Re: The underlying structure is foamy

[Jack Whitsitt <sintixerr () gmail com>]

(In support of the email below, but perhaps a little OT to the
original thread): I don't think you've taken that concept far enough.
The security state of the internet (or any network really) at a given
moment in time is (in my untested opinion) the aggregate result of a
series of decisions made and actions taken by authorized roles in
legitimate capacities somewhere on a timeline.  (If there are
illegitimate actions able to be taken by authorized or unauthorized
roles, the ability to implement those actions by those roles is the
result of legitimate actions/roles earlier in the timeline.)

You can model the entire state this way - technology is just a
physics-limited proxy for those decisions/actions.

This means that if you really want to
control/manage/influence/predict/comprehend an environment over time,
you really must conceptually start with the human aspects or you risk
relatively massive conceptual mis-alignment.

On Tue, May 28, 2013 at 8:08 PM, Eric <pty.err () gmail com> wrote:
> Something a lot of people don’t get about the internet is that it’s more of
> a policy artifact than a technology artifact.
>
> The reason we got the internet we have, and not whatever the incumbent telco
> industry was working on 30 years ago, isn't because the organizers picked
> the better suite of crufty network protocols.  It’s because they adopted,
> championed, and defended a crucial set of policy principles, e.g. end-to-end
> (i.e. “the stupid network”), open standards, open access, etc.
>
> If you think of the internet mainly as a bunch of packet switching devices,
> it's easy to quibble with the naval metaphor: “Container ships are
> expensive, packets are cheap.”  “Network latency is measured in
> milliseconds, not nautical miles.”  Etc.
>
> But seen through the internet-as-policy lens, the naval metaphor makes a lot
> of sense: the legal jurisdiction of the playing field is international.  Law
> enforcement is mostly absent.  Commercial operations are basically on their
> own.  Bandits can attack with impunity, for the most part.  Etc.
>
> At least in maritime scenarios 500 years ago, a private operator had the
> benefit of long-established and generally agreed-upon doctrines of
> self-defense and self-help.  Not so much in cyber.
>
> My first point being that in this particular policy discussion, it helps to
> recognize the internet as a figment of policy more than anything else.  And
> my second point being, modern cyber law doctrine isn’t even to the level
> that maritime was 500 years ago.  Folks are starting to recognize this, and
> we're seeing signs that we're on the cusp of a major push to bring it up to
> date, one way or another.
>
>
>
> On Fri, May 24, 2013 at 11:32 AM, Keith Seymour <keseymour () gmail com> wrote:
> > We're all driven by metaphors. They make complex subjects easy to discuss
> > without getting lost in the details. They also allow you to think creatively
> > about the subject and gain new insights. I think Dave's metaphor works well
> > for both of these purposes.
> >
> > Sure the ships are cheaper, sure they are faster but ours are just as fast
> > and cheap as theirs so the advantage needs to be that ours are more
> > effective. Bits have to get there and it's still better that they arrive
> > without alerting the defender. Bits still have to be stopped and searched
> > and filtered, better if the attacker doesn't know it's happening.
> > Controlling the commons is what made the British huge and our copying that
> > is a lot of what helped us become great - we were able to control what other
> > nations did in the world.
> >
> > One similarity to the ocean analogy is there are only certain points that
> > connect a nation to this commons. If you can control the commons and these
> > points you can manage what nations are allowed to do there. The difference
> > is that the Navy can only stop, turn around, capture, or sink a cargo from a
> > controlled nation. In cyber you could board the vessel and weaken the
> > springs in the cargo of assault rifles without the owner knowing. This makes
> > you ever more powerful because your opponent believes their cargo is
> > arriving intact and their plans are moving forward successfully.
> >
> > Replacing nuclear deterrent in the modern power structure is interesting
> > because it's entirely asymmetrical.  First world nations are completely
> > vulnerable and have no real retaliation. If the attack were as Ben puts it
> > 'removing air conditioning and microwaves' and the only retaliation a first
> > world nation has is nuclear which would be considered an excessive response
> > in world view. Iran could reverse the economic embargo on the US by shutting
> > down email mail services in all of the fortune 500 companies, and there
> > isn't much the US can do about it legitimately.
> >
> > This new playing field is very interesting because like never before it
> > puts companies' in the position of directly defending themselves and
> > everything that's valuable about them against criminals, terrorists, and
> > nation states. Governments that don't understand that, or aren't able to
> > protect their citizens will have a difficult time of it.
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunityinc com
> > https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave



-- 
Art & Security --> http://sintixerr.wordpress.com
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave