nanog mailing list archives
Re: Scaled Back Cybersecuruty
From: <sgorman1 () gmu edu>
Date: Tue, 14 Jan 2003 20:44:36 GMT
Seems to be a case of prisoners dilema. The security of any one network is to some extent at the mercy of all other connected networks. The overall security of the network is only as strong as it's weakest link. In a highly competitive market place there is going to be little incentive to invest in security if it will just be compromised by your cost cutting competitors. If this is the case then the question is what kind of intervention is necessary to prevent a prisoners dilema and allow something like a Nash Equilibrium - the bar scene in A Beautiful Mind where they fight over the hottie blonde... Basically where a set of strategies for security are arranged so that each player believes that it is doing the best it can (most personal gain) given the strategies of the other players. The current state appears to be that many providers do little to nothing to provide for security, so each player adjust their strategy accordingly resulting in the prisoners dilema. It seems to get beyond this you have to bring up the lowest common denominator so that strategy is not based on networks doing nothing. How do you get the worst offenders to improve the lowest common denominator. Purchasing requirements, subsidies, taxes, regulation??? Maybe a bunch of economic voodoo, but might be a different way of looking at the issue. ----- Original Message ----- From: Pete Kruckenberg <pete () kruckenberg com> Date: Tuesday, January 14, 2003 8:16 pm Subject: Re: Scaled Back Cybersecuruty
On 14 Jan 2003, Vijay Gill wrote:Avi Freedman <freedman () freedman net> writes:Perhaps the Feds (and maybe states) could use their purchasingpower>> to effect change. Short of that, or regulation, the I don't see howthe serious issues we have with the 'net will get resolved.People do. I've been beating this particular horse for a while now, and we are starting to deploy the capex hammer. I suggest others start to do the same. See my presentation at the eugene nanog.I can see how purchasing power may motivate a vendor (and maybe lots of individual vendors) to fix their own problems, develop better products, or be more responsive. I'm trying to envision an RFP that awards business to one or a few network operators, but requires that they interoperate effectively with other operators who don't win any of the business. I've only got a state-level purchasing perspective, but I don't see it happening at any level. Is spending really an effective hammer (or gun) to make people work together if they aren't otherwise motivated to? Behavior related to the '96 Telecom Act doesn't inspire confidence. Can technical solutions be an effective band-aid for a complex poli-socio-economic problem like this? Pete.
Current thread:
- Re: Scaled Back Cybersecuruty, (continued)
- Re: Scaled Back Cybersecuruty Johannes Ullrich (Jan 14)
- Attacks against Paul Vixie's home network Jeff S Wheeler (Jan 14)
- Re: Scaled Back Cybersecuruty Sean Donelan (Jan 15)
- Re: Scaled Back Cybersecuruty Vijay Gill (Jan 14)
- Re: Scaled Back Cybersecuruty Pete Kruckenberg (Jan 14)
- Re: Scaled Back Cybersecuruty Valdis . Kletnieks (Jan 14)
- RE: Scaled Back Cybersecuruty Merlin Communications (Jan 14)
- Re: Scaled Back Cybersecuruty Rajesh Talpade (Jan 14)
- Re: Scaled Back Cybersecuruty Avi Freedman (Jan 14)
- Re: Scaled Back Cybersecuruty Vijay Gill (Jan 14)
- Re: Scaled Back Cybersecuruty sgorman1 (Jan 14)
- Re: Scaled Back Cybersecuruty Avi Freedman (Jan 14)
- Re: Scaled Back Cybersecuruty David Scott Olverson (Jan 14)
- Re: Scaled Back Cybersecuruty Vijay Gill (Jan 14)
- Re: Scaled Back Cybersecuruty Avi Freedman (Jan 14)
- Re: Scaled Back Cybersecuruty Kurt Erik Lindqvist (Jan 15)
- Re: Scaled Back Cybersecurity Avi Freedman (Jan 15)
- Re: Scaled Back Cybersecurity Daniel Senie (Jan 15)
- Re: Scaled Back Cybersecurity Kurt Erik Lindqvist (Jan 17)
- Re: Scaled Back Cybersecuruty Kurt Erik Lindqvist (Jan 15)
- Re: Scaled Back Cybersecuruty batz (Jan 14)