--- On Sun, 11/15/09, Rich Kulawiec <[email protected]> wrote:
> And equally of course, this will never happen, because it
> would require actual thinking and innovation rather than mere
.ranting.righteous.justification.snip.
All of the responses to the initial question (and, in fact, the initial
question) speak to the reason that no one is asking us, as a group, for the
answer and, as well, why they rarely listen when they get one of us alone to
provide an opinion. (Apologies assumed for any sane comments, and no undue
disrespect to all. I love you all like deranged siblings: sincerely but
cautiously.)
If our suggestions fall in the realm of "never ever going to happen" then we
may as well swing for the fence and suggest that every computer in US
government use be the Guaranteed Virus Proof type from Ole Oxtralia. Or maybe
only quantum computers carved out of blocks of pure lithium by oil-rubbed Druid
nymphs with flint knives (I'll oversee the work crew). Either the "answer" is
going to be something that can actually happen or it's all impotent whining,
and getting everyone attached to the US government to stop using Windows (as an
example) is absolutely positively not going to happen for any number of reasons
so we may as well recommend the nymphs.
To begin to formulate an answer you have to first frame the question. It would
run something like the following.
"What is the best practicable way to move the security of the world's largest
(by orders of magnitude) network of networks in a positive direction?"
Presuppositions including (but by no means limited to):
o as wide a range as conceivable of risk tolerance (from nuclear arms
facilities to public schools and libraries;
o from individual networks that are larger than the next largest anywhere else
in the world down to thousands of tiny networks with little to no technical
expertise (and everything between);
o legal and ethical jurisdiction to include wholly public, public/private and
under certain conditions (see The Communications Act of 1934) wholly private
networks;
o decisions made as part of the proposed solution will drive (or halt)
hundreds of billions of dollars of revenue for decades and potentially redraw
geo-economic maps;
o there will be non-infinite funding available to implement the proposed
solution;
o the privacy and civil liberties implications of each decision must be
factored in, and;
o international impact of each component decision must be factored in, along
the motivational lines of the statement below.
"The Nation also needs a strategy for cybersecurity designed to shape the
international environment and bring like-minded nations together on a host of
issues, such as technical standards and acceptable legal norms regarding
territorial jurisdiction, sovereign responsibility, and use of force."
There is no simple solution, there is no "pure" solution of any sort
whatsoever, and there is no person or group with the authority and capacity to
impose a complete framework solution in anything less than a timeline of
decades.
Given all of that, who wants to tackle drafting the Answer?
-chris
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
