Comments on: True Cybersecurity — or is Government Seizing the Ultimate Power? You Decide. http://blogs.capella.edu/iascommunity/2009/09/14/true-cybersecurity-or-is-government-seizing-the-ultimate-power-you-decide/ Just another Blogs.capella.edu weblog Fri, 19 Mar 2010 17:18:05 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Mary Brown http://blogs.capella.edu/iascommunity/2009/09/14/true-cybersecurity-or-is-government-seizing-the-ultimate-power-you-decide/comment-page-1/#comment-259 Mary Brown Thu, 17 Sep 2009 21:20:06 +0000 http://blogs.capella.edu/iascommunity/?p=450#comment-259 I agree that educated users make a safer Internet for all of us. Maybe one day we will have a mandatory training program for anyone firing up their browsers but then I've been reading a lot of "1984", "Brave New World", "This Perfect Day" kinds of books lately so may have an overinflated idea of what government can control :) I agree that educated users make a safer Internet for all of us. Maybe one day we will have a mandatory training program for anyone firing up their browsers but then I’ve been reading a lot of “1984″, “Brave New World”, “This Perfect Day” kinds of books lately so may have an overinflated idea of what government can control :)

]]> By: Jimmy Arendt http://blogs.capella.edu/iascommunity/2009/09/14/true-cybersecurity-or-is-government-seizing-the-ultimate-power-you-decide/comment-page-1/#comment-258 Jimmy Arendt Thu, 17 Sep 2009 08:19:25 +0000 http://blogs.capella.edu/iascommunity/?p=450#comment-258 I still do not believe that it is reasonable for any ONE individual to cease traffic to any network system just like you would not give that power to a General on a battle field the ability to launch nuclear weapons. In an article found actonline.org’s website it discusses how “Bot networks are already generating attacks of overwhelming volume, in ways that are nearly impossible to stop or to trace back to their origins”.and “how more than 250,000 personal computers are infected with bots each day, putting at least 10 million computers at the disposal of those with bad intentions” (actonline.org, 2009) With the current scope of how bots are running rampant, how can just one person control the attacks? One problem that I see with the “Kill Switch” concept is that if someone truly wanted to cripple our government via bot attacks, the kill switch would have exactly the desired effect. Because it would halt all traffic to the affected network. I think the best approach of the Cyber Security Act of 2009 is funding training of America’s citizens about what bot attacks are and how to prevent them. If we imposed sanctions against corporations that fail to patch their system with reasonable due care, these funds can go to continuing education of future cyber investigators, watchdog organizations and contribute to lowering the cost of certified software to reduce the threat on a personal computer level. Also according to actonline.org, “The 'Next Billion' Internet Users may bring on the 'Next Billion' Bots. The Wall Street Journal reported this week that ICANN, manager of the Internet domain name system, is implementing internationalized domain names (IDNs). IDNs will help the next billion Internet users enter web addresses entirely in their native language and character sets. As part of this project, ICANN is encouraging users to test native character domain names in their browsers, email software, and other applications. At the same time, ICANN and others should be warning new internet users against downloading any patches or new applications unless they are dealing with a trusted website and scanning for viruses and malware. Otherwise, ICANN is inviting the "next billion" users to download the "next billion" bots capable of generating spam, phishing fraud, and the kind of denial-of-service attacks that brought down Estonia's internet.” These next billion users, instead of perpetuating the problem can become part of the Army to fight Viruses, Spyware, malware, adware and the many bots, phishers and spammers that are currently plagueing the Internet. With this said, I still believe one person should not have the power to stop traffic. A committee of qualified individuals should be required to provide a corrective action scenario to the President and then and only then can the President have the switch flipped to turn off a portion of the Internet. One fear I have is that if this power is abused or falls into the wrong hands then the attacker now has the ultimate power. Do you think that this scenario I possible and how can we prevent it from happening if we do not have checkpoint measures in place to prevent runaway power? Reference: ACT Organization - BOT Armies, What is the threat to US Cybersecurity, (2009). Retrieve September 16, 2009 from http://www.actonline.org/library/bot_armies.html I still do not believe that it is reasonable for any ONE individual to cease traffic to any network system just like you would not give that power to a General on a battle field the ability to launch nuclear weapons. In an article found actonline.org’s website it discusses how “Bot networks are already generating attacks of overwhelming volume, in ways that are nearly impossible to stop or to trace back to their origins”.and “how more than 250,000 personal computers are infected with bots each day, putting at least 10 million computers at the disposal of those with bad intentions” (actonline.org, 2009)

With the current scope of how bots are running rampant, how can just one person control the attacks? One problem that I see with the “Kill Switch” concept is that if someone truly wanted to cripple our government via bot attacks, the kill switch would have exactly the desired effect. Because it would halt all traffic to the affected network.

I think the best approach of the Cyber Security Act of 2009 is funding training of America’s citizens about what bot attacks are and how to prevent them. If we imposed sanctions against corporations that fail to patch their system with reasonable due care, these funds can go to continuing education of future cyber investigators, watchdog organizations and contribute to lowering the cost of certified software to reduce the threat on a personal computer level. Also according to actonline.org, “The ‘Next Billion’ Internet Users may bring on the ‘Next Billion’ Bots.

The Wall Street Journal reported this week that ICANN, manager of the Internet domain name system, is implementing internationalized domain names (IDNs). IDNs will help the next billion Internet users enter web addresses entirely in their native language and character sets. As part of this project, ICANN is encouraging users to test native character domain names in their browsers, email software, and other applications.

At the same time, ICANN and others should be warning new internet users against downloading any patches or new applications unless they are dealing with a trusted website and scanning for viruses and malware. Otherwise, ICANN is inviting the “next billion” users to download the “next billion” bots capable of generating spam, phishing fraud, and the kind of denial-of-service attacks that brought down Estonia’s internet.”

These next billion users, instead of perpetuating the problem can become part of the Army to fight Viruses, Spyware, malware, adware and the many bots, phishers and spammers that are currently plagueing the Internet. With this said, I still believe one person should not have the power to stop traffic. A committee of qualified individuals should be required to provide a corrective action scenario to the President and then and only then can the President have the switch flipped to turn off a portion of the Internet.

One fear I have is that if this power is abused or falls into the wrong hands then the attacker now has the ultimate power. Do you think that this scenario I possible and how can we prevent it from happening if we do not have checkpoint measures in place to prevent runaway power?

Reference:
ACT Organization – BOT Armies, What is the threat to US Cybersecurity, (2009). Retrieve September 16, 2009 from http://www.actonline.org/library/bot_armies.html

]]> By: Mary Brown http://blogs.capella.edu/iascommunity/2009/09/14/true-cybersecurity-or-is-government-seizing-the-ultimate-power-you-decide/comment-page-1/#comment-257 Mary Brown Mon, 14 Sep 2009 20:32:32 +0000 http://blogs.capella.edu/iascommunity/?p=450#comment-257 There have been recent examples of distributed denial of service attacks against the federal governments of some nations. If someone points an army of BOTS against the federal governments Internet assets, is it not reasonable to have a single authority able to make the decision to 'disconnect' in response to such an attack? Why or why not? :) http://www.associatedcontent.com/article/415077/turkish_cyber_terrorists_attack_the.html http://www.computerworld.com/s/article/9135406/Analysis_Was_North_Korea_behind_the_DDOS_attack_?source=rss_security There have been recent examples of distributed denial of service attacks against the federal governments of some nations. If someone points an army of BOTS against the federal governments Internet assets, is it not reasonable to have a single authority able to make the decision to ‘disconnect’ in response to such an attack? Why or why not? :)

http://www.associatedcontent.com/article/415077/turkish_cyber_terrorists_attack_the.html

http://www.computerworld.com/s/article/9135406/Analysis_Was_North_Korea_behind_the_DDOS_attack_?source=rss_security

]]>