Whitehouse Tackels Cybersecurity
A little flavor of what I'd alluded to in some of the previous threads. Any guesses what the proposal to change both BGP and DNS to improve security might entail?? White House tackles cybersecurity By Declan McCullagh Special to ZDNet News September 16, 2002, 6:58 PM PT http://zdnet.com.com/2100-1105-958159.html The White House's cyberspace security plan, scheduled to be released Wednesday, envisions a broad new role for the federal government in maintaining Internet security.
On Wed, 18 Sep 2002 sgorman1@gmu.edu wrote:
A little flavor of what I'd alluded to in some of the previous threads. Any guesses what the proposal to change both BGP and DNS to improve security might entail??
The official document should be posted on WhiteHouse.GOV later today. An almost final draft copy was leaked on the net yesterday. http://www.infowarrior.org/draftstrategy.pdf DNSSEC and S-BGP have been mentioned as possible solutions. Technically some of the proposals are very elegant. However, we have to be careful about introducing more complexity into the system than necessary. Over the last year we've seen several errors in the implementation several security protocols. I don't believe security people are any better programmers than application people. What I worry about more is we are developing extremely secure, and complex methods for protecting garbage. Garbage-In, Garbage-Out.
on 9/18/2002 10:12 AM Sean Donelan wrote:
On Wed, 18 Sep 2002 sgorman1@gmu.edu wrote:
A little flavor of what I'd alluded to in some of the previous threads. Any guesses what the proposal to change both BGP and DNS to improve security might entail??
The official document should be posted on WhiteHouse.GOV later today.
Is it on again? Feds Delay Release of Cyber-Security Plan http://www.eweek.com/article2/0,3959,538677,00.asp September 17, 2002 The White House has decided to delay the release of its long-awaited cyber-security plan in an effort to gain more input from industry executives and government officials. Richard Clarke, chairman of the President's Critical Infrastructure Protection Board, has been planning for months to release the National Strategy to Secure Cyberspace Wednesday at a high-level event in Silicon Valley. But the board instead will release a draft of the strategy and will go back to private industry and public sector experts to seek more suggestions for the final plan, according to sources. [...] -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
FYI.....seeing the discussion today I thought I'd offer this to the group as well. Cheers, rf Original with contextual reference URLS located at: http://www.infowarrior.org/articles/2002-11.html America's National Cybersecurity Strategy: Same Stuff, Different Administration Richard Forno (c) 2002 Infowarrior.org. All Rights Reserved Article #2002-11. Permission granted to reproduce and distribute in entirety with credit to author. Today the White House releases its long-awaited "National Strategy To Secure Cyberspace." This high-level blueprint document (black/whiteor color), in-development for over a year by Richard Clarke's Cybersecurity team, is the latest US government plan to address the many issues associated with the Information Age. The Strategy was released by the President's Critical Infrastucture Protection Board (PCIPB), an Oval Office entity that brings together various Agency and Department heads to discuss critical infrastructure protection. Within the PCIPB is the National Security Telecommunications Advisory Council (NSTAC), a Presidentially-sponsored coffee klatch comprised of CEOs that provide industry-based analysis and recommendations on policy and technical issues related to information technologies. There is also the National Infrastructure Advisory Council (NIAC) - another Presidentially-sponsored klatch - allegedly consisting of private-sector 'experts' on computer security; but in reality consists of nothing more than additional corporate leaders, few if any considered an 'expert' on computer security matters. Thus, a good portion of this Presidential Board chartered to provide security advice to the President consists of nothing more than executives and civic leaders likely picked for their Presidential loyalty and/or visibility in the marketplace, not their ability to understand technology in anything other than a purely business sense. Factor in Richard Clarke's team many of whom, including Clarke, are not technologists but career politicans and thinktank analysts and you've got the government's best effort at providing advice to the President on information security, such as it is. (One well-known security expert I spoke with raised the question about creating a conflict of interest for people who sell to the government or stand to gain materially from policy decisions to act in advisory roles, something that occured during the Bush Administration's secret energy meetings.) Now that you know where the Strategy comes from, let's examine some of its more noteworthy components. < - SNIP - > Original with contextual reference URLS located at: http://www.infowarrior.org/articles/2002-11.html
participants (4)
-
Eric A. Hall
-
Richard Forno
-
Sean Donelan
-
sgorman1@gmu.edu