nanog mailing list archives
Re: Whitehouse Tackels Cybersecurity
From: Sean Donelan <sean () donelan com>
Date: Thu, 19 Sep 2002 20:56:03 -0400 (EDT)
On Thu, 19 Sep 2002, batz wrote:
From a security perspective, the recommendations in this report are the same things that have been advocated for the last decade. In fact it looks like many of these recommendations could have been culled from the various vulnerability assessment report templates I have seen and even used over the years. I don't mean to undermine the importance of the strategy, but I think its impact will be through adding weight to us Cassandras in the security industry.
People expecting the government to wave a magic wand and make us all safe will be disappointed. Security consulting firms probably aren't going to get a windfall from the publication of the national strategy. But if you had more modest goals, the strategy did accomplish some things. Despite the daily drumbeat of vulnerability announcements, there really aren't any new fundamental causes of security problems. The National Academies of Sciences published a report last year recapping 10 years of computer and network security studies. http://www.nap.edu/catalog/10274.html The particular instance may change, but the classes of security problems are unchanging. Although the security problems are the same, the solutions can change. In the 1980's I had a Multics/Dockmaster account. Multics may have been secure, but the system sucked. Perimeter firewalls may not be the security solution for the next decade. Would anti-virus software become obsolete with a better kernel? Are the same password rules we had for our one mainframe account applicable in today's web with dozens of "logons"? I think we need to re-evaluate our best solutions for our security problems. That National Cybersecurity Strategy did a nice job of collecting the problems from all groups into one document, and showing an interdependence between the groups. Simply securing one industry, company or home user isn't enough to solve the problem. I especially pleased that at least part of the US government now seems to recognize that security is more than just secrecy. Could the government move faster? It took over 15 years from the introduction of seat belts on an American car until they became "standard" items in American cars. The government only "mandated" seat belts after most car makers were already offering them. There were a lot of studies along the way. A democratic government can't get too far out in front of the public. American Seat Belt History (http://www.lemurzone.com/airbag/belts.htm) 1947 The first time seat belts were offered in a American car was the Tucker. The state of the art then were Lap belts. 1956 Ford introduces seat belts in American cars 1964 Seatbelts became a "standard" feature in American cars 1966 Rear Seatbelts became Standard 1967 Front Seatbelts became Mandatory 1968 Shoulder Belts became Mandatory Nevertheless, seat belts won't help unless the driver buckles up.
Current thread:
- Re: Whitehouse Tackels Cybersecurity, (continued)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Eric A. Hall (Sep 18)
- More Thoughts on White House Cybersecurity Draft Richard Forno (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Steven M. Bellovin (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Jared Mauch (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 18)
- Re: Whitehouse Tackels Cybersecurity batz (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Brad Knowles (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 20)
- Wireless insecurity at NANOG meetings Sean Donelan (Sep 21)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 21)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 21)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 22)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Kevin Steves (Sep 22)
- Re: Wireless insecurity at NANOG meetings Joel Jaeggli (Sep 23)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 18)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 22)