Slashdot Log In
Who Protects the Internet?
Posted by
samzenpus
on Wed Dec 03, 2008 11:38 PM
from the guarding-the-tubes dept.
from the guarding-the-tubes dept.
strikeleader writes "TechCrunch has an article from an interview with General Kevin Chilton, US STRATCOM commander and the head of all military cyber warfare.
Who protects us? 'Basically no one. At most, a number of loose confederations of computer scientists and engineers who seek to devise better protocols and practices — unincorporated groups like the Internet Engineering Task Force and the North American Network Operators Group. But the fact remains that no one really owns security online, which leads to gated communities with firewalls — a highly unreliable and wasteful way to try to assure security.'"
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Editorialization (Score:3, Insightful)
Meh. The question really should be "Who protects the Internet from being used as a military asset?" Cause that's all this guy is talking about.
if the military does not regard it as an asset... (Score:5, Insightful)
Several governments are already making progress on this game plan.
Parent
Re: (Score:3, Interesting)
Save Humanity NOW!
Decode: Another hint to the proposition that technological progress has to be accompanied with (say) 'social evolution' in order to be fruitful. Mankind has failed (epically) ever since.
CC.
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
Duh! (Score:4, Funny)
Al Gore of course. After all it's his baby.
Re: (Score:2)
Filling the tubes (Score:2, Funny)
Internet doesn't need protection (Score:5, Insightful)
And thats the way I like it. Please keep the government's greedy and controlling hands out of this.
Re:Internet doesn't need protection (Score:5, Insightful)
It can't be protected without having control of it.
The single best thing about the internet is that no one has full control of it. Had it been controlled by government or industry, it would be a miserable little shadow of what it is today.
Parent
Re:Internet doesn't need protection (Score:5, Insightful)
Its like the old days of the wild west. No one really controls the land and you are free to roam and *almost* do as you please. If someone misbehaves a posse is rounded up to take care of the problem, the community helps itself. OSS is the same way.
Hopefully no one entity or group ever takes control of our virtual land.
Parent
OT: Your sig (Score:2, Insightful)
Attics are terrible, all the heat gets trapped there! Just think of how many fewer computers you can viably run.
Re:OT: Your sig (Score:5, Interesting)
I had the same problem as you. Living in my parents attic, it was so hot..even in winter. One day while playing doom, I had an idea: Use the chainsaw to free the heat. It took some blood and sweat, but I got the job done. Fly Mr. Heatie, fly!
Back on topic: With all these people trying to control the internet and the FCC auctioning off all the airwaves, I'm ready to become a freebander. Why not just create a radio networking card which uses the analog TV freqs the FCC took away. ...okay, that would be a bad idea, they'd probably just track us all down.
Then again, maybe playing with pringles cans and "legit" wireless networking, we can interface with our neighbors. Something has to work, or am I just a kook?
Parent
Re:Internet doesn't need protection (Score:4, Interesting)
Forget the Old West, how about NOW?
When I walk through downtown Baltimore, who is there to protect me? (looks around). I don't see any police around so I'm basically a victim waiting to be robbed by some guy hiding around the next corner. The only real protection is (1) a mutual agreement to respect one another's property, (2) common sense to avoid dangerous areas or obvious scams, and (3) as a last resort self-defense when attacked. The internet operates on the same principles.
Government police can not be everywhere.
Parent
Re: (Score:2, Interesting)
not that I'm any kind of expert... but I would think that one could argue that once certain technologies got up to a decent level to allow for things like network cards, long distance communications, encryption, personal computers, etc... something like the internet would be inevitable.
Re:Internet doesn't need protection (Score:5, Interesting)
not really that certain.
If the internet hadn't grown up from under the radar it very well could have been treated like traditional media.
Want to run a server? You better have a liscence just like the TV broadcasters.
Want to connect at all? WEll first you have to authenticate with the central government servers so they know who's doing what on the network.
