Sunday, June 24, 2012

America The Vulnerable

America The Vulnerable, “Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare” by Joel Brenner provides a broad picture of the issues of cybersecurity in the early part of the 21st century. In many cases, the facts presented are not new but Joel Brenner has the ability to put them in context and provides an excellent look at the big picture implications of those facts.
Joel Brenner, is a former senior counsel at the National Security Agency and has extensive experience in counterintelligence. This background allows Brenner to describe in detail the structural and procedural challenges that the US government and industry face in dealing with the threats.
The book roams across the entire cybersecurity landscape. Brenner describes the economic and political motivations of other nations and they are leading them to do the things that they do. He details the Chinese, providing documented sources describing their objectives, motivations, and tactics.
Brenner presents a speculative case study on how a cyberattack from China might be used for increased strength in a diplomatic standoff around Taiwan. Very interested take that is different from many fear-mongers predicting cyber apocalypse, but offers a practical description as to how our weaknesses could realistically be used against us.
One of the key points made is that the increasing transparency due to electronic information leads to reduced secrecy for governments and reduced privacy for individuals.
In addition to the excellent survey of the challenges related to information security, Brenner offers prescriptions that both the government and the private sector can take to deal with the threats.
These include for the U.S. government:
  • Use federal purchasing to enforce higher security standards.
  • Forbid federal agencies from doing business with ISPs that are hosts for botnets, publish list of companies.
  • Remove anti-trust considerations to allow US firms to collaborate and share information on security.
  • Require Internet service providers to notify customers whose machines have been infected by a botnet.
  • Use regulations to stop utilities from connecting industrial control systems to public networks.
  • Use tax code to change behavior.
  • Increase research into attribution techniques and identity standards.
  • Increase research into verifiable software and firmware, and the benefits of moving security directly into hardware.
  • Increase research into an alternative Internet architecture.
  • Require disclosure of risks for utilities in bond documents.
  • Toughen public audit standards for cybersecurity.
  • The US should engage like-minded democratic governments in a multilateral effort to make Internet communication open and secure.
The recommendation for the private sector include:
    Clean up your act.
  • Control what’s on your system.
  • Control who’s on your system.
  • Protect what’s valuable.
  • Patch rigorously.
  • Train everybody.
  • Audit for operational effect.
  • Manage overseas travel behavior.
This is a very good overview for people outside the Information Security world, in addition to being an excellent reference for practitioners, as Brenner does not dive into the weeds yet provides a compelling view of the world today.

No comments:

Post a Comment