Internet Anthropologist Think Tank: Error in Cyber security Paradigm.

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Wednesday, December 15, 2010

    Error in Cyber security Paradigm.

    This blog set to diaplay 20 days of posts. Sorry Blogspot only shows 3 days, waiting for a Google fix, G

    Error in Cyber security Paradigm.

    IT directors / managers CIO chief Information Officers 
    are among some of the most misdirected security 
    providers of any industry.

    If CIO's were head of the DOD the US
    would have huge fixed coastal defenses
    and there would be pirates raiding the US 
    coasts, pillaging and stealing at will.

    CIO's are risk aversive, born cooing code,
    and raised in HTML nurseries.
    And spend a lifetime defending code,
    and blocking malware.

    They build cyber fixed Coastal defenses
    on their networks.

    A CIO as a platoon leader would build mud
    wall around HQ and never patrol, never send
    forces out, too risky.

    And that is about the state of Cyber security
    Cyber forces scare the hell out of CIOs.
    Never been used before, something might
    go wrong, unknown risks.
    Better stick with fixed fortifications they have
    known risks.
    This is why the US Cyber forces have their 
    hands shackled.
    And NSA, fort Meade fear turf intrusion and
    interference in their operations.

    NSA has a lock on WWW magic, stealth
    and penetration. 

    And NSA's mission IS NOT PROTECTION of
    the WWW or anything other than its own network.
    In fact their mission is to be able to violate any and
    all Security.

    CIO's are security people. Always trying to lock cyber doors.
    Forever Building fated fixed coastal defenses.
    They are not a policing force, they lack any deterrent
    facility. And function on a risk aversive paradigm.

    Military defense however functions on a much different
    paradigm. Which is why US doesn't have fixed coastal 
    defenses. They don't provide security, and are easily defeated.

    To protect the US coasts the Dept of Defense rely on
    a mix of offensive forces. Air power, ships, etc.
    And we have no pirates off the US coast line.

    Military minds are needed to provide security for
    US cyber coast lines. The ability to deploy offensive
    cyber forces to repel attacks, ability for hot pursuit.
    Same as in the "real" world.

    Relying on fixed cyber defenses is futile.
    The current paradigm allows the pirates to pound on
    our defenses to the level of millions of attempts a day.

    Anonymous is a possible example.
    They have lead successful attacks before.
    But in the case of wikileaks this is the first time
    a National Civilian cyber force has opposed them.

    Anonymous has experienced trained organized counter strikes
    against them, and stated they are changing their paradigm
    in this instance, dropping DOS attacks and becoming more politically active.

    This was not lead by a CIO but more military minded cyber forces
    using a offensive capability, NOT FIXED DEFENSES.

    I'm tired of watching the US cyber persona playing victims.
    The US Marines do not set in fixed battlements taking losses,
    they move and maneuver and engage the enemy.

    Why is it taking so long for the US Cyber Paradigm
    to adopt common sense military doctrine for defense
    of its cyber assets.

    Instead they elect to act as fixed targets.

    In the current paradigm there is very little 
    deterrence. Just wave after wave of assaults
    without retribution. The biggest and easiest
    target in the world.

    Take the shackles off the US cyber forces,
    let them engage the bad guys, attach a cost
    to attacking US cyber assets.

    Stop being the cyber security joke of the world.

    US has the force use it to defend, go offensive
    when attacked, track and destroy in real time.
    If its Grandmas PC that a bot herder is controlling,
    that is not an excuse not to take her PC off line.
    If they had stolen Grandmas car would the cops
    refuse a pit maneuver to stop a perp?
    I don't think so. 
    Nor is a take over of someones PC, a pass card
    to avoid consequence for your PC attacking some one.

    Cyber security equals a CIO on the site and a cyber
    platoon leader patrolling out side the fire wall engaging
    in hot pursuit. That will equal deterrence.

    Tactical Internet Systems analyst.



    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home