Re: whitehouse cyber strategy review

[chris () blask org]

--- On Sun, 11/15/09, Rich Kulawiec <rsk () gsp org> wrote:

> And equally of course, this will never happen, because it
> would require actual thinking and innovation rather than mere

.ranting.righteous.justification.snip.

All of the responses to the initial question (and, in fact, the initial question) speak to the reason that no one is 
asking us, as a group, for the answer and, as well, why they rarely listen when they get one of us alone to provide an 
opinion.  (Apologies assumed for any sane comments, and no undue disrespect to all.  I love you all like deranged 
siblings: sincerely but cautiously.)

If our suggestions fall in the realm of "never ever going to happen" then we may as well swing for the fence and 
suggest that every computer in US government use be the Guaranteed Virus Proof type from Ole Oxtralia.  Or maybe only 
quantum computers carved out of blocks of pure lithium by oil-rubbed Druid nymphs with flint knives (I'll oversee the 
work crew).  Either the "answer" is going to be something that can actually happen or it's all impotent whining, and 
getting everyone attached to the US government to stop using Windows (as an example) is absolutely positively not going 
to happen for any number of reasons so we may as well recommend the nymphs.

To begin to formulate an answer you have to first frame the question.  It would run something like the following.

"What is the best practicable way to move the security of the world's largest (by orders of magnitude) network of 
networks in a positive direction?"
  
Presuppositions including (but by no means limited to): 

o  as wide a range as conceivable of risk tolerance (from nuclear arms facilities to public schools and libraries; 

o  from individual networks that are larger than the next largest anywhere else in the world down to thousands of tiny 
networks with little to no technical expertise (and everything between); 

o  legal and ethical jurisdiction to include wholly public, public/private and under certain conditions (see The 
Communications Act of 1934) wholly private networks;

o  decisions made as part of the proposed solution will drive (or halt) hundreds of billions of dollars of revenue for 
decades and potentially redraw geo-economic maps;

o  there will be non-infinite funding available to implement the proposed solution;

o  the privacy and civil liberties implications of each decision must be factored in, and;

o  international impact of each component decision must be factored in, along the motivational lines of the statement 
below.

"The Nation also needs a strategy for cybersecurity designed to shape the international environment and bring 
like-minded nations together on a host of issues, such as technical standards and acceptable legal norms regarding 
territorial jurisdiction, sovereign responsibility, and use of force."

There is no simple solution, there is no "pure" solution of any sort whatsoever, and there is no person or group with 
the authority and capacity to impose a complete framework solution in anything less than a timeline of decades.

Given all of that, who wants to tackle drafting the Answer?

-chris


      
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.