Our greatest defence for years was that nobody knew enough about it to make laws on it. Now that there's real money involved of course the legislators want to make rules even if they don't have a clue what's going on- kinda like with every other situations that governments touch.
Parent
Re: (Score:3, Insightful)
not that I'm any kind of expert
Neither is General Chilton, or he would not be talking with a straight face about using the public Internet for secured transmission of military data. He's a fucking idiot if he believes what he's saying and you should not take him seriously just because of his uniform. You're a voter and a taxpayer, right? Don't trust him, treat him as an employee.
... but I would think that one could argue that once certain technologies got up to a decent level to allow for things like network cards, long distance communications, encryption, personal computers, etc... something like the internet would be inevitable.
Yes. What was not inevitable is that military personnel would choose to use publicly available, privately-owned hardware on basically an "honor system" set
Re: (Score:2)
The only sort of "control" that should be allowed is the enforcement of network neutrality.
Re:Internet doesn't need protection (Score:5, Interesting)
Parent
Net Neutrality: Gov't regulation for the Internet (Score:3, Insightful)
I hope you don't support Net Neutrality, because that is the Trojan Horse for government regulation of the Internet.
Mod Parent Up (Score:2)
Net neutrality is anything but.
Re:Net Neutrality: Gov't regulation for the Intern (Score:5, Insightful)
And the opposition to it is led by those companies who want to be the looters instead. However, as commonly known, the government is inefficient; so it is also inefficient in censoring the Internet. Thus, government control is preferable to corporate control, because it is less likely to be effective.
Parent
Easy (Score:2, Funny)
This is an easy one
Uncle Ted himself, who else understands the internet as well as he
Although now he may be doing it from his new base in cell #1576 Cell block E
Re: (Score:2)
Until I got to the cell block bit I was wondering what Ted Nugent had to do with the Internet.
Our network can b hacked, let's make a new www! (Score:5, Funny)
Firewalled networks wasteful? (Score:5, Insightful)
What's the alternative? Globalized security, courtesy of Big Brother?
Don't good fences make good neigbors?
I suppose it's wasteful, in code, for module entry points to validate parameters, too. :)
Re:Firewalled networks wasteful? (Score:5, Insightful)
Even if the government could offer some form of protection online, I'd be a fool not to protect my own network to the best of my abilities. Using Jonathan Zittrain's logic from TFA, doors must be ineffecient and wasteful too; obviously he has never heard of the concept of defense in depth.
Parent
Re: (Score:3, Insightful)
Don't good fences make good neigbors?
No.
The expression comes from a poem - "Mending Wall" - by Robert Frost, which is an ironic criticism of peoples' need to separate themselves from one another without understanding why - or indeed whether - they should. Walls are by their very nature divisive, and hamper cooperation by design. It is foolish, therefore, just to blindly put them up wherever we can in the name of "security".
To quote:
'"Why do they make good neighbors? Isn't it
Where there are cows? But here there are no cows.
Before I built a wall
don't try to draw too many real world analogies... (Score:5, Insightful)
I don't think you want to centralize anything like that, at least not to the exclusion of everyone having local protections. Your firewall is under your control and you can make it as secure or unsecured as you want it.
If you want the cyberspace equivalent of a national army, you're just asking to have lots of power taken away from you and given to someone else. That being said, I think there is a case for prevention of nations attacking other nations en large, or 'war by other means'.
but carry it too far and you end up destroying the global feel of the internet - you'll end up with cyber borders as bad as our real borders - checkpoints you can't cross without 'your papers please'.
Re:don't try to draw too many real world analogies (Score:5, Insightful)
If you want the cyberspace equivalent of a national army, you're just asking to have lots of power taken away from you and given to someone else.
All those spammers building botnets, eventually, they're going to become "security companies". Nice web site you've got there, it'd be a shame if no-one could get to it. Once they start collecting taxes from a large enough group of people, they become a "legitimate" police force. After all, they don't want anyone else building a bigger botnet than theirs.
