Cybersecurity and Cyberwarfare: Difference between revisions

From Technologies of Politics and Control
Jump to navigation Jump to search
No edit summary
Line 52: Line 52:


Cyberthreats are real and pervasive.  The people within IT infrastructure have been fighting the battle for years.  It makes no difference whether you work for a government, business or school – every domain (gov, com & edu) is under attack.  Private business and the military arm of the government are the most concerned about security, so they were the first to adopt network access control and identity management.  Security is enforced by verifying the identity of each user and device before allowing them to gain access to the network.  This, of course, runs counter to the idea of a free, open and anonymous Internet.  Yes, we can do a lot to protect the public by having the ISPs filter and block malware (search for SonicWALL and Blue Coat for examples) but it’s not enough to stop all breaches and wastes precious bandwidth.  Our government recognizes this and is actively promoting what would become a national electronic identity “ecosystem.” (Their euphemism; see http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf) Jack Goldsmith had some well reasoned arguments why we should expect more government controls.  Finally, a good taxonomy of Internet security practices can be found in the pages of Chief Security Officer Magazine at http://www.csoonline.com/. [[User:ChrisSura|-Chris Sura]]
Cyberthreats are real and pervasive.  The people within IT infrastructure have been fighting the battle for years.  It makes no difference whether you work for a government, business or school – every domain (gov, com & edu) is under attack.  Private business and the military arm of the government are the most concerned about security, so they were the first to adopt network access control and identity management.  Security is enforced by verifying the identity of each user and device before allowing them to gain access to the network.  This, of course, runs counter to the idea of a free, open and anonymous Internet.  Yes, we can do a lot to protect the public by having the ISPs filter and block malware (search for SonicWALL and Blue Coat for examples) but it’s not enough to stop all breaches and wastes precious bandwidth.  Our government recognizes this and is actively promoting what would become a national electronic identity “ecosystem.” (Their euphemism; see http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf) Jack Goldsmith had some well reasoned arguments why we should expect more government controls.  Finally, a good taxonomy of Internet security practices can be found in the pages of Chief Security Officer Magazine at http://www.csoonline.com/. [[User:ChrisSura|-Chris Sura]]
Even with additional security measures instituted, there will always be someone looking for a way around it.  Jack Goldsmith's suggestion (suggested earlier by Zittrain), that additional measures be placed at the ISP level brings in significant risk to the ISPs.  What if the measures are put in place and something (inevitably) gets through?  Are the ISPs then liable for this?  Hacking and break-ins will continue to occur even at some of the most "secure" sites.  RSA, an industry security leader recently had their systems compromised, which led to information being extracted from their systems.  The fact that extremely sophisticated and targeted attacks can happen at secure Nuclear Power plants (Stuxnet worm), means that ISPs have would have their hands full with any targeted attack.
http://www.rsa.com/node.aspx?id=3872  [[User:Earboleda|Earboleda]]


== Links ==
== Links ==

Revision as of 14:33, 3 May 2011

May 3

Cybersecurity has been identified as one of the greatest challenges facing the United States today, but it is ill-defined and almost impossible to address. How can we frame this problem to better inspire solutions? How should government, military, businesses, and technologists approach the problem from different angles and do these different approaches work together?

Readings

Optional Readings


Class Discussion

A little early for this, but I would like to share this nice paper written by analysts and researchers at Chatham House. It's pretty fundamental, I would recommend it to anyone who encounters this subject for the very first time. --Jastify 22:55, 31 January 2011 (UTC)

Great recommendation. I've added the executive summary to the required readings list. --Dardia 23:50, 10 February 2011 (UTC)

I wanted to submit this article to add to the discussion. I found it to be interesting. Cybersecurity is probably the most vital issue to our country's infrastructure today. The recent military operation to take out Osama bin Ladin would have failed miserably if knowledge of the raid was disclosed. To keep our intelligence reports under wraps should be among our highest priorities. While the government wages wars on three fronts at once, it is difficult but nessessary to ensure our reports stay out of our enemies hands. By blocking IP addresses and using more sophisticated encryption, we will be well on our way to protecting our great country. The world runs through the Internet, and so does our future. [1] Joshuasurillo 01:47, 3 May 2011 (UTC)

Cyberthreats are real and pervasive. The people within IT infrastructure have been fighting the battle for years. It makes no difference whether you work for a government, business or school – every domain (gov, com & edu) is under attack. Private business and the military arm of the government are the most concerned about security, so they were the first to adopt network access control and identity management. Security is enforced by verifying the identity of each user and device before allowing them to gain access to the network. This, of course, runs counter to the idea of a free, open and anonymous Internet. Yes, we can do a lot to protect the public by having the ISPs filter and block malware (search for SonicWALL and Blue Coat for examples) but it’s not enough to stop all breaches and wastes precious bandwidth. Our government recognizes this and is actively promoting what would become a national electronic identity “ecosystem.” (Their euphemism; see http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf) Jack Goldsmith had some well reasoned arguments why we should expect more government controls. Finally, a good taxonomy of Internet security practices can be found in the pages of Chief Security Officer Magazine at http://www.csoonline.com/. -Chris Sura

Even with additional security measures instituted, there will always be someone looking for a way around it. Jack Goldsmith's suggestion (suggested earlier by Zittrain), that additional measures be placed at the ISP level brings in significant risk to the ISPs. What if the measures are put in place and something (inevitably) gets through? Are the ISPs then liable for this? Hacking and break-ins will continue to occur even at some of the most "secure" sites. RSA, an industry security leader recently had their systems compromised, which led to information being extracted from their systems. The fact that extremely sophisticated and targeted attacks can happen at secure Nuclear Power plants (Stuxnet worm), means that ISPs have would have their hands full with any targeted attack. http://www.rsa.com/node.aspx?id=3872 Earboleda

Links