I had to shake my head at this one: Next post Op-Ed: A Civil Perspective on Cybersecurity. It’s so earnest. Real Boy Scout stuff. So golly gee whickers, isn’t the U.S. a marvelous beacon of light and good and all that? I kept wincing at that all the way through to the end, where it discloses that the authors are Jane Holl Lute is the Deputy Secretary of Homeland Security and Bruce McConnell is a Senior Counselor at the Department.
But for all that, they’ve actually probably got part of the idea. Although I’m not sure it’s entirely a solution, you see. The Internet is lubricated by information. It hums and runs along, cheerfully digesting and spitting the stuff out. You’re not going to contain information when it’s an integral part of an engine like that. I think a real model of “cybersecurity” is actually going to abandon many current notions we have of this concept. Nevertheless, the point that
We’re not just talking about the internet here. Complicated and vast, cyberspace is a rapidly growing, interconnected array of information and communications technologies (ICT), characterized by distributed ownership, dynamic connectivity, and diverse systems; its shape shifts instantaneously and organically. Though it relies on machines – e.g., servers – that are each physically somewhere, connected by communications technology that spans the globe, cyberspace is a place where geography matters differently, the reach of national law is incomplete, and the role of nation-states in its security is an open question.
[…] Cybersecurity Needs a Distributed Approach
is not actually half bad. Since everything is now decentralized and distributed, yes security needs to be, likewise. What I particularly like is the breathlessly Good Citizen way they envision this:
If the U.S. is to succeed in securing our identities and our information in cyberspace, it must build a system where the distributed nature of cyberspace is used in its own protection. With this perspective, for example, DHS has launched a national campaign – “Stop|Think|Connect” – to cultivate a collective sense of cyber–civic duty. The message begins with a simple wisdom: to ensure cybersecurity for all of us, each of us must play our part. Beginning with individual users, each of us must take the basic steps necessary to maintain our computers and our cyberlives in safety, just as conscientious drivers maintain their currency with driving laws, keep their tires properly inflated, and pay attention to highway conditions.
And of course the government is going to be the be-all and end-all of this decentralized model. I mean, you can just see them salivate at that prospect:
While America is deeply reliant on cyberspace, the health of this critical ecosystem is itself a work in progress. Indeed, tomorrow’s threats and defensive capabilities have probably not yet been invented. Government must engage: to secure government systems, assist the private sector in securing itself, enforce the law, and lay the policy foundation for future success. Where industry lags, policy change can incentivize key actions. Today’s environment does not, for example, adequately incentivize companies to write secure software. This must change.
In addition to taking these kinds of immediate steps, government has a role in the longer-term effort needed to change the structure of the internet and to leverage machines’ very capabilities to enable agile, real-time notification, protection, quarantine, and response, subject to human-directed policies and controls.
But! Not to fear! AMERICA (insert some type of toe-tappin’ blaring uplifting music here, I’m sure) stands at the READY to help with this! The chest thumping is really rather painful:
For our part, the United States is fortunate to have tremendous cybersecurity capabilities in private industry as well as across the federal government. By law and policy, the Department of Homeland Security (DHS) has two specific roles in U.S. cybersecurity: to protect the federal executive branch civilian agencies (the “dot-gov”), and to lead the protection of critical cyberspace. And so today, for example, DHS’ National Cybersecurity and Communications Integration Center is the hub of daily cyberincident management for the U.S. In addition, the Department of Defense, and in particular, the National Security Agency, is a unique national security resource and an essential participant in national, or global, cybersecurity solutions. Other U.S. government agencies also have significant capabilities. For example, U.S. law enforcement agencies, including the FBI, Immigration and Customs Enforcement, and the Secret Service have considerable experience and expertise in investigating cybercrimes and in identifying, pursuing, capturing and successfully prosecuting cybercriminals. Moreover, U.S. multinational firms operate global computer networks that are equipped to detect and respond to cyberintrusions and attacks. The combined knowledge of what’s happening on these networks is a resource that can inform all network defenders of the current operational picture.
Sigh. I especially like the proliferation of neologisms starting with the all-purpose “cyber” prefix.
Amusingly, the commenters to this article aren’t buying it either. I think perhaps because a rather famous question has been left conspicuously unanswered: Quis custodiet ipsos custodes?
Give ya a hint — they’ll be distributed, as well. And legion…