Parent
Re: (Score:2, Insightful)
Solution (Score:2, Funny)
Easy. Anonymous is the guardian of the internets.
CMR Taco! (Score:5, Funny)
Evolution, baby (Score:5, Insightful)
Re: (Score:2)
It's no more ridiculous than believing that a centralized government can provide more physical security. . .
In the Wild West.... (Score:2)
And individuals who learned to best use their 'protection', with faster assessment of threats and the resulting execution of such with precise accuracy, found they had a satisfactory level of self-protection.
I say, legalize some offensive capabilities for "Internet Users" and set up some general universal use rules. After all, when you point a gun to shoot at someone else, you are tacitly giving them permission to shoot back at you (or even preemptively), hence the
Re: (Score:2)
I say, legalize some offensive capabilities for "Internet Users" and set up some general universal use rules.
That sounds like Cold War 2.0
After all, when you point a gun to shoot at someone else, you are tacitly giving them permission to shoot back at you (or even preemptively)
Were you infact an advisor for the Iraq War?
Better not to have the internet "protected" (Score:2)
"But the fact remains that no one really owns security online, which leads to gated communities with firewalls -- a highly unreliable and wasteful way to try to assure security."
Actually, it is far more secure that way, if one organization did somehow owned all security online, the internet as a whole would be much less security because now you have a single point of failure. Once someone exploited that vulnerability, the entire Internet as a whole would be affected. Also I get the feeling from the article that what they are really after is not necessarily security, but CONTROL of the Internet. Lastly, that man DOES NOT protect the Internet in any way, shape or form. He might be responsible for the USA military Intranet, but that's about it. Stop the fear-mongering already.
* Messed up the tag from my last post* (Score:5, Insightful)
"But the fact remains that no one really owns security online, which leads to gated communities with firewalls -- a highly unreliable and wasteful way to try to assure security."
Actually, it is far more secure that way, if one organization did somehow owned all security online, the internet as a whole would be much less security because now you have a single point of failure. Once someone exploited that vulnerability, the entire Internet as a whole would be affected. Also I get the feeling from the article that what they are really after is not necessarily security, but CONTROL of the Internet. Lastly, that man DOES NOT protect the Internet in any way, shape or form. He might be responsible for the USA military Intranet, but that's about it. Stop the fear-mongering already.
Nobody owns security offline either (Score:5, Insightful)
Nobody owns security offline either, and nobody should. If you own something, or care about something, you protect it. Some things have additional protection from the police or the military (e.g. I have a reasonable expectation that the police will prevent me from getting beaten up in some circumstances), but in the most part "the authorities" have a fairly punitive deterrent role. But anything that needs special protection gets it: got valuables in your house? Alarm, strong doors, insurance. All privately paid-for and provided. Got valuables on your computer? Backups, firewall, antivirus. Also privately provided.
Basically, the people who care about things know how much they're worth protecting. It isn't sensible to have military-grade security around my old Corolla, but my laptop's pretty secure because it's got a few worthwhile things. If the good General has infrastructure or secrets worth protecting, he should protect them. If it makes sense to exploit economies of scale and worth with other branches of the community, great.
It's also not true that there's a loose confederation of people (Vixie & co) protecting the internet. There are plenty of people around who want to protect or improve their own reputation, and security is one of those ways. If the military wants contact points in the wider security community, they shouldn't be looking for an owner, but they should be working with reality: getting out there making those contacts.
Normally I think such anarchy is stupid, but in this case it actually is common sense.
Redundancy in security is not wasteful (Score:2)
a highly unreliable and wasteful way to try to assure security
I disagree. It's a terrible thing that we do not have a force dedicated to cyber security, but I wouldn't call the individual security nets "wasteful".
