Posts Tagged ‘cyber security’
The Tufts Democrats got an earful from me about how US foreign policy on cyberspace hasn’t advanced significantly in fifteen years. I complained that a whole lot of basic questions haven’t been settled, and drew on some key national documents to verify that is the case.
They were more impressed with my rapid-fire interactive summaries of Hollywood takes on cyberwar and cyber dystopia. Or so they tweeted.
Jumbos: what did you think? Please post in the comments. Thanks!
Beth Chalecki asked me to give a talk on cyber security for her course at Boston College. While I won’t post the slide deck here, I will compile a reading list on the blog. I’d like to note that the blogroll at right includes several of the big names in the field: Bruce Schneier, C. Warren Axelrod, Ross Anderson, David Rice, Alessandro Acquisti, and others.
- National Strategy to Secure Cyberspace (US-CERT)
- Cyberspace Policy Review (White House Office of Cybersecurity)
- Presidential Decision Directive 63 (Clinton via FAS)
- US Cyber Command fact sheet and website
- Rod Beckstrom
- Howard Schmidt
- William Lynn discusses the cyber domain in Foreign Affairs
- Technology, Policy, Law and Ethics Regarding US Acquisition of Cyberattack Capabilities (Owens, Dam and Lin, eds.), full text at Macarthur Foundation
- Proceedings of a Workshop on Deterring Cyber Attacks (National Research Council Committee on Deterring Cyberattacks, Steinbruner, chair) *
- Building Security In (Gary McGraw and US-CERT)
- Cyber Warfare and Cyber Terrorism (Janczewski and Colarik, eds.)
- Cyberpower and National Security (Kramer, Starr and Wentz, eds.)
- Cyberpower (Nye)
- Cybersecurity Agenda (EastWest Institute)
- Commission on Cybersecurity for the 44th Presidency and their final report
- International Guide to Cyber Security (Westby)
* Beth: if you’d like to tackle cyber deterrence, Lukasik’s conference paper in these Proceedings (eds. Steinbruner et al., 2010, pp 99-111) is an interesting departure point for debate.
This is the latest example of what’s wrong the metaphor of cyberspace for information security. Cyberspace isn’t a space. Cyber attacks don’t involve thrown projectiles or spears. A shield won’t bat them down. The meat of the policy is buried: look how little attention is devoted to the five points in the last paragraph quoted below.
If he had said that installing Norton Internet Security on every computer in America was the definition of a cyber shield, or ordering drone attacks against suspected zero-day-threat writers, or requiring American companies to write back doors for the feds into encryption, or mandating the use of federally issued firmware in critical industries….well, then that would be the definition of a cyber shield. It’s a completely empty term.
US urges NATO to build ‘cyber shield’
(AFP) – Sep 15, 2010
BRUSSELS — NATO must build a “cyber shield” to protect the transatlantic alliance from any Internet threats to its military and economic infrastructures, a top US defence official said Wednesday.
Cyber security is a “critical element” for the 28-nation alliance to embrace at its summit of leaders in Lisbon on November 19-20, US Deputy Defence Secretary William Lynn said in Brussels.
“The alliance has a crucial role to play in extending a blanket of security over our networks,” Lynn said.
“NATO has a nuclear shield, it is building a stronger and stronger defence shield, it needs a cyber shield as well,” he said at a forum hosted by the Security & Defence Agenda think-tank. Read the rest of this entry »
I call “bull.” African botnets are not WMD, and the solution to African botnets is not to prosecute the lucky few who have computers there. Franz-Stefan Gady is completely out of touch with the realities of IT in Africa. The last thing African governments need is shunt scarce resources into prosecuting cyber criminals, particularly within their own borders. Please do something more useful with whatever resources you have: support export industries, build infrastructure, build a call center or an export processing zone, make jobs, and provide education and health care.
Honestly. Beefed up law enforcement? Where does Gady think most infections in Africa originate? Why would he presume that the botnets are home-grown?
Governments should find ways to make legitimate software available at prices users can afford. That means not taxing software imports, encouraging the use of free and open source software, and ensuring broadband access. Yes, greater bandwidth, and not less bandwidth, is crucial to safer computing. Bandwidth will give end users access to security updates and current virus databases that are prohibitively difficult to download when connections are slow.
Full story here.
A review of how well the US thwarts spies and malicious hackers has been started by President Barack Obama.
The wide-ranging review is set to last 60 days and takes in all the “plans, programs and activities” of official US cyber security efforts.
The end result will be a strategy to improve the way the US defends itself against net-borne threats. While campaigning, President Obama likened net risks to the threat of nuclear or biological attack.
“The national security and economic health of the United States depend on the security, stability, and integrity of our nation’s cyberspace, both in the public and private sectors,” said John Brennan, assistant to the president for counterterrorism and homeland security, in a statement….
The BBC reporter notes that the Commission on Cybersecurity (CSIS) previously produced a report entitled Securing Cyberspace for the 44th Presidency in December 2008.
What would a strategy for securing cyberspace look like? Recall John Bumgarner’s recent talk at the Fletcher School, entitled Policy Voides of Cyber Conflicts, February 3, 2009. At present, there are too many competing civilian and military agencies for the country to have a cohesive policy, and no clear definition of what securing cyberspace would entail. Preparing for war? Stamping out credit fraud? Hardening the nation’s civilian infrastructure? Mandating national quality standards for computer programming? None of these definitions fits the bill. I’ll be very interested to see what Obama’s team comes up with.