Cybersecurity and Cyberwarfare

From Technologies and Politics of Control
Jump to navigation Jump to search

May 3

Cybersecurity has been identified as one of the greatest challenges facing the United States today, but it is ill-defined and almost impossible to address. How can we frame this problem to better inspire solutions? How should government, military, businesses, and technologists approach the problem from different angles and do these different approaches work together?

Slides: Cybersecurity and Cyberwarfare

Readings

Optional Readings


Class Discussion

A little early for this, but I would like to share this nice paper written by analysts and researchers at Chatham House. It's pretty fundamental, I would recommend it to anyone who encounters this subject for the very first time. --Jastify 22:55, 31 January 2011 (UTC)

Great recommendation. I've added the executive summary to the required readings list. --Dardia 23:50, 10 February 2011 (UTC)

I wanted to submit this article to add to the discussion. I found it to be interesting. Cybersecurity is probably the most vital issue to our country's infrastructure today. The recent military operation to take out Osama bin Ladin would have failed miserably if knowledge of the raid was disclosed. To keep our intelligence reports under wraps should be among our highest priorities. While the government wages wars on three fronts at once, it is difficult but nessessary to ensure our reports stay out of our enemies hands. By blocking IP addresses and using more sophisticated encryption, we will be well on our way to protecting our great country. The world runs through the Internet, and so does our future. [1] Joshuasurillo 01:47, 3 May 2011 (UTC)

Cyberthreats are real and pervasive. The people within IT infrastructure have been fighting the battle for years. It makes no difference whether you work for a government, business or school – every domain (gov, com & edu) is under attack. Private business and the military arm of the government are the most concerned about security, so they were the first to adopt network access control and identity management. Security is enforced by verifying the identity of each user and device before allowing them to gain access to the network. This, of course, runs counter to the idea of a free, open and anonymous Internet. Yes, we can do a lot to protect the public by having the ISPs filter and block malware (search for SonicWALL and Blue Coat for examples) but it’s not enough to stop all breaches and wastes precious bandwidth. Our government recognizes this and is actively promoting what would become a national electronic identity “ecosystem.” (Their euphemism; see http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf) Jack Goldsmith had some well reasoned arguments why we should expect more government controls. Finally, a good taxonomy of Internet security practices can be found in the pages of Chief Security Officer Magazine at http://www.csoonline.com/. -Chris Sura

Even with additional security measures instituted, there will always be someone looking for a way around it. Jack Goldsmith's suggestion (suggested earlier by Zittrain), that additional measures be placed at the ISP level brings in significant risk to the ISPs. What if the measures are put in place and something (inevitably) gets through? Are the ISPs then liable for this? Hacking and break-ins will continue to occur even at some of the most "secure" sites. RSA, an industry security leader recently had their systems compromised, which led to information being extracted from their systems. The fact that extremely sophisticated and targeted attacks can happen at secure Nuclear Power plants (Stuxnet worm), means that ISPs have would have their hands full with any targeted attack. http://www.rsa.com/node.aspx?id=3872 Earboleda

Although cyberthreats are real and eminent issues, there are not enough resources, mostly human, for countermeasures. In the United States, lack of expert computer scientists in the field of information security poses a serious problem in appropriately handling cyberwarfare. Rouge states such as North Korea rather have a lead on cyberwarfare preparation. I assume that first of all there needs to be a wider recognition for cyberthreats and a determined agreement toward dealing with this "fifth domain of warfare". --Yu Ri 21:47, 3 May 2011 (UTC)

The Chatham House report is concerned that there isn't enough political control over the direction of cybersecurity and cyberwarfare initiatives due to the impenetrability of the technical details - that, as they put it, "the chief engineer" is driving the boat. I find this ironic (though not necessarily invalid); my first instinct is to be more concerned about know-knothing politicians trying to steer when they don't understand how the ship works or what direction it should go in. Still, education of the polical class, in either case, is the logical solution. - BrandonAndrzej 16:40, 7 May 2011 (UTC)

Just a quick rehash of something I was pondering in class: We have read about Lessig’s "free culture" (as opposed to permissions culture) as well as Benkler's "sharing nicely" and peer-production models. My project has been on Free and Open Source Software licensing. All this points to the value of sharing, open source business models, and weaker intellectual property rights. IP protections, however, have grown increasingly stronger. What if, I was thinking, we are never really able to secure the net? What will it mean when nation-states and other actors are constantly engaged in strategic and industrial espionage? Will we see, essentially, a culture of sharing "not-nicely" where theft of trade secrets and copying of patent and copyrighted materials regularly occurs outside the reach of law enforcement? Will companies reliant on proprietary business models be pushed more towards open source ones? Will we see the death of copyright as we know it? - BrandonAndrzej 16:51, 7 May 2011 (UTC)

Links

If you'd like to help us with the collection of data regarding online dating sites please take our survey, it's anonymous. Online Dating site Survey: https://www.surveymonkey.com/s/28VMJWX --Adavies01 17:03, 4 May 2011 (UTC)