Category Archives: cyber policy

DOD sets up Cyber Defense Command

Interesting implications from this post:

“Is it going to be the dominant player by default because the Department of Homeland Security is weak and this new unit will be strong?” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “That’s a legitimate question, and I think DoD will resist having that happen. But there are issues of authorities that haven’t been cleared up. What authorities does DoD have to do things outside the dot-mil space?”

This is a serious concern, especially given that pc’s in your home are the foot soldiers:

Owners of machines forming a botnet typically do not know their computer has been hijacked and home users account for 95% of all attacks mounted by botnets, according to figures from security firm Symantec.

Public computers are fair game too.  See this story in NYT about Iranian hackers capturing University System of Oregon computers.

Leave a comment

Filed under cyber policy, cybersec organizations

Twitterfying policy data

Just one of many implications of the twitter phenomenon per Steven Johnson’s story in Time.

Leave a comment

Filed under cyber policy

A busy day in CyberSec Space

Declan McCullagh at CNET lays out a history of fed cyber sec since creation of DHS as Obama prepares to report out on the 60 day Cyber Sec review.  McCullagh  notes we have been here before:

If any of this sounds familiar, it should. About a year after President George W. Bush took office, his administration announced a highly-anticipated, 76-page document called the “National Strategy to Secure Cyberspace” (PDF). Few of its bullet points calling for immediate “response” have been enacted; even fewer people remember what they were.

NYTimes report on DOD preparations to defend cyber space.  The Post says not to expect a naming of who will fill the position (Special Assistant to the Pres) expected to report through the NSC chain.

Leave a comment

Filed under cyber policy

Policy tools – regulatory

Condon of CNET recounts Thomas Friedman and Chris Savage discussing the policy window currently open for regulating technology:

“Reaching the most democratic solutions will require making the Internet policy process as interactive as the Net,” said Nathan James, the program and outreach manager for the Media and Democracy Coalition, an affiliation of consumer, public interest, and labor groups.”If we don’t hear from a diversity of perspectives now, how will we ever know we charted the best course?”

Leave a comment

Filed under cyber policy, policy tools

Buddy, did you know your anti-virus has expired?

So — would you want the state police writing you a ticket for failure to secure your computer?  Lawrence Pingree poses an interesting tool to consider.

The government could then scan the IP address space issued in the USA and then it could then issue “fix-it” tickets (similar to what is done today for cars) for Internet connected systems that contained vulnerabilities.

Seriously, how do you embed proper practices into the individual psychie?

Take for example peer-to-peer file sharing programs.  Leakage of data files has occurred over nets constructed by employees trying to “share” some music.  Some call P2P a “national security threat“.  Security experts, however, point to the human side of the security equation:

The problem, experts say, is that employees are violating corporate policy by using P2P at work or on work laptops to download MP3 files, or they take the work laptop home and their children install file-sharing software on it.

Ninety-three percent of P2P disclosures in the enterprise are inadvertent, said Tiversa Brand Director Scott Harrer. “You can’t really guard against human error,” he said.

The NSA is being accused of a power grab with respects to which agency manages cybersecurity.  Not too sure I want them policing my network.  (Does anyone here black helicopters hovering nearby?)

A top federal cybersecurity official resigned this week in a letter sharply critical of what he described as a power grab by the National Security Agency.

Rod Beckström, director of Homeland Security’s National Cybersecurity Center, said in his letter that NSA “effectively controls DHS cyber efforts through detailees, technology insertions,” and has proposed moving some functions to the agency’s Fort Meade, Md., headquarters.

Leave a comment

Filed under cyber policy, cybersecurity

Security, Privacy, Interoperability

These terms are strongly related, inter-related to be more precise, and have a significant effect upon the level of trust and confidence that any information system engenders with its users.  Separately dealing with each attributed of a network, as though the relationship between each term were independent, is not good design.  Yet, read the following taken from Cnet article on problems building a new healthcare system:

Lawmakers and health care representatives also asked the HISPC to clarify why privacy issues were such a critical part of maintaining electronic health records.

“It seems to me there is a big concern about the digitization of data as separate, but if we have the right security measures, that data is no different from the data physically sitting in my office,” said Herb Conway, a physician who sits on the New Jersey state legislature. “Are we going to be designing laws that interfere with our ability to have interoperability?

“While we appreciate that different states have different rules, we’re trying to find a way to streamline the process so patient treatment is not affected by delays in sharing information,” he said.

Leave a comment

Filed under cyber policy, cybersecurity, electronic medical records

Cyber Policy – Tracking law breakers

Seems some folks in Congress believe that all access point providers should maintain a log of users to be accessible by law enforcement.

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

…Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on–but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.)

Good synopsis by DeClan McCullagh.

And this headline sums up the Congressional approach to problem solving that the two bills above represent:

New Congress SO last century

And one last comment, taken from Scott Cleland at precursor, indicating where policymakers should be focusing their energies:

Out of sight — out of mind.

It is very troubling that in all the public discourse about the future of the Internet, cloud computing, and appropriate Internet public policy, there is so little discussion or coverage of the real and growing threat of Internet cyber attacks on our people, economy, government, and network-infrastructure.


Filed under federal cyber security, Policy, policy tools, privacy

Evolving governance issues

BBC story on the Facebook policy dispute is interesting from a policy perspective.  First the chronology:

  1. Facebook publishes a change in terms regarding Facebook’s “ownership” of individual data published on the site
  2. Individuals protest via social network tools
  3. Organizations, mainly nonprofit groups focused on privacy issues, raise the stakes, threaten action via judicial and regulatory (FTC) venues
  4. Facebook withdraws proposed terms
  5. Facebook creates online group to discuss “Facebook Bill of Rights and Responsibilities
  6. Organizations withdraw their threatened legal/regulatory actions

And this happened within a week.  Is this a new “governance” paradigm that can resolve societal issues within short periods of time, with little “old” government interference?

Leave a comment

Filed under cyber policy, privacy