A little flavor of what I'd alluded to in some of the previous
threads. Any guesses what the proposal to change both BGP and DNS to
improve security might entail??
White House tackles cybersecurity
By Declan McCullagh Special to ZDNet News September 16, 2002, 6:58 PM
PT
http://zdnet.com.com/2100-1105-958159.html
The White House's cyberspace security plan, scheduled to be released
Wednesday, envisions a broad new role for the federal government in
maintaining Internet security.
The official document should be posted on WhiteHouse.GOV later today. An
almost final draft copy was leaked on the net yesterday.
http://www.infowarrior.org/draftstrategy.pdf
DNSSEC and S-BGP have been mentioned as possible solutions. Technically
some of the proposals are very elegant. However, we have to be careful
about introducing more complexity into the system than necessary. Over
the last year we've seen several errors in the implementation several
security protocols. I don't believe security people are any better
programmers than application people. What I worry about more is we are
developing extremely secure, and complex methods for protecting garbage.
Garbage-In, Garbage-Out.
Is it on again?
Feds Delay Release of Cyber-Security Plan
http://www.eweek.com/article2/0,3959,538677,00.asp
September 17, 2002
The White House has decided to delay the release of its long-awaited
cyber-security plan in an effort to gain more input from industry
executives and government officials.
Richard Clarke, chairman of the President's Critical Infrastructure
Protection Board, has been planning for months to release the National
Strategy to Secure Cyberspace Wednesday at a high-level event in Silicon
Valley. But the board instead will release a draft of the strategy and
will go back to private industry and public sector experts to seek more
suggestions for the final plan, according to sources.
[...]
FYI.....seeing the discussion today I thought I'd offer this to the group as
well. Cheers, rf
Original with contextual reference URLS located at:
http://www.infowarrior.org/articles/2002-11.html
America's National Cybersecurity Strategy: Same Stuff, Different
Administration
Richard Forno
(c) 2002 Infowarrior.org. All Rights Reserved
Article #2002-11.
Permission granted to reproduce and distribute in entirety with credit to
author.
Today the White House releases its long-awaited "National Strategy To Secure
Cyberspace." This high-level blueprint document (black/whiteor color),
in-development for over a year by Richard Clarke's Cybersecurity team, is
the latest US government plan to address the many issues associated with the
Information Age.
The Strategy was released by the President's Critical Infrastucture
Protection Board (PCIPB), an Oval Office entity that brings together various
Agency and Department heads to discuss critical infrastructure protection.
Within the PCIPB is the National Security Telecommunications Advisory
Council (NSTAC), a Presidentially-sponsored coffee klatch comprised of CEOs
that provide industry-based analysis and recommendations on policy and
technical issues related to information technologies. There is also the
National Infrastructure Advisory Council (NIAC) - another
Presidentially-sponsored klatch - allegedly consisting of private-sector
'experts' on computer security; but in reality consists of nothing more
than additional corporate leaders, few if any considered an 'expert' on
computer security matters.
Thus, a good portion of this Presidential Board chartered to provide
security advice to the President consists of nothing more than executives
and civic leaders likely picked for their Presidential loyalty and/or
visibility in the marketplace, not their ability to understand technology in
anything other than a purely business sense. Factor in Richard Clarke's
team � many of whom, including Clarke, are not technologists but career
politicans and thinktank analysts � and you've got the government's best
effort at providing advice to the President on information security, such as
it is. (One well-known security expert I spoke with raised the question
about creating a conflict of interest for people who sell to the government
or stand to gain materially from policy decisions to act in advisory roles,
something that occured during the Bush Administration's secret energy
meetings.)
Now that you know where the Strategy comes from, let's examine some of its
more noteworthy components.
< - SNIP - >
Original with contextual reference URLS located at:
http://www.infowarrior.org/articles/2002-11.html