Slashdot Mirror
Who Protects the Internet?
strikeleader writes "TechCrunch has an article from an interview with General Kevin Chilton, US STRATCOM commander and the head of all military cyber warfare.
Who protects us? 'Basically no one. At most, a number of loose confederations of computer scientists and engineers who seek to devise better protocols and practices — unincorporated groups like the Internet Engineering Task Force and the North American Network Operators Group. But the fact remains that no one really owns security online, which leads to gated communities with firewalls — a highly unreliable and wasteful way to try to assure security.'"
Meh. The question really should be "Who protects the Internet from being used as a military asset?" Cause that's all this guy is talking about.
How we know is more important than what we know.
And thats the way I like it. Please keep the government's greedy and controlling hands out of this.
The magical number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
What's the alternative? Globalized security, courtesy of Big Brother?
Don't good fences make good neigbors?
I suppose it's wasteful, in code, for module entry points to validate parameters, too. :)
I don't think you want to centralize anything like that, at least not to the exclusion of everyone having local protections. Your firewall is under your control and you can make it as secure or unsecured as you want it.
If you want the cyberspace equivalent of a national army, you're just asking to have lots of power taken away from you and given to someone else. That being said, I think there is a case for prevention of nations attacking other nations en large, or 'war by other means'.
but carry it too far and you end up destroying the global feel of the internet - you'll end up with cyber borders as bad as our real borders - checkpoints you can't cross without 'your papers please'.
The idea that 'someone' 'owning' 'security' would somehow provide us with more online protection I find unbelievably stupid and ignorant. If you open your eyes you'll realise we wouldn't even have the internet if it weren't for essentially random collections of like-minded people each contributing a piece of the puzzle - it's called evolutionary process, and nothing any businessman or politician has ever invented has come close to it's effectiveness.
"But the fact remains that no one really owns security online, which leads to gated communities with firewalls -- a highly unreliable and wasteful way to try to assure security."
Actually, it is far more secure that way, if one organization did somehow owned all security online, the internet as a whole would be much less security because now you have a single point of failure. Once someone exploited that vulnerability, the entire Internet as a whole would be affected. Also I get the feeling from the article that what they are really after is not necessarily security, but CONTROL of the Internet. Lastly, that man DOES NOT protect the Internet in any way, shape or form. He might be responsible for the USA military Intranet, but that's about it. Stop the fear-mongering already.
Nobody owns security offline either, and nobody should. If you own something, or care about something, you protect it. Some things have additional protection from the police or the military (e.g. I have a reasonable expectation that the police will prevent me from getting beaten up in some circumstances), but in the most part "the authorities" have a fairly punitive deterrent role. But anything that needs special protection gets it: got valuables in your house? Alarm, strong doors, insurance. All privately paid-for and provided. Got valuables on your computer? Backups, firewall, antivirus. Also privately provided.
Basically, the people who care about things know how much they're worth protecting. It isn't sensible to have military-grade security around my old Corolla, but my laptop's pretty secure because it's got a few worthwhile things. If the good General has infrastructure or secrets worth protecting, he should protect them. If it makes sense to exploit economies of scale and worth with other branches of the community, great.
It's also not true that there's a loose confederation of people (Vixie & co) protecting the internet. There are plenty of people around who want to protect or improve their own reputation, and security is one of those ways. If the military wants contact points in the wider security community, they shouldn't be looking for an owner, but they should be working with reality: getting out there making those contacts.
Normally I think such anarchy is stupid, but in this case it actually is common sense.
If you want the cyberspace equivalent of a national army, you're just asking to have lots of power taken away from you and given to someone else.
All those spammers building botnets, eventually, they're going to become "security companies". Nice web site you've got there, it'd be a shame if no-one could get to it. Once they start collecting taxes from a large enough group of people, they become a "legitimate" police force. After all, they don't want anyone else building a bigger botnet than theirs.
How we know is more important than what we know.
I hope you don't support Net Neutrality, because that is the Trojan Horse for government regulation of the Internet.
I find your rampant speculation refreshing
Attics are terrible, all the heat gets trapped there! Just think of how many fewer computers you can viably run.
Game! - Where the stick is mightier than the sword!
and the "internet" is the chaos that arises from connecting all these networks together.
My organization needs to make its own decisions on what policies it need to implement on its network.
Communications between my college and many strange corners of the globe occur daily. If I dropped kerberos at my borders, Xbox wouldn't work anymore, and I would be risking bodily harm from the rioting mobs.
Now, if a federal department had such traffic crossing its borders, they'd have a rapid deployment team there within minutes to figure out what happened.
Anyone who tells you that security can be solved easily is probably trying to sell you something...
Never ask for directions from a two-headed tourist! -Big Bird
"It had to be destroyed to be saved."
Several governments are already making progress on this game plan.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
The "Internet" has become something of a quandry. It's humble beginnings were brilliantly designed to propogate information, provide a powerful environment for collaboration, and provide an extensible virtual universe for spreading and preserving human thought, and projects of discovery. It's one weakness was that it was designed by intelligent, responsible, and compassionate people expecting that in the vein of collaboration and workability, that future users would be likewise intelligent, responsible, and compassionate.
Much to the chagrin of humanity, a vast hoard of virtual Mongols (or equally apropos "mongrels"), have used the internet as their personal toilet, slim-jim, bludgeon, and/or weapon of mass destruction. Sadly in a free environment, you have to cope with the worst in people, to support and empower that which is best.
The first problem is to get crystal clear about what doesn't work with the current system. Whether the available cures are(n't) worse than the disease, and how we might implement meaningful solutions without breaking, impeding, or prevent those things which are best about the internet. Security means different things to different people. Protecting people from stupidity, laziness, or the worst in their own natures might well render the broad networks by which people collaborate and invent the future, functionally unusable. Making the worst of what people do very difficult, while preserving the general freedom, and clear capacity for people to share ideas, impart mutual wisdom, and promote what Shakespeare referred to as "Our better natures", demands vision, foresight, and a profound commitment to integrity.
The first and most essential thing we can and must do, is create an environment that promotes human enterprise, without selling off the very things than make the internet valuable to people.
" Who Protects the Internet?" No one yet. And thank God for that.
And the opposition to it is led by those companies who want to be the looters instead. However, as commonly known, the government is inefficient; so it is also inefficient in censoring the Internet. Thus, government control is preferable to corporate control, because it is less likely to be effective.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Who protects us? 'Basically no one. At most, a number of loose confederations of computer scientists and engineers who seek to devise better protocols and practices
I.e. the talented people who developed the technology in the first place, and their successors.
â" unincorporated groups like the Internet Engineering Task Force
You mean the people who managed one of the most staggeringly successful collection of interoperability standards that, post-OOXML, makes the ISO look like a bunch of clowns?
I think we're in safe hands - we'd be in even safer hands if the gubment got on with its job of enforcing the anti-trust laws and fixing the patent system leaving the IETF et. al. to get on with thiers.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
To truly secure any data stream you have to be able to control it at all points from start to end. If people think that government or large group based security is not going to involve a crapload of lobbied for add-ons and censorship they don't understand the nature of lobbyists.
The best kind of Security for an open and free(as in rights) internet is individual security. Our computers are something we (or the local network admin) have control over.