[Dailydave] The underlying structure is foamy

Jack Whitsitt sintixerr at gmail.com
Tue May 28 23:57:18 EDT 2013 

(In support of the email below, but perhaps a little OT to the
original thread): I don't think you've taken that concept far enough.
The security state of the internet (or any network really) at a given
moment in time is (in my untested opinion) the aggregate result of a
series of decisions made and actions taken by authorized roles in
legitimate capacities somewhere on a timeline.  (If there are
illegitimate actions able to be taken by authorized or unauthorized
roles, the ability to implement those actions by those roles is the
result of legitimate actions/roles earlier in the timeline.)

You can model the entire state this way - technology is just a
physics-limited proxy for those decisions/actions.

This means that if you really want to
control/manage/influence/predict/comprehend an environment over time,
you really must conceptually start with the human aspects or you risk
relatively massive conceptual mis-alignment.

On Tue, May 28, 2013 at 8:08 PM, Eric <pty.err at gmail.com> wrote:
> Something a lot of people don’t get about the internet is that it’s more of
> a policy artifact than a technology artifact.
>
> The reason we got the internet we have, and not whatever the incumbent telco
> industry was working on 30 years ago, isn't because the organizers picked
> the better suite of crufty network protocols.  It’s because they adopted,
> championed, and defended a crucial set of policy principles, e.g. end-to-end
> (i.e. “the stupid network”), open standards, open access, etc.
>
> If you think of the internet mainly as a bunch of packet switching devices,
> it's easy to quibble with the naval metaphor: “Container ships are
> expensive, packets are cheap.”  “Network latency is measured in
> milliseconds, not nautical miles.”  Etc.
>
> But seen through the internet-as-policy lens, the naval metaphor makes a lot
> of sense: the legal jurisdiction of the playing field is international.  Law
> enforcement is mostly absent.  Commercial operations are basically on their
> own.  Bandits can attack with impunity, for the most part.  Etc.
>
> At least in maritime scenarios 500 years ago, a private operator had the
> benefit of long-established and generally agreed-upon doctrines of
> self-defense and self-help.  Not so much in cyber.
>
> My first point being that in this particular policy discussion, it helps to
> recognize the internet as a figment of policy more than anything else.  And
> my second point being, modern cyber law doctrine isn’t even to the level
> that maritime was 500 years ago.  Folks are starting to recognize this, and
> we're seeing signs that we're on the cusp of a major push to bring it up to
> date, one way or another.
>
>
>
> On Fri, May 24, 2013 at 11:32 AM, Keith Seymour <keseymour at gmail.com> wrote:
>>
>> We're all driven by metaphors. They make complex subjects easy to discuss
>> without getting lost in the details. They also allow you to think creatively
>> about the subject and gain new insights. I think Dave's metaphor works well
>> for both of these purposes.
>>
>> Sure the ships are cheaper, sure they are faster but ours are just as fast
>> and cheap as theirs so the advantage needs to be that ours are more
>> effective. Bits have to get there and it's still better that they arrive
>> without alerting the defender. Bits still have to be stopped and searched
>> and filtered, better if the attacker doesn't know it's happening.
>> Controlling the commons is what made the British huge and our copying that
>> is a lot of what helped us become great - we were able to control what other
>> nations did in the world.
>>
>> One similarity to the ocean analogy is there are only certain points that
>> connect a nation to this commons. If you can control the commons and these
>> points you can manage what nations are allowed to do there. The difference
>> is that the Navy can only stop, turn around, capture, or sink a cargo from a
>> controlled nation. In cyber you could board the vessel and weaken the
>> springs in the cargo of assault rifles without the owner knowing. This makes
>> you ever more powerful because your opponent believes their cargo is
>> arriving intact and their plans are moving forward successfully.
>>
>> Replacing nuclear deterrent in the modern power structure is interesting
>> because it's entirely asymmetrical.  First world nations are completely
>> vulnerable and have no real retaliation. If the attack were as Ben puts it
>> 'removing air conditioning and microwaves' and the only retaliation a first
>> world nation has is nuclear which would be considered an excessive response
>> in world view. Iran could reverse the economic embargo on the US by shutting
>> down email mail services in all of the fortune 500 companies, and there
>> isn't much the US can do about it legitimately.
>>
>> This new playing field is very interesting because like never before it
>> puts companies' in the position of directly defending themselves and
>> everything that's valuable about them against criminals, terrorists, and
>> nation states. Governments that don't understand that, or aren't able to
>> protect their citizens will have a difficult time of it.
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
>> https://lists.immunityinc.com/mailman/listinfo/dailydave
>>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>



-- 
Art & Security --> http://sintixerr.wordpress.com

More information about the Dailydave mailing list