to pay for our freedom.

There *is* no backbone

[billstewart]

A long time ago, when the Internet was still the Arpanet, there was a backbone, because that was the easiest way for different routers to find each other, though there was sometimes other connectivity in local areas - not the kind of thing that could actually survive a nuclear war or even a well-planned collection of car bombs, despite all the theory about being able to route around damage. The current commercially-run internet doesn't have a backbone, and there's vastly more diversity. Depending on who's gone Chapter 11 this week, there are one or two dozen big "Tier 1" ISPs that carry the bulk of the traffic in the US and from the US to Europe and Asia. Most people are familiar with the big peering points like MAE-West and MAE-East, but in practice somewhere between 95-99% of the traffic between the Tier 1 ISPs is carried on private peering connections, though most of those are in the same cities as the big exchange points. I'm not sure how much of Europe's traffic is dependent on LINX and AMSIX, and while KPN-Qwest may have carried about 1/3 of Europe's traffic before its bankruptcy, it's dead now, with the traffic moved to other carriers. Asia seems to be a lot less centralized, except for the Great Firewall of China.

An important part of network design is understanding what traffic is going to "nearby" locations, and designing things so most traffic stays local and doesn't use expensive or scarce facilities - things like putting big hulking routers in San Francisco and San Jose so traffic between Silicon Valley companies stays in the South Bay and Multimedia Gulch companies stays in the City without needing to use too much bandwidth around the Bay, much less sending copies of all of it on three-part-carbon forms to NSA's Fort Meade, Ashcroft's J. Edgar Hoover building, and Dick Cheney's stockbroker before delivering it.

That doesn't mean that there weren't rumors from reputable sources a few years ago about active wiretaps on MAE-West sending extra copies of some packets to somebody else, or that the Russian renamed-KGB's 1998ish SORM (another URL) project didn't try to force Russian ISPs to build a full-sized wiretap feed to them (at the ISPs' expense, of course) or that there aren't Eurocrats trying to do the same thing in their countries today. And then there's the whole Echelon Wiretapping System. But it's still impractical for them to force ISPs to deliver everything everybody's reading or emailing, though I'll be happy to send them copies of most of my spam if they'd like.

On the other hand, the publicly-accessible parts of the web aren't all that big. The Wayback Machine has a copy of all of it, with reasonable samples going back a long time, and Google and the other search engines crawl it periodically, and AllTheWeb.com presumably claims to have All The Web.