Important Note:
Opinions are fun. My friends tell me I am someone with lots of opinions and that's fine since I don't get mad at others when they disagree with me. In this same spirit I am interested in hearing yours views as long as you are able to share your views without boiling over. I look forward to hearing from you. I tend to write in the form of short essays most of the time, but contributions do not need to be in this same format or size. Some of the content here will date itself pretty quickly, other content may be virtually timeless, this is for the reader to judge.
Displaying 1 - 1 of 1
Attribution and the Internet
Posted at: Jun/22/2010 : Posted by: mel
Related Category: Politics & Gov,
Are you confused, that’s alright…I have had this notion in my head for weeks and only just had it congeal into a more or less logical thought. Bear with me on this, what I am really talking about is the age old challenge of providing public safety and security. Let me be clear, “Attribution” means that when someone does something bad we can attribute it to them. Why the emphasis on attribution? Attribution is considered a deterrent to illicit behavior. If someone knows they can be associated with a behavior that warrants punishment, they are less likely to do that behavior. This same behavior takes place on an international level between nations. During the height of the “Cold-War” the United States had thousands of nuclear weapons aimed at the then Soviet Union and they in a like manner had weapons aimed at the United States. With so few countries having these weapons there was an unofficial understanding. The U.S.S.R. knew that if bombs started raining down on Washington D.C., they would be attributed to them. The U.S. knew that if Moscow was all of a sudden blown off the map it would be attributed to them. Since both countries knew that a volley of nuclear weapons would be attributed to them and responded in kind, no one wanted to push the button first. This unusual stalemate came to be known as “Mutual Assured Destruction” (MAD). As scary and basically maddening as all this sounds, it actually worked. The reason all this madness worked was everyone know that it would be clear who you could attribute the first aggressive action to. I don’t believe that large scale nuclear war is anywhere near the threat to peace that it once was. There are still lots of ways in which our country is, or can be threatened. High on the list is the potential for “cyberwar” and “Cybercrimes”. Cybercrime and espionage are rising rapidly, and the United States and other governments are preparing for the possibility of cyberwar. At the same time, civil libertarians worry about preserving Internet freedom. Cyber security experts are focused on the "attribution problem", the challenge of identifying and tracking down the source of a cyberattack. Under current conditions, cybercrime, cyber-espionage, and cyberattacks can be directed remotely, with the perpetrator's identity and location in most cases remaining a secret. Compounding this is the privacy advocates who fear the loss of anonymity for Internet users. For both sides, it's a conflict that needs to be resolved. Why the frustration, lets get back to the days of the Cold War. In the Cold War era deterrence worked only because a nuclear attack would have been immediately attributable to someone. Effectively one side couldn't attack the other side without the side being attacked knowing who it is and from where it came. Now we need that same level of deterrence to prevent countries today from waging cyberwar on each other. An attack on U.S. computer networks could knock out power grids, transportation, telecommunications and banking systems in a matter of mere seconds. From what I understand many attacks of this nature are underway continuously. We have been fortunate that currently we are able to thwart these attempted incursions. This obvious fix to all of this is to re-engineer the internet to make more transactions traceable. The benefits to this are substantial. China, for example, would presumably be less inclined to launch a cyberattack against the U.S. if it knew the attack would immediately be traced back. Of course, the same goes for the United States. This same higher level of attribution would also likely have an impact on reducing internet crime. Sounds kind of appealing, but the ramifications could be significant as well. In the long run trying to reduce illicit activities by criminals, foreign powers, and dissident groups on the internet sounds pretty good. But wait, I threw in the all important “dissident groups”. In America, even if we don’t overtly help dissidents in countries like China and Iran, we openly cheer for them when they have a success at inspiring or implementing change. An internet with more traceability will significantly reduce the “real-time” value this media offers dissident groups. Obviously, in repressive societies, the traceability component of a new internet would make those same individuals subject to harassment and even arrest. In the USA where we continually struggle with defining the boundaries of privacy and all the related legal concerns this would be a substantial contest. So the short answer is that a more traceable internet would likely reduce cybercrime, and cyberattacks. The downside to more internet traceability is a reduction in privacy (the slippery slope argument) and that it has a risk of simply not working for very long despite the effort. As I stated at the beginning of this, I have actually already reached some conclusions on this. I believe it is an imperative that we re-engineer to be more traceable and by result, more secure. Considering the value to protecting assets such as power grids, banking, traffic management, water distribution, and the list could go on and on…we must seek more security and accountability. The argument for protecting privacy does not wash with me. We already have the ability to monitor telephone traffic, but only do so with court supervised warrants. Why would checking on an “individuals” internet activities be any different? Attribution capabilities around infrastructure, even if “post-facto” in detection would still be a significant deterrent to those groups or individuals with illicit motives. So what about the dissidents and their use of the internet to inspire change? Dissidents and underground pushes for change have been around for thousands of years. While the internet is a useful tool for communicating, it is relatively new. The value to securing critical assets, or at least being able to assign blame vastly out weight the needs of those trying to instigate change through new media. The challenge of any security effort on the internet being quickly circumvented is a risk, but one that needs to be taken. There is an excellent real-time metaphor to draw upon, securing currency from counterfeiting. Our national currency is continually being redesigned by the Treasury Department. The addition of colors, micro printing, and security strips are just a few of the on going efforts to keep the majority of the counterfeiters at bay, or at least one step behind. As stated, the Treasury Department is continual mode of finding new modes and new technologies for securing our money from a flood of counterfeiting rather than giving up and saying it is a losing battle. Their view is that it is a battle they can’t afford to lose. Similar to securing our currency, creating a more secure and traceable internet should be a national imperative. I know, anonymity would be lost, but through attribution security of our infrastructure would be increased even if it did require continual evolution. If we continue without these necessary changes to the internet, eventually a catastrophic event will happen and we will ask all the questions about why we did not do the proactive steps. The cyberage comes with many new benefits, and a similar number of new challenges, in truth you can’t have the good without doing battle with the bad.
Comments (0) [Add Comment]
