Policy proposal for fixing US Internet security strategy

1 point

14 years ago

TLDR: A policy proposal primarily aimed at shoring up the US Internet from cyber attacks from China, Russia, etc.

1. Exorcise from policy cyber concepts that aren't grounded in reality - cyber weapons, global cascading effects, attribution theory, etc. Mostly consultant speak by policy wonks without sufficient technical expertise.

2. Switch from law-enforcement strategies that require knowing the identity of an individual black-hat with certainty, to ones that hold nation states accountable for behavior of malicious actor within their borders

3 & 4. Bring the NSA under U.S. Cyber Command, give them the authority to monitor the networks that operate the nation's critical infrastructure. This is essentially an end-run around a clueless, conflict-of-interest-laden Congress that is incapable of implementing a meaningful cyber security strategy.

5. Make ISP's responsible for monitoring customer activity for malicious behavior and infected machines. This can now be done without infringing user privacy [1].

6. Refocus diplomatic and development efforts on global bodies. Review US strategy in the ITU, where we are creating enemies among those we will need to partner with to defend Internet governing bodies from hostile takeover by Internet-unfriendly countries [2].

1. http://www.microsoft.com/casestudies/Microsoft-Lync-Server/TeliaSonera/European-Telecom-Uses-Microsoft-Security-Data-to-Remove-Botnet-Devices-from-Network/710000000132

2. http://www.politicaldigestonline.com/2011/07/21st-century-statecraft-foreign-policy-of-the-internet

2 comments