Slashdot Mirror
Who Protects the Internet?
strikeleader writes "TechCrunch has an article from an interview with General Kevin Chilton, US STRATCOM commander and the head of all military cyber warfare.
Who protects us? 'Basically no one. At most, a number of loose confederations of computer scientists and engineers who seek to devise better protocols and practices — unincorporated groups like the Internet Engineering Task Force and the North American Network Operators Group. But the fact remains that no one really owns security online, which leads to gated communities with firewalls — a highly unreliable and wasteful way to try to assure security.'"
Military Intelligence is truly a ridiculous concept. Anyway, who's playing quake with me on NSA supercomputers tonight?
I don't think you want to centralize anything like that, at least not to the exclusion of everyone having local protections. Your firewall is under your control and you can make it as secure or unsecured as you want it.
If you want the cyberspace equivalent of a national army, you're just asking to have lots of power taken away from you and given to someone else. That being said, I think there is a case for prevention of nations attacking other nations en large, or 'war by other means'.
but carry it too far and you end up destroying the global feel of the internet - you'll end up with cyber borders as bad as our real borders - checkpoints you can't cross without 'your papers please'.
I thought that was Slashdot's job ;-)
It ain't what they call you. It's what you answer to. http://mylyceum.us/
I wish I had mod points today, I would mod you insightful.
It can't be protected without having control of it.
The single best thing about the internet is that no one has full control of it. Had it been controlled by government or industry, it would be a miserable little shadow of what it is today.
The idea that 'someone' 'owning' 'security' would somehow provide us with more online protection I find unbelievably stupid and ignorant. If you open your eyes you'll realise we wouldn't even have the internet if it weren't for essentially random collections of like-minded people each contributing a piece of the puzzle - it's called evolutionary process, and nothing any businessman or politician has ever invented has come close to it's effectiveness.
Your actulally quite right. The internet is a collection of networks not necissarily IP based. A majority of attacks exist on the IP side. Wide area networking technology carries all traffic regaurdless of the payload. If there is an attack on the border of your internal IP network the WAN cares not. If your border is penatrated and a connection is made to create another network, again the WAN doesn't care. Can the internet be taken down? Not if you have skilled and knowledgeable Information Security officers maintaining the network you reside on.
"But the fact remains that no one really owns security online, which leads to gated communities with firewalls -- a highly unreliable and wasteful way to try to assure security."
Actually, it is far more secure that way, if one organization did somehow owned all security online, the internet as a whole would be much less security because now you have a single point of failure. Once someone exploited that vulnerability, the entire Internet as a whole would be affected. Also I get the feeling from the article that what they are really after is not necessarily security, but CONTROL of the Internet. Lastly, that man DOES NOT protect the Internet in any way, shape or form. He might be responsible for the USA military Intranet, but that's about it. Stop the fear-mongering already.
Nobody owns security offline either, and nobody should. If you own something, or care about something, you protect it. Some things have additional protection from the police or the military (e.g. I have a reasonable expectation that the police will prevent me from getting beaten up in some circumstances), but in the most part "the authorities" have a fairly punitive deterrent role. But anything that needs special protection gets it: got valuables in your house? Alarm, strong doors, insurance. All privately paid-for and provided. Got valuables on your computer? Backups, firewall, antivirus. Also privately provided.
Basically, the people who care about things know how much they're worth protecting. It isn't sensible to have military-grade security around my old Corolla, but my laptop's pretty secure because it's got a few worthwhile things. If the good General has infrastructure or secrets worth protecting, he should protect them. If it makes sense to exploit economies of scale and worth with other branches of the community, great.
It's also not true that there's a loose confederation of people (Vixie & co) protecting the internet. There are plenty of people around who want to protect or improve their own reputation, and security is one of those ways. If the military wants contact points in the wider security community, they shouldn't be looking for an owner, but they should be working with reality: getting out there making those contacts.
Normally I think such anarchy is stupid, but in this case it actually is common sense.
When Obama appoints a white house CTO, there will at least be an official figurehead in charge of this matter. Proposed candidates for the role currently include Eric Schmidt, Steve Ballmer, Jeff Bezos and Julius Genachowski from IAC.
Emphasis is mine, please be kind to your new -potentially- M$ loving uber-CTO and use only approved root kits, that utilized security holes those are already hot-fixed by people who put them there in the first place, from now on...
Its like the old days of the wild west. No one really controls the land and you are free to roam and *almost* do as you please. If someone misbehaves a posse is rounded up to take care of the problem, the community helps itself. OSS is the same way.
Hopefully no one entity or group ever takes control of our virtual land.
And the opposition to it is led by those companies who want to be the looters instead. However, as commonly known, the government is inefficient; so it is also inefficient in censoring the Internet. Thus, government control is preferable to corporate control, because it is less likely to be effective.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.