Re: New Internet for Security

[Tracy Mitrano <tbm3 () CORNELL EDU>]

Interesting discussion and one that follows an idee fix of mine
recently: that the United States should have a separate federal agency
devoted to the Internet (not unlike what was created for
transportation or communication in the last century or so).

One more thought to add to the discussion, this one not in the least
bit new but a good reminder.  As Lessig pointed out, the Internet is
not a technology, but influenced, at the very least, by social norms
(users), the law (and policy), market (and regulation of it) as well
as technology (physical, logical and applications).

Too often, it seems, we have allowed ourselves, and worse yet law-
makers, to think of the Internet as a one dimensional
"technology."   (Witness p2p provisions in the HEOP.)  In our attempt
to stand strong on our missions in higher education (no matter what
form it takes in the next half century or so given myriad challenges
and winds of change), we will fail to progress in melding information
technology into that enterprise so long as we allow ourselves to be
defined only in these technological terms.

Once we embrace the full, multi-dimensional nature of the phenomenon
that is the "Internet" we significantly empower our thinking and the
message we hope to contribute to our institutional administrations,
governments and, in exercise of our service mission, as educators to
the public.

And who better than the technologists to preach that sermon?

Thanks, Gene, for getting us started on an important discusion!



On Feb 15, 2009, at 11:51 AM, Gene Spafford wrote:

> The following link is to a blog entry someone wrote about John
> Markoff's piece in the NY Times yesterday.  Not surprisingly, I
> agree with it:
> http://davidakin.blogware.com/blog/_archives/2009/2/14/4093378.html
>
> On Dave Farber's list there was some discussion of this, and then a
> post about yet another breach of a credit card processor.  I wrote
> the following:
> > Consider that some estimates of losses to computer crime and fraud
> > are in the many billions of $$ per year.  Consider how much money
> > is repeatedly spent on reissuing credit and debit cards, restoring
> > systems from backups, trying to remove spyware, bots, viruses, and
> > the like.  Consider how much is spent on defense mechanisms than
> > only work in limited cases -- anti-virus, IDS, firewalls, DLP, yet
> > latest fad.
> >
> > What effect does that play on global economic downturn?  It is
> > certainly a drag on the economy.
> >
> > Now, think about the solutions being put forward, such as putting
> > all your corporate assets and sensitive records "out in the cloud"
> > somewhere, on servers that are likely less well-protected or
> > isolated than the ones being regularly compromised at the banks and
> > card processors.   But it will look cheaper because organizations
> > won't need to maintain resources in-house.  And it is already being
> > hyped by companies, the NSF and CCC as "the future."  Who can
> > resist the future?
> >
> > Now, stir in the economic conditions where any talk of replacing
> > infrastructure with something that costs more at first, or that
> > needs more than a minor change of business processes is going to be
> > dismissed immediately as "crazy."
> >
> > And let's not forget that when the economy goes bad, more criminal
> > behavior is likely as people seek value wherever they can find it.
> >
> > And yet, the institutional responses from government and big
> > vendors will be more of the same:  update the patches, and apply
> > another layer of gauze.
> >
> >
> >
> > The situation isn't going to get better -- it's going to get
> > worse.   Much worse.
>
> --spaf