Subscribe to Hybrid Vigor’s RSS Feed
AN INITIAL REACTION TO THECSIS REPORT ON SECURING CYBERSPACE
by Mike Neuenschwander ~ December 11, 2008.
Permalink | Filed under: Hybrid Vigor, Policy and Decisions, Social Trust Online.
A few days ago, the CSIS Commission on Cybersecurity released a report urging the Obama administration to take immediate corrective action in securing online systems. It’s a bold move and I’m thankful that the committee members, some of whom I know, have been able to raise awareness and the level of discussion on this important issue.
Major media covered the release of the report, including a New York Times report that began “License plates may be coming to cyberspace.” Although the CSIS report didn’t call for “surfer licenses,” the Times analogy is apt (more on the analogy in a moment).
I agree with a lot of what’s in the report, but I’d like to call out a few things.
- Must we call it “Cyberspace”? That’s so 80’s!
- If we abolish the word “Cyberspace,” then we don’t have to refer to the new “National Office of Cyberspace” as the “NOC.” This is important because anyone in the tech industry already thinks NOC means “Network Operations Center.” It’s also the stock symbol for Northrop Grumman.
- There’s a good list of contributors on this work, but they’re missing the people who really kept us safe during the cold war. Where are the Robert Axelrods in this group?
- The suggestions on “regulating cyberspace” and authenticating digital identities are well meaning, but off-base. Consider the following text from the very first post I wrote for Hybrid Vigor:
Government regulators are bullish on the “war on fraud” approach-a crackdown on critical systems. The Bush administration has already budgeted $6 billion for hardening online systems against terrorist attacks. And a war on fraud might actually be effective, if we could identify the fraudsters.
But unfortunately, fraudsters by definition use false identities, so to engage that battle, we’d need to beef up the security infrastructure of the Internet by orders of magnitude. We’d have to do background checks on users, issue “surfer licenses” to all the Internet users, lock down points of access, and hire a bunch of cyber-cops. We’d need to hire another set of people to regulate the cyber-cops, and another set of people to govern the regulators.
That’s why ultimately, the “war on fraud” approach is untenable, because it require levels of sophistication and precision well beyond our abilities — and it demands that well-doers willingly capitulate to a painfully asocial system.
I’m hoping also to hear from my friends at Burton Group and from the Identity Gang on this report.
December 15th, 2008 at 9:28 pm
[...] If good fences make good neighbors, then what do high security fences make? There are lots of people that would like you to believe that strong security is the pathway to confidence, safety, and trust. In my previous post, I commented briefly on how the CSIS panel’s focus on security was well meaning, but off base. A security apparatus is more effectively used as tool of exploitation than as a pathway to trust. Institutions that thrive on secrecy, high security, and controls are most likely unworthy of trust. [...]