Week 7 Written Assignment

profilemid908
week_7_textbook_reading_assignment.docx

Week 7 Textbook Reading Assignment

This week's assignment is to read pages 173 to 197, which includes the following sections:

Reframe the Problem (and the Solution): What Can We Learn from Public Health?

As the textbook says, the most common analogy used for trying to understand cybersecurity is nuclear weapons, but as we saw last week, it's a very poor analogy, at least when it comes to deterrence.

This week's reading starts with a couple of other possible analogies, first up is public health. This is actually a fairly common analogy to use. In one respect it fits very nicely – recall how cybersecurity really turns out to be everyone's responsibility, like public health. It is a pretty good analogy for dealing with opportunistic cyber attacks, but it doesn't really work nearly as well with targeted cyber attacks (diseases don't target specific individuals, they are very opportunistic).

Learn from History: What Can (Real) Pirates Teach Us about Cybersecurity?

On the other hand, I'd never seen an analogy between cybersecurity and piracy before this book came out. It's an interesting one, and certainly seems to apply very well to “patriotic hackers”.

Protect World Wide Governance for the World Wide Web: What is the Role of International Institutions?

Internet governance could easily be a course by itself, but we'll limit ourselves to about five pages of reading.

Don't get bogged down in the different organizations mentioned here, just read to get the big picture. Which really, can be summed up in two statements that identify the conflict:

The structure of the internet (the basic protocols that run the internet) do not take national boundaries into consideration at all.

Governments want more control over the internet.

One specific example of the first bullet is that domain names are intended to mean the same thing anywhere in the world. For instance, if I live in the United States and open a browser window to www.cwu.edu, I should get to the exact same page as someone who lives in Russia. But governments don't like that, they want control over content.

The book gives a somewhat misleading view of this by implying that “authoritarian” countries like China and Russia want to control the internet while “democratic” countries want it to remain free. This is not quite true, it's just the type of control that is different. For instance, China doesn't want the internet to include any mention of the Tiananmen Square massacre. The United States doesn't want the internet to allow free access to copy written media. The European Union has policies about the “right to be forgotten” which requires certain information to be deleted from the internet. The motivation of each is different, but they all want control over internet content, at least to internet users within their jurisdiction.

By the way, even the strongest advocates for internet freedom usually yield on two issues: child pornography and botnet take-downs (destroying botnets usually requires some of the basic internet protocols to be misused).

“Graft” the Rule of Law: Do We Need a Cyberspace Treaty?

This section is a long discussion of the different types of rules that might be placed into a cyberspace treaty and the pros and cons. As they mention, this is not a new idea, there is in fact already a cybercrime treaty that has been agreed to by many countries (the Council of Europe's Convention on Cybercrime, probably more commonly known as the “Budapest Convention”).

In our definition, treaties address the “response” element of deterrence. Treaties by themselves do not force countries to do anything, anymore than traffic laws force people to drive below the speed limit. The real power of a treaty is that it defines the appropriate response when the treaty is violated. For instance, the U.S. Government has been openly accusing the Chinese government of cyber attacks for the past couple of years, but has struggled to determine how to respond. If there were a treaty in place, appropriate responses would be more clearly defined.

Understand the Limits of the State in Cyberspace: Why Can't the Government Handle it?

This section ties back to the discussion of internet governance, and the fact that governments, at least currently, do not have that much control over cyberspace.

There's an interesting statistic on the top of page 196:

“98 percent of U.S. government communications, including classified communications, travel over civilian owned-and-operated networks”

This statistic makes it easy to grasp just how dependent the government, including the military, is dependent upon private sector infrastructure. (by the way, they are not saying that classified communications travel over private networks in plaintext, they would be encrypted to preserve confidentiality while on those networks)

If anything, the issues that this section talks about have gotten much more complex in the past couple of years. For instance, even if a government took control over the physical internet infrastructure that is located within a country, that is only part of the issue. With the rise of cloud computing, data and even computing resources may be anywhere in the world.