funsec mailing list archives
Re: whitehouse cyber strategy review
From: chris () blask org
Date: Sun, 15 Nov 2009 11:02:26 -0800 (PST)
--- On Sun, 11/15/09, Rich Kulawiec <rsk () gsp org> wrote:
And equally of course, this will never happen, because it would require actual thinking and innovation rather than mere
.ranting.righteous.justification.snip. All of the responses to the initial question (and, in fact, the initial question) speak to the reason that no one is asking us, as a group, for the answer and, as well, why they rarely listen when they get one of us alone to provide an opinion. (Apologies assumed for any sane comments, and no undue disrespect to all. I love you all like deranged siblings: sincerely but cautiously.) If our suggestions fall in the realm of "never ever going to happen" then we may as well swing for the fence and suggest that every computer in US government use be the Guaranteed Virus Proof type from Ole Oxtralia. Or maybe only quantum computers carved out of blocks of pure lithium by oil-rubbed Druid nymphs with flint knives (I'll oversee the work crew). Either the "answer" is going to be something that can actually happen or it's all impotent whining, and getting everyone attached to the US government to stop using Windows (as an example) is absolutely positively not going to happen for any number of reasons so we may as well recommend the nymphs. To begin to formulate an answer you have to first frame the question. It would run something like the following. "What is the best practicable way to move the security of the world's largest (by orders of magnitude) network of networks in a positive direction?" Presuppositions including (but by no means limited to): o as wide a range as conceivable of risk tolerance (from nuclear arms facilities to public schools and libraries; o from individual networks that are larger than the next largest anywhere else in the world down to thousands of tiny networks with little to no technical expertise (and everything between); o legal and ethical jurisdiction to include wholly public, public/private and under certain conditions (see The Communications Act of 1934) wholly private networks; o decisions made as part of the proposed solution will drive (or halt) hundreds of billions of dollars of revenue for decades and potentially redraw geo-economic maps; o there will be non-infinite funding available to implement the proposed solution; o the privacy and civil liberties implications of each decision must be factored in, and; o international impact of each component decision must be factored in, along the motivational lines of the statement below. "The Nation also needs a strategy for cybersecurity designed to shape the international environment and bring like-minded nations together on a host of issues, such as technical standards and acceptable legal norms regarding territorial jurisdiction, sovereign responsibility, and use of force." There is no simple solution, there is no "pure" solution of any sort whatsoever, and there is no person or group with the authority and capacity to impose a complete framework solution in anything less than a timeline of decades. Given all of that, who wants to tackle drafting the Answer? -chris _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: whitehouse cyber strategy review, (continued)
- Re: whitehouse cyber strategy review Larry Seltzer (Nov 14)
- Message not available
- Re: whitehouse cyber strategy review Larry Seltzer (Nov 14)
- Message not available
- Re: whitehouse cyber strategy review Larry Seltzer (Nov 14)
- Re: whitehouse cyber strategy review Larry Seltzer (Nov 14)
- Re: whitehouse cyber strategy review Robert Graham (Nov 14)
- Re: whitehouse cyber strategy review der Mouse (Nov 14)
- Re: whitehouse cyber strategy review Rich Kulawiec (Nov 15)
- Re: whitehouse cyber strategy review Larry Seltzer (Nov 15)
- Re: whitehouse cyber strategy review Rich Kulawiec (Nov 15)