December 8th, 2003, 06:35 PM
National Strategy to Protect Lobbyists
There in article on ZDNet.com called We need a new national cybersecurity plan--now.
In it, Robert Vamosi points out that the Bush administration's National Strategy to Secure Cyberspace ended up impotent and unfunded after corporate special interests and lobbyists got done tearing it apart.
He suggests that the government go back to the drawing board and leave the lobbyists out of the meetings this time to get a REAL strategy to secure cyberspace that is functional, effective and maybe even funded so that it can be implemented.
I have written my own short 2 cents on the subject as well as linking to the above mentioned ZDNet article here: National Strategy to Protect Lobbyists.
December 8th, 2003, 07:32 PM
Having a set of security standards for the nation might be a good idea, but if it is limited to the US, it is hardly enough. All someone would need to do is find an off-shore computer that doesn't meet those standards, and use that to get at other computers, possibly the same US computers, especially if they happened to be a trusted computer, I.E. a Nike server in Malaysia connecting to one in the United States. The Nike server over-seas wouldn't necessarily have all of the security measures that the computer hear does, but by trusted access, all of that is thrown away.
As more and more computers and nations adhere to the ideas, it becomes better and better, but the problem remains that there are still going to be places that don't adhere to those standards. What do we do to those country's? How would we force our hands? Would it even be ethical to do so?
Furthermore, a potential problem with this is that the government might not only say "Do this" but also give us specific ways, saying that certain software and hardware must be used. The problem with that it is limited and slows down progress in some areas, while also making certain exploits universal. Don't bother checking for OSes and Software, all the computers must have the same hardware and physical firewall, which has driver and hardware problems that allow you to exploit it.
One of the good things about the restrictions set up by the IEEE (Institute for Electrical and Electronics Engineers) is that it has given us guidelines, without ever saying that it MUST be exactly this way, just that if you do this, also do this. The IEEE never interfered with the advent of new hardware or protocols, such as Netware and NetBEUI, atleast not in any serious way. A government commissioned committee, though? They might easily. In fact, if a law were assured to be passed, companies would suddenly support it hoping to have some say, and get their products sold.
If it is pushed, it must be pushed by everyone. If it is limited in its area of effect or supporters, there will inevitably be numerous problems.
Anyway, that's my two cents.
December 8th, 2003, 08:25 PM
Both Points are good ones, but it is my opinion, that no matter what the guidelines are, they wont be able to implement then on anything but new Equipment/Software (Effectivly anyway)
simply because of the scope of the "problem". As far as lobbiests go , I personally dislike them because most of the time, its just people with allot of money trying to get what they want; most of the time not concerning themselves with the long term concequences..But This is just my opinion
Cheers and Regards
[gloworange]The Only Way to be Safe is To Never Be Secure.
December 8th, 2003, 10:14 PM
Until there is true "world government" there will always be places that set themselves aside from the rules of the rest of the world for financial, or other reasons.
Until then, like I tell my users, "It's the Wild West out there in CyberSpace, the new untamed frontier, and you are all responsible for your own back".
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides