Romper noticias | Foro | Noticias BRITÁNICAS | Noticias de los E.E.U.U. | Noticias del mundo | Noticias políticas | Noticias del Sci-Tech | Noticias de la guerra y del terrorismo | Noticias de los deportes | Multimedias | Fije el homepage

Martes 12 de agosto de 2008

Es básicamente lo que usted espere: Designe a consejero nacional de la seguridad del cyber, inviértalo en matemáticas y la educación de la ciencia, establezca los estándares para la infraestructura crítica, pase el dinero en la aplicación, establezca los estándares nacionales para asegurar datos personales y dato-practique una abertura el acceso, y el trabajo con industria y academia para desarrollar un manojo de tecnologías necesarias.

Podría comentar respecto al plan, pero con seguridad el diablo está siempre en los detalles - y, por supuesto, a este punto hay pocos detalles. Pero puesto que él trajo para arriba el asunto - McCain supuesto está “trabajo en las ediciones” también - tengo tres pedazos de consejo para el presidente siguiente, quienquiera de la política que él es. Son demasiado detallados para los discursos de campaña o aún los papeles de la posición, pero son esenciales para mejorar seguridad de la información en nuestra sociedad. Realmente, se aplican a la seguridad nacional en general. Y son gobierno de las cosas solamente pueden hacer.

Uno, utiliza su poder adquisitivo inmenso de mejorar la seguridad de productos comerciales y de servicios. Una característica de productos tecnológicos es que la mayor parte de el coste está en el desarrollo del producto más bien que la producción. Piense el software: La primera copia cuesta millones, pero la segunda copia está libre.

 

Usted tiene que asegurar a sus propias redes, militares y civil del gobierno. Usted tiene que comprar computadoras para todos sus empleados de gobierno. Consolidaron esos contratos, y comienzan a poner requisitos explícitos de la seguridad en el RFPs. Usted tiene el poder adquisitivo de conseguir a sus vendedores llevar a cabo mejoras serias de la seguridad en los productos y los servicios que venden al gobierno, y entonces nos toda la ventaja porque incluirán esas mejoras en los mismos productos y servicios venden al resto de nosotros. Somos todos más seguros si la tecnología de información es más segura, aun cuando los malos individuos podemos utilícelo, también.

Dos, legislan los resultados y no las metodologías. Hay muchos de áreas en la seguridad donde usted necesita aprobar los leyes, donde exterioridades de la seguridad son tales que el mercado no puede proporcionar seguridad adecuada. Por ejemplo, las compañías del software que venden productos inseguros están explotando una exterioridad apenas tanto como las plantas químicas que basura de la descarga en el río. Pero una mala ley es peor que ninguna ley. Una ley que requiere a compañías asegurar datos personales es buena; a law specifying what technologies they should use to do so is not. Mandating software liabilities for software failures is good, detailing how is not. Legislate for the results you want and implement the appropriate penalties; let the market figure out how — that’s what markets are good at.

Three, broadly invest in research. Basic research is risky; it doesn’t always pay off. That’s why companies have stopped funding it. Bell Labs is gone because nobody could afford it after the AT&T breakup, but the root cause was a desire for higher efficiency and short-term profitability — not unreasonable in an unregulated business. Government research can be used to balance that by funding long-term research.

Spread those research dollars wide. Lately, most research money has been redirected through DARPA to near-term military-related projects; that’s not good. Keep the earmark-happy Congress from dictating how the money is spent. Let the NSF, NIH and other funding agencies decide how to spend the money and don’t try to micromanage. Give the national laboratories lots of freedom, too. Yes, some research will sound silly to a layman. But you can’t predict what will be useful for what, and if funding is really peer-reviewed, the average results will be much better. Compared to corporate tax breaks and other subsidies, this is chump change.

If our research capability is to remain vibrant, we need more science and math students with decent elementary and high school preparation. The declining interest is partly from the perception that scientists don’t get rich like lawyers and dentists and stockbrokers, but also because science isn’t valued in a country full of creationists. One way the president can help is by trusting scientific advisers and not overruling them for political reasons.

Oh, and get rid of those post-9/11 restrictions on student visas that are causing so many top students to do their graduate work in Canada, Europe and Asia instead of in the United States. Those restrictions will hurt us immensely in the long run.

Those are the three big ones; the rest is in the details. And it’s the details that matter. There are lots of serious issues that you’re going to have to tackle: data privacy, data sharing, data mining, government eavesdropping, government databases, use of Social Security numbers as identifiers, and so on. It’s not enough to get the broad policy goals right. You can have good intentions and enact a good law, and have the whole thing completely gutted by two sentences sneaked in during rulemaking by some lobbyist.

Security is both subtle and complex, and — unfortunately — doesn’t readily lend itself to normal legislative processes. You’re used to finding consensus, but security by consensus rarely works. On the internet, security standards are much worse when they’re developed by a consensus body, and much better when someone just does them. This doesn’t always work — a lot of crap security has come from companies that have “just done it” — but nothing but mediocre standards come from consensus bodies. The point is that you won’t get good security without pissing someone off: The information broker industry, the voting machine industry, the telcos. The normal legislative process makes it hard to get security right, which is why I don’t have much optimism about what you can get done.

And if you’re going to appoint a cyber security czar, you have to give him actual budgetary authority. Otherwise he won’t be able to get anything done, either.

This essay originally appeared on Wired.com.

Have Your Say: Memo to the President
Please read our posting guidelines before posting.
Alternatively you can discuss this report here.

RSS TrackBack URL

Name (required)

Mail (will not be published) (required)

Website

This entry was posted on Tuesday, August 12th, 2008 at 7:50 pm and is filed under Surveillance, Civil Liberties & Human Rights News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

ADVERTISEMENTS

SITE MAPS

7/7 Afghanistan Alternative-Energy Art BBC Big-Brother Bilderberg Biometrics Bush Censorship CIA Climate-Change Cover-Up Cults Culture Database-State David-Hicks David-Ray-Griffin Democrats Demos Drugs Education Entertainment Environmental News EU False-Flag FBI Fraud Free-Speech Freemasons G8 Globalization Guantanamo Health-News History ID-Cards Internet Iran Iraq Israel Law Marches MI5 MI6 Microsoft Military MoD Money Music NASA Neocons New World Order NSA Oil Pakistan Podcast Police-State Propaganda RFID RINF Rumsfeld Science Science & Technology News Secrecy Security Slavery Space Sports Spying Stephen-Lendman Technology Terrorism Tony-Blair Torture TV UK-News UN USA- USA-News Video Voting war Warfare White-House Wolfowitz World-News Yahoo
2003 - 2005 Archives | 2005 - 2007 Archives | 2007 - 2008 Archives | Current Archives | Past Version