Cyberlaw discussion/Day 2

From Cyberlaw: Internet Points of Control Course Wiki
Jump to navigation Jump to search
  • Add your first question here! And four tildas to sign it WikiSysop 11:23, 3 January 2008 (EST)
    • And a response WikiSysop 11:23, 3 January 2008 (EST)

Randy Picker, Cyber Security: Of Heterogeneity and Autarky

  • Isn't Picker's autarkic vision of the Internet as a series of isolated systems contrary to both (a) the Google/Facebook/Wikipedia vision of the Internet as enabling the interconnection of lots of distributed information resources and communities, and (b) the Napster/SETI@home/BitTorrent vision of the internet as grouping lots of computers & networks together in order to take advantage of their collective processing power? How do we go about distinguishing the "critical infrastructure" of the Internet (which does need to be protected through autarky) from the rest of the public network? Does Picker fail to understand the wisdom of crowds, or is his vision still capable of harnessing it? 11:23, 3 January 2008 (EST)
  • I was confused by Picker's use of the term Redundancy in his article. Does he mean fault tolerance? Jumpingdeeps 11:16, 3 January 2008 (EST)

Paul Ohm, The Myth of the Superuser

I guess someone needs to break the ice, so I'll venture out.

Although Ohm takes good aim at the hype and misinformation that routinely is associated with assessments of cyber vulnerabilities or threats, that doesn't make those trying to make reasonable efforts to address the problem mere fearmongers. One of the problems Ohm points out, correctly, is the lack of hard data about attacks or damage incurred. A good portion of that is a collectively self-inflicted wound, since there is a chronic unwillingness to report. The head of CERT/CC (Computer Emergency Response Team - Coordinating Committee) estimated in 2005 that as much as 80 percent of cyber intrusions in the private sector go unreported (ref: GAO 05-434 Critical Infrastructure Protection - DHS Faces Challenges in Fulfilling Cybersecurity Responsibilities, p. 13) Reasons not to report abound: reputational risk, loss of competitive advantage, loss of public confidence, liability concerns, confidentiality agreements, and potential effect on the bottom line of stock value.

This reluctance to share detailed data also limits the ability of the current public-private information sharing mechanisms (Critical Private Sector ISACs - Information Sharing and Analysis Centers or the governments US-CERT) to accurately assess the level of threat or undertake sustained, coherent corrective measures.

For an updated assessment of cyber threat impact, see the Sep 2007 Business Roundtable Report titled "Growing Business Dependence on the Internet: New Risks Require CEO Action."[1] They cite a World Economic Forum estimate of a 10 to 20 percent probability of a breakdown of the critical information infrastructure in the next 10 years. The WEF study estimates the global economic cost at approximately $250 billion, one of the largest cost estimates of the risks examined in its report. Tseiver 09:15, 3 January 2008 (EST)

David Banisar, Save the Net, Sue a Software Maker