Dailydave mailing list archives
Re: The underlying structure is foamy
From: Jack Whitsitt <sintixerr () gmail com>
Date: Tue, 28 May 2013 23:57:18 -0400
(In support of the email below, but perhaps a little OT to the original thread): I don't think you've taken that concept far enough. The security state of the internet (or any network really) at a given moment in time is (in my untested opinion) the aggregate result of a series of decisions made and actions taken by authorized roles in legitimate capacities somewhere on a timeline. (If there are illegitimate actions able to be taken by authorized or unauthorized roles, the ability to implement those actions by those roles is the result of legitimate actions/roles earlier in the timeline.) You can model the entire state this way - technology is just a physics-limited proxy for those decisions/actions. This means that if you really want to control/manage/influence/predict/comprehend an environment over time, you really must conceptually start with the human aspects or you risk relatively massive conceptual mis-alignment. On Tue, May 28, 2013 at 8:08 PM, Eric <pty.err () gmail com> wrote:
Something a lot of people don’t get about the internet is that it’s more of a policy artifact than a technology artifact. The reason we got the internet we have, and not whatever the incumbent telco industry was working on 30 years ago, isn't because the organizers picked the better suite of crufty network protocols. It’s because they adopted, championed, and defended a crucial set of policy principles, e.g. end-to-end (i.e. “the stupid network”), open standards, open access, etc. If you think of the internet mainly as a bunch of packet switching devices, it's easy to quibble with the naval metaphor: “Container ships are expensive, packets are cheap.” “Network latency is measured in milliseconds, not nautical miles.” Etc. But seen through the internet-as-policy lens, the naval metaphor makes a lot of sense: the legal jurisdiction of the playing field is international. Law enforcement is mostly absent. Commercial operations are basically on their own. Bandits can attack with impunity, for the most part. Etc. At least in maritime scenarios 500 years ago, a private operator had the benefit of long-established and generally agreed-upon doctrines of self-defense and self-help. Not so much in cyber. My first point being that in this particular policy discussion, it helps to recognize the internet as a figment of policy more than anything else. And my second point being, modern cyber law doctrine isn’t even to the level that maritime was 500 years ago. Folks are starting to recognize this, and we're seeing signs that we're on the cusp of a major push to bring it up to date, one way or another. On Fri, May 24, 2013 at 11:32 AM, Keith Seymour <keseymour () gmail com> wrote:We're all driven by metaphors. They make complex subjects easy to discuss without getting lost in the details. They also allow you to think creatively about the subject and gain new insights. I think Dave's metaphor works well for both of these purposes. Sure the ships are cheaper, sure they are faster but ours are just as fast and cheap as theirs so the advantage needs to be that ours are more effective. Bits have to get there and it's still better that they arrive without alerting the defender. Bits still have to be stopped and searched and filtered, better if the attacker doesn't know it's happening. Controlling the commons is what made the British huge and our copying that is a lot of what helped us become great - we were able to control what other nations did in the world. One similarity to the ocean analogy is there are only certain points that connect a nation to this commons. If you can control the commons and these points you can manage what nations are allowed to do there. The difference is that the Navy can only stop, turn around, capture, or sink a cargo from a controlled nation. In cyber you could board the vessel and weaken the springs in the cargo of assault rifles without the owner knowing. This makes you ever more powerful because your opponent believes their cargo is arriving intact and their plans are moving forward successfully. Replacing nuclear deterrent in the modern power structure is interesting because it's entirely asymmetrical. First world nations are completely vulnerable and have no real retaliation. If the attack were as Ben puts it 'removing air conditioning and microwaves' and the only retaliation a first world nation has is nuclear which would be considered an excessive response in world view. Iran could reverse the economic embargo on the US by shutting down email mail services in all of the fortune 500 companies, and there isn't much the US can do about it legitimately. This new playing field is very interesting because like never before it puts companies' in the position of directly defending themselves and everything that's valuable about them against criminals, terrorists, and nation states. Governments that don't understand that, or aren't able to protect their citizens will have a difficult time of it. _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
-- Art & Security --> http://sintixerr.wordpress.com _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The underlying structure is foamy Dave Aitel (May 23)
- Re: The underlying structure is foamy Thomas Lim (May 24)
- Re: The underlying structure is foamy Pedro Hugo (May 24)
- Re: The underlying structure is foamy Keith Seymour (May 24)
- Re: The underlying structure is foamy Eric (May 28)
- Re: The underlying structure is foamy Jack Whitsitt (May 31)
- Re: The underlying structure is foamy Pedro Hugo (May 24)
- Re: The underlying structure is foamy Thomas Lim (May 24)
- Re: The underlying structure is foamy Thomas Lim (May 28)