Internet Anthropologist Think Tank: Gov.wrong paradigm for WWW security

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Tuesday, October 05, 2010

    Gov.wrong paradigm for WWW security

    US Government operating wrong paradigm for WWW security.

    The head of the military's new Cyber Command, Army General Keith Alexander, says setting it up would be straightforward technically. He calls it a "secure zone, a protected zone." Others have dubbed the idea ""
    Alexander also heads the National Security Agency, or NSA, the super-secretive Defense Department arm that shields national security information and networks, and intercepts foreign communications.

    Iran was not able to protect its PC's form Stuxnet and they were not even connected to the WWW.

    They fail to realize the problematic issue is not the WWW but the Operating system.

    The OS is like a house with thousands of windows and secret doors,
    doors no body even knows about and all the people are naked inside.

    So the Gov wants to build a wall, castle fortress around the house.
    History has taught us that castle fortresses don't work.
    Coastal defenses went out pre-WWII.
    You cannot bring them back and be effective.
    They cannot build a "secure zone"
    You can build a secure operating system.

    There is not even any paradigm for handling
    those attacking the walls, NO rules for engagement
    for attackers. 

    The current paradigm allows bad guys to swarm
    the walls, probe for weaknesses with impunity.

    Iran nuclear program was not connected to
    the WWW and they were vulnerable.

    He gave the general 60 days to develop the plan, with the Homeland Security Department, to provide "active perimeter" defenses to an undisclosed number of Pentagon contractors, no offensive options, no deterrent.
    Waste of money. Even a Intranet can be penetrated as those who developed stuxnet know.
    They know its ineffective and are deploying it anyway?

    We need a secure OS. and offensive policys to deter attackers, rules of
    engagement for those that even swarm the walls.
    Would a bank ignore hundreds of criminals inspecting its walls
    and perimeter? I think not.
    But its allowed for cyber defensive walls, Why?


    Some see the Pentagon's proposed new ring around certain critical services as a throwback almost to the dark ages.

    " becomes new Target One," says Richard Bejtlich, General Electric Co's director of incident response. "I can't think of an easier way to help an adversary target the most critical information on industry computers."
    Gov is ignoring reality:
    There are persistent signs of strains between Cyber Command and the Homeland Security Department over how to enhance the U.S. cybersecurity posture.

    "To achieve this, we have to depart from the romantic notion of cyberspace as the Wild Wild West," Homeland Deputy Secretary Jane Lute told the annual Black Hat computer hackers' conference in Las Vegas in July. "Or the scary notion of cyberspace as a combat zone. The goal here is not control, it's confidence."

    WWW is the Wild Wild West, it is a combat zone. Ignoring this is counterproductive.
    Obama, proclaiming October National Cybersecurity Awareness Month, said protecting digital infrastructure is a "national security priority."
    Then get a secure OS. Develop rules of engagement, and some kind of deterrent.
    Currently its just a mop up operation and damage assessment.
    No offensive actions.
    U.S. Senator Sheldon Whitehouse, who led a Senate Intelligence Committee cyber task force that submitted a classified report to the panel in July, has floated a similar idea, drawing an analogy to medieval fortresses.

    "Can certain critical private infrastructure networks be protected now within virtual castle walls in secure domains where those pre-positioned offenses could be both lawful and effective?" he asked in a July 27 floor speech.
    He should consider why a medieval fortress failed as a defensive option and is no longer used.
    Those that forget history are repeating its failed paradigms.
    Defending just certain intranets us short sighted and a failed paradigm form the 'get go'.
    If the WWW isn't defended they will find them selves running a semi-secure intranet
    with no WWW connection. After a cyber attack they can only talk to each other
    but no connection to troops or the infrastructure, usless fortress.

    The problem isn't the WWW its the Operating Systems.
    Originally the OS was built only to work. If it worked
    it was a success, no consideration given to security.
    This paradigm continues today with emphasis on functionality,
    not security, There in lies our weakness.
    All the security vendors, spending billions of dollars
    have not been able to secure the OS in the entire history
    of the WWW.
    Change the focus, change the paradigm to a secure

    The point of failure isn't the WWW its the OS.
    Stop wasting money on cyber walls.

    Internet Anthropologist
    Tactical Internet Systems analyst.



    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home