Is it wasteful to have both an enterprise firewall AND anti-virus software? No, you should have a net at every point possible - especially if we're talking issues where the government would start to be concerned. In that case, the person sitting on the other side of an attack is likely as sophisticated as the highest paid engineers on our side. Redund
Who Protects the Internet? (Score:2)
</sarcasm>
C'mon guys, read TFA to the end... (Score:5, Informative)
When Obama appoints a white house CTO, there will at least be an official figurehead in charge of this matter. Proposed candidates for the role currently include Eric Schmidt, Steve Ballmer, Jeff Bezos and Julius Genachowski from IAC.
Emphasis is mine, please be kind to your new -potentially- M$ loving uber-CTO and use only approved root kits, that utilized security holes those are already hot-fixed by people who put them there in the first place, from now on...
Stange analogy (Score:2, Interesting)
Every network is different... (Score:3, Insightful)
and the "internet" is the chaos that arises from connecting all these networks together.
My organization needs to make its own decisions on what policies it need to implement on its network.
Communications between my college and many strange corners of the globe occur daily. If I dropped kerberos at my borders, Xbox wouldn't work anymore, and I would be risking bodily harm from the rioting mobs.
Now, if a federal department had such traffic crossing its borders, they'd have a rapid deployment team there within minutes to figure out what happened.
Anyone who tells you that security can be solved easily is probably trying to sell you something...
For whom the bell tolls... (Score:5, Insightful)
The "Internet" has become something of a quandry. It's humble beginnings were brilliantly designed to propogate information, provide a powerful environment for collaboration, and provide an extensible virtual universe for spreading and preserving human thought, and projects of discovery. It's one weakness was that it was designed by intelligent, responsible, and compassionate people expecting that in the vein of collaboration and workability, that future users would be likewise intelligent, responsible, and compassionate.
Much to the chagrin of humanity, a vast hoard of virtual Mongols (or equally apropos "mongrels"), have used the internet as their personal toilet, slim-jim, bludgeon, and/or weapon of mass destruction. Sadly in a free environment, you have to cope with the worst in people, to support and empower that which is best.
The first problem is to get crystal clear about what doesn't work with the current system. Whether the available cures are(n't) worse than the disease, and how we might implement meaningful solutions without breaking, impeding, or prevent those things which are best about the internet. Security means different things to different people. Protecting people from stupidity, laziness, or the worst in their own natures might well render the broad networks by which people collaborate and invent the future, functionally unusable. Making the worst of what people do very difficult, while preserving the general freedom, and clear capacity for people to share ideas, impart mutual wisdom, and promote what Shakespeare referred to as "Our better natures", demands vision, foresight, and a profound commitment to integrity.
The first and most essential thing we can and must do, is create an environment that promotes human enterprise, without selling off the very things than make the internet valuable to people.
Sounds good to me... (Score:3, Insightful)
Who protects us? 'Basically no one. At most, a number of loose confederations of computer scientists and engineers who seek to devise better protocols and practices
I.e. the talented people who developed the technology in the first place, and their successors.
â" unincorporated groups like the Internet Engineering Task Force
You mean the people who managed one of the most staggeringly successful collection of interoperability standards that, post-OOXML, makes the ISO look like a bunch of clowns?
I think we're in safe hands - we'd be in even safer hands if the gubment got on with its job of enforcing the anti-trust laws and fixing the patent system leaving the IETF et. al. to get on with thiers.
Securit = Control = No thanks (Score:3, Insightful)
To truly secure any data stream you have to be able to control it at all points from start to end. If people think that government or large group based security is not going to involve a crapload of lobbied for add-ons and censorship they don't understand the nature of lobbyists.
The best kind of Security for an open and free(as in rights) internet is individual security. Our computers are something we (or the local network admin) have control over.
Re: (Score:2)
Chuck Norris
Unfortunately this internet is vulnerable to the BruceLee attack.
Re: (Score:2)
That would be Bruce Schneier not Chuck.
Chuck has another Fist under his beard.
Here are the Chuck Norris Facts: http://www.chucknorrisfacts.com/ [chucknorrisfacts.com]
And here are the Bruce Schneier Facts: http://geekz.co.uk/schneierfacts/ [geekz.co.uk]
Please dont get confused people!