Quebrando a notícia | Forum | Notícia BRITÂNICA | Notícia dos EUA | Notícia do mundo | Notícia política | Notícia do Sci-Tech | Notícia da guerra & do terrorismo | Notícia dos esportes | Multimedia | Ajuste o homepage

Terça-feira, agosto 12o, 2008

É bàsicamente que você espere: Aponte um conselheiro nacional da segurança do cyber, invest no math e na instrução da ciência, estabeleça padrões para o infrastructure crítico, gaste o dinheiro no enforcement, estabeleça padrões nacionais para fixar dados pessoais e dados-rompa a divulgação, e o trabalho com indústria e academia para desenvolver um grupo de tecnologias needed.

Eu poderia comentar na planta, mas com segurança o diabo está sempre nos detalhes - e, naturalmente, neste momento há poucos detalhes. Mas desde que trouxe acima o tópico - McCain é suposta “trabalhar nas edições” também - eu tenho três partes de conselho para o presidente seguinte, quem quer que que da política é. São demasiado detalhados para discursos de campanha ou papéis uniformes da posição, mas são essenciais para melhorar a segurança da informação em nossa sociedade. Realmente, aplicam-se à segurança nacional no general. E são governo das coisas somente podem fazer.

Um, usa seu poder de compra immense melhorar a segurança de produtos comerciais e de serviços. Uma propriedade de produtos tecnologicos é que a maioria do custo está no desenvolvimento do produto melhor que na produção. Pense do software: A primeira cópia custa milhões, mas a segunda cópia está livre.

 

Você tem que fixar seus próprios redes, forças armadas e civil do governo. Você tem que comprar computadores para todos seus empregados de governo. Consolidam aqueles contratos, e começam-nos pôr exigências explícitas da segurança no RFPs. Você tem-nos o poder de compra começar seus vendedores fazer melhorias sérias da segurança nos produtos e nos serviços que vendem ao governo, e então todo o benefício porque incluirão aquelas melhorias nos mesmos produtos e serviços vendem ao descanso de nós. Nós somos tudo mais seguros se a tecnologia de informação for mais segura, mesmo que os guys maus possam use-o, demasiado.

Dois, legislate os resultados e não as metodologias. Há uns muitos das áreas na segurança onde você necessita passar as leis, onde externalities da segurança são tais que o mercado não fornece a segurança adequada. Por exemplo, as companhias do software que vendem produtos insecure estão explorando um externality apenas tanto quanto as plantas químicas que desperdício do dump no rio. Mas uma lei má é mais má do que nenhuma lei. Uma lei que requer companhias fixar dados pessoais é boa; a law specifying what technologies they should use to do so is not. Mandating software liabilities for software failures is good, detailing how is not. Legislate for the results you want and implement the appropriate penalties; let the market figure out how — that’s what markets are good at.

Three, broadly invest in research. Basic research is risky; it doesn’t always pay off. That’s why companies have stopped funding it. Bell Labs is gone because nobody could afford it after the AT&T breakup, but the root cause was a desire for higher efficiency and short-term profitability — not unreasonable in an unregulated business. Government research can be used to balance that by funding long-term research.

Spread those research dollars wide. Lately, most research money has been redirected through DARPA to near-term military-related projects; that’s not good. Keep the earmark-happy Congress from dictating how the money is spent. Let the NSF, NIH and other funding agencies decide how to spend the money and don’t try to micromanage. Give the national laboratories lots of freedom, too. Yes, some research will sound silly to a layman. But you can’t predict what will be useful for what, and if funding is really peer-reviewed, the average results will be much better. Compared to corporate tax breaks and other subsidies, this is chump change.

If our research capability is to remain vibrant, we need more science and math students with decent elementary and high school preparation. The declining interest is partly from the perception that scientists don’t get rich like lawyers and dentists and stockbrokers, but also because science isn’t valued in a country full of creationists. One way the president can help is by trusting scientific advisers and not overruling them for political reasons.

Oh, and get rid of those post-9/11 restrictions on student visas that are causing so many top students to do their graduate work in Canada, Europe and Asia instead of in the United States. Those restrictions will hurt us immensely in the long run.

Those are the three big ones; the rest is in the details. And it’s the details that matter. There are lots of serious issues that you’re going to have to tackle: data privacy, data sharing, data mining, government eavesdropping, government databases, use of Social Security numbers as identifiers, and so on. It’s not enough to get the broad policy goals right. You can have good intentions and enact a good law, and have the whole thing completely gutted by two sentences sneaked in during rulemaking by some lobbyist.

Security is both subtle and complex, and — unfortunately — doesn’t readily lend itself to normal legislative processes. You’re used to finding consensus, but security by consensus rarely works. On the internet, security standards are much worse when they’re developed by a consensus body, and much better when someone just does them. This doesn’t always work — a lot of crap security has come from companies that have “just done it” — but nothing but mediocre standards come from consensus bodies. The point is that you won’t get good security without pissing someone off: The information broker industry, the voting machine industry, the telcos. The normal legislative process makes it hard to get security right, which is why I don’t have much optimism about what you can get done.

And if you’re going to appoint a cyber security czar, you have to give him actual budgetary authority. Otherwise he won’t be able to get anything done, either.

This essay originally appeared on Wired.com.

Have Your Say: Memo to the President
Please read our posting guidelines before posting.
Alternatively you can discuss this report here.

RSS TrackBack URL

Name (required)

Mail (will not be published) (required)

Website

This entry was posted on Tuesday, August 12th, 2008 at 7:50 pm and is filed under Surveillance, Civil Liberties & Human Rights News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

ADVERTISEMENTS

SITE MAPS

7/7 Afghanistan Alternative-Energy Art BBC Big-Brother Bilderberg Biometrics Bush Censorship CIA Climate-Change Cover-Up Cults Culture Database-State David-Hicks David-Ray-Griffin Debt Democrats Demos Drugs Education Entertainment Environmental News EU False-Flag FBI Fraud Free-Speech Freemasons G8 Globalization Guantanamo Health-News History ID-Cards Internet Iran Iraq Israel Law Marches MI5 MI6 Microsoft Military MoD Money Music NASA Neocons New World Order NSA Oil Pakistan Podcast Police-State Propaganda RFID RINF Rumsfeld Science Science & Technology News Secrecy Security Slavery Space Sports Spying Stephen-Lendman Technology Terrorism Tony-Blair Torture TV UK-News UN USA- USA-News Video Voting war Warfare White-House Wolfowitz World-News Yahoo
2003 - 2005 Archives | 2005 - 2007 Archives | 2007 - 2008 Archives | Current Archives | Past Version