06-01-2010 Tuesday – Cyber Security and FCC Regulation

In an article by Kim Zetter on wired.com quotes Defense Deputy Secretary William Lynn III, speaking at the Strategic Command Cyber Symposium:

“Operators of critical infrastructure could opt in to a government-sponsored security regime,” Lynn said. Otherwise, “individual users who do not want to enroll could stay in the wild wild west of the unprotected internet.”

This is about deploying Einstein 2 to the public.  Einstein 2 “is designed to perform automated full-packet inspection of traffic entering and exiting government networks using signature-based intrusion-detection technology, according to the government’s secret cybersecurity plan, part of which was recently declassified. The system has the ability to alert the government’s Computer Emergency Readiness Team (US-CERT) in real time, if it detects potentially harmful activity.”

Keep in mind there are three Networks on the Internet we need to protect:

  1. Military
  2. Government
  3. Critical Public Infrastructure (Power Grid, Banking/Financial, etc…)

Per previous blogs the Military has a ‘plan’ for its network…the Government has assigned responsibility to the DHS for its network…and no one is watching the Public Infrastructure networks.

This  is one of the facets of a complicated issue where regulation is needed.

Unlike the United States physical infrastructures, which are protected by our borders (two oceans, Canada and Mexico), the Internet is ‘without borders’ (this is certainly a cliché’ by now, right?).  Hence there is no ‘physical’ protection.  The only way the Tier 1 providers of our “pipes to the Internet” are going to spend money on security are two ways –

  • After a catastrophe, i.e. too late
  • Regulation/Legislation/Law

The areas where regulation is needed are:

  1. Security
  2. Access and Speed
  3. Censorship (or Net Neutrality)
  4. Privacy

The last item is because item 1 is ‘invasive’ and if an ‘Einstein’ type method is used a computer algorithm will ‘see’ everyone’s data.

An example of the need for Net Neutrality  Suppose AT&T bought Yahoo!.  Currently there is no Regulation/Legislation/Law to prevent AT&T from implementing technology that would either ‘speed up’ Yahoo! pages to your computer and ‘slow down’ Google pages to your computer (if you are on AT&T, as I am).  Over time users would notice the response time and move to Yahoo! as away from Google.

Now, the AT&T’s of the world ‘promise’ they would not do that…Yeah, Wall Street said it could ‘Police’ itself too…and look where that got us…the Advertising $$$’s are too great for this not to be a very real concern.

To briefly address item 2 let me say the US ranks 19th (+/-) in speed (Mbps) in the world.  Item 2 is about increasing competition. 

Note that none of the above in any way regulates “how” the Tier 1’s do their ‘job’ or otherwise conduct business.

Here is another wired.com article by Noah Shachtman that has more on the newly activated US Cyber Command.

Advertisements

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: