

Policy proposal for fixing US Internet security strategy - SkyMarshal
http://the-diplomat.com/2012/03/21/how-to-save-cyberspace/?all=true
TLDR:  A policy proposal primarily aimed at shoring up the US Internet from cyber attacks from China, Russia, etc.<p>1.  Exorcise from policy cyber concepts that aren't grounded in reality - cyber weapons, global cascading effects, attribution theory, etc.  Mostly consultant speak by policy wonks without sufficient technical expertise.<p>2.  Switch from law-enforcement strategies that require knowing the identity of an individual black-hat with certainty, to ones that hold nation states accountable for behavior of malicious actor within their borders<p>3 &#38; 4.  Bring the NSA under U.S. Cyber Command, give them the authority to monitor the networks that operate the nation's critical infrastructure.  This is essentially an end-run around a clueless, conflict-of-interest-laden Congress that is incapable of implementing a meaningful cyber security strategy.<p>5.  Make ISP's responsible for monitoring customer activity for malicious behavior and infected machines.  This can now be done without infringing user privacy [1].<p>6.  Refocus diplomatic and development efforts on global bodies.  Review US strategy in the ITU, where we are creating enemies among those we will need to partner with to defend Internet governing bodies from hostile takeover by Internet-unfriendly countries [2].<p>1.  http://www.microsoft.com/casestudies/Microsoft-Lync-Server/TeliaSonera/European-Telecom-Uses-Microsoft-Security-Data-to-Remove-Botnet-Devices-from-Network/710000000132<p>2.  http://www.politicaldigestonline.com/2011/07/21st-century-statecraft-foreign-policy-of-the-internet
======
SkyMarshal
TLDR: A policy proposal primarily aimed at shoring up the US Internet from
cyber attacks from China, Russia, etc.

1\. Exorcise from policy cyber concepts that aren't grounded in reality -
cyber weapons, global cascading effects, attribution theory, etc. Mostly
consultant speak by policy wonks without sufficient technical expertise.

2\. Switch from law-enforcement strategies that require knowing the identity
of an individual black-hat with certainty, to ones that hold nation states
accountable for behavior of malicious actor within their borders

3 & 4\. Bring the NSA under U.S. Cyber Command, give them the authority to
monitor the networks that operate the nation's critical infrastructure. This
is essentially an end-run around a clueless, conflict-of-interest-laden
Congress that is incapable of implementing a meaningful cyber security
strategy.

5\. Make ISP's responsible for monitoring customer activity for malicious
behavior and infected machines. This can now be done without infringing user
privacy [1].

6\. Refocus diplomatic and development efforts on global bodies. Review US
strategy in the ITU, where we are creating enemies among those we will need to
partner with to defend Internet governing bodies from hostile takeover by
Internet-unfriendly countries [2].

1\. [http://www.microsoft.com/casestudies/Microsoft-Lync-
Server/T...](http://www.microsoft.com/casestudies/Microsoft-Lync-
Server/TeliaSonera/European-Telecom-Uses-Microsoft-Security-Data-to-Remove-
Botnet-Devices-from-Network/710000000132)

2\. [http://www.politicaldigestonline.com/2011/07/21st-century-
st...](http://www.politicaldigestonline.com/2011/07/21st-century-statecraft-
foreign-policy-of-the-internet)

------
SkyMarshal
As someone who works outside of US government and about as far away from the
pervasive thinking there as possible while still being a US citizen and
resident, I find it interesting to get peeks into their thought processes from
time to time.

This is an interesting article attempting to address some of the political,
diplomatic, and organizational problems that make the US vulnerable to
widescale cyber attack, while not going off the deep end.

