Create an Account
username: password:
 
  MemeStreams Logo

RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks
Topic: Surveillance 9:41 am EST, Jan 29, 2008

noteworthy wrote:
DNI certainly intends to include the greater Internet. They seem willing to start off with the government systems. But McConnell also said that "95% of the problem lies with the private sector." The implication with this entire initiative is that the private sector isn't competent to handle this on its own, but the government is.

Its really hard to square that perspective with Republican rhetoric about how the Government isn't competent to do anything. I'm being a bit histrionic, but clearly, "socialized" managed security services will seriously diminish or eliminate the existing competitive market for these services. If its not OK for healthcare how could it be a good idea for firewalls? The Internet doesn't even kill people!

Furthermore, if we have to have the discussion, there are obviously serious civil liberties concerns with having the federal government impose a monitoring system on all private networks that examines domestic traffic without a warrant. Clearly these people believe that the word "reasonable" in the 4th amendment means anything that they want it to mean, and while there is a perscription for what is required to obtain a warrant, warrants themselves need never actually be required. This view is extremely radical and is unlikely to withstand judicial review. You won't even be able to appoint conservative lawyers who will accept it.

Both of these problems are elminiated by simply making this a private sector endevour motivated with the right economic incentives.

federally operated, highly centralized operation was not scalable

I don't agree with this. There are a number of companies who provide managed security services for thousands of customers from centralized NOCS, customers who include Fortune 500 companies who have extremely complicated infrastructures. I think its practical, particularly if you have billions at your disposal.

and in any case would be duplicated by the customers who take their industrial security seriously.

Unless they feel like the government is doing an adequate job cleaning their pipes. If the state posted armed guards in front of your Bank would you hire your own guards too on the presumption that the ones the state hired are incompetant? I think its unlikely that their level of incompetance would allow enough fraud to justify hiring private equivelents.

Nevertheless (at risk of being considered provocative) I can see why a vendor would salivate at the prospect of such a windfall, especially if, as a market leader, they would expect to win the competition for such services. How much better to sell 30B in systems and services at one fell swoop, instead of going about all onesy-twosy for years on end!

And what of the vendors who loose? Is this to be a one size fits all solution, wherein the government selects a single player and the rest of the market is instantly eliminated? To borrow from their own silly rhetoric, what a bunch of fucking commies!

I refuse to believe that access points are already being "monitored" to the level envisioned by this proposal. If that were the case, this proposal would be moot. The problem is not so much about the installation of IPS sensors; that is straightforward enough. I can believe that the sensors are already in place. At Internet scale you may be able to spot roving packs of ruffians making messes of things, and you could shut them down / turn them off. But if they can do this, why do we still see million-strong botnets attacking with impunity?

The million-strong botnets aren't infecting the systems that are well protected. Most consumers aren't. The value of centralization is that you can place a classified signature in place and see if it shows up network wide without having to share the information with third parties. Its about control.

Global-scale monitoring centers are not going to spot sophisticated spies using zero-day attacks to engage in highly targeted industrial espionage against lone machines.

No. What happens sometimes is that these attacks are successful, and the method of attack is discovered after the fact during the forensic cleanup. Then that method can be monitored for. Sometimes these attacks can be discover heuristically. There is no such thing as an unbeatable system.

RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks



 
 
Powered By Industrial Memetics
RSS2.0