Greetings,
The cleaning people came through my building so I decided since I shouldn't
walk on there wet floors (until they dry), I might as well save the free
world with my unsolicited, amazing opinions.
The below I gather is the White House official policy on tinkering with
everything electronic including the Internet in the name of security.
If you download it, its not immediately apparent it available as about 14 or
so little pieces {OR} one big PDF. Look around on the page for which suits
your pleasure(s). Either way, its got some reasonably cheesy clipart (Maps,
fat translucent resistors on printed circuit boards, etc.). It embarasses me
I often write stuff like this myself. Anyway... Its completely packed with
passive soothing language about bad things that can happen, and new
committees, and of course (subject to FUNDING), new things to be done.
I guess I have a hard time grasping the intended audience for this document.
Its not nonsense, its not ominious... mostly seems like a clear and honest
plan for a large make work project.
On the international scale, about 3 pages of 60 or so are about anything
beyond the USA specifically. Since the beginning of each section is by
definition cheesy clipart; (this particular one is a mouse resting on an
ancient map of South America), there isn't much about the rest of the world.
Maybe that's reasonable. I'd just point out some of these bad things they
worry about start far away from the "homeland" in space, but only tens of
milliseconds away in time. so maybe a little more in there about
international stuff would be good; (But this would cut into the square
footage required for the clipart).
My one line notes below are what I think might be of interest to people on
this reflector. The modules of the document "Priority II" and "Priority V"
have more to do with Internet than the rest.
Of course, its a good moment to remind everyone internet probably would be
vastly less cool, and therefore work a lot worse), if it wasn't for ARPA,
which are an arms length R&D institution of the DoD.
Regarding point P below.. (A federally sanctioned clearninghouse for buggy
software); for everyone's convienence I's like to suggest a nice Pacific
coast location for this NON COLOR CODED (gasp!) team.
Some of it is pretty good logic, no doubt. Like R). Trying to make default
settings in things have security turned on, not off for working Joe's.
Most of internet stuff is letters: F thru L. Page numbers are shown as below.
I think "DHS" is "department of homeland security".
I got thru the whole thing pretty much. (The heater(s) were not pulling
there weight due to the cold outside so the floor took a long time to dry).
Regards,
Dan
Source:
===================================================
Title: The National Strategy to Secure Cyberspace
Source: "The White House, Washington, DC"
Date: "We are too cool to identifiy our documents... GUESS"
Table of Contents:
Letter from the President
Executive Summary
Introduction
Cyberspace Threats and Vulnerabilities: A Case for Action
National Policy and Guiding Principles
Priority I: A National Cyberspace Security Response System
Priority II: A National Cyberspace Security Threat and Vulnerability
Reduction Program
Priority III: A National Cyberspace Security Awareness and Training Program
Priority IV: Securing Governments. Cyberspace Priority
National Security and International Cyberspace Security Cooperation
Conclusion: The Way Forward
Appendix: Actions and Recommendations Summary
http://www.whitehouse.gov/pcipb/
===================================================
{ My one liners begin here }. A BHB is, of course a Dilbert class "Big
Honkin Binder"
format is X) nn text
X) = Unique letter
nn = page number
text = uh you guessed, it: text
Priority II:
A) 28 Help industry with security
B) 28 We should teach FBI guys a little about technology
C) 29 Track troublemakers a bit more
D) 29 Let's make teams of people and color code the teams; ( "Blue team to
quadrant 6!")
E) 29 Right up a BHB of bad things bad people do we plan to stop
F) 29 "How the internet works"
G) 30 On internet the DNS, IP, BGP do important things
H) 30 Promote IPv6 because those pesky Japanese are already ahead of us, (so
it must be a good idea)
I) 30 Some bad thing on 21 Oct 2002 in the DNS justifies the "Urgent need
for expeditious action to make such attacks more difficult and less effective"
J) 31 "The IETF has established working groups for securing BGP and the DNS.
These group(s) have made progress, but have been limited by technical
obstacles and the need for coordination"
K) 31 Denial of service is a bad thing. Out of band management is a good thing
L) 31 The absence of source address verification is troublesome
M) 31 "DHS" will recommend better security practices
N) 31 Another BHB on the best way to do all sorts of things. This one's from
the FCC
O) 32 Another BHB for programmable logic controllers people to remind them
its bad to forget about security becuase programmible logic controls control
scary stuff that can blow up, melt down, etc.
P) 33 A clearinghouse for buggy software is coming up
Q) 33 A federally funded patch clearinghouse, maybe
R) 33 Default setups in software and purchased goods should have the
security turned on, not off when you pull it out of the box
S) 34 Tinkering with zoning and whatnot to make telecom buildings more secure
T) 34 Some sort of new Internet? Internet2 or whatever that thing is?
research and whatnot
U) 35 Uncle Sam will buy better stuff for its own operations, (if its not
too expensive)
V) 35 Mumbly point about how wardriving is kind of a surprise to everybody,
(proving radios, ahhh work without wires)
Priority V:
W) 50 Foreigners who happen to be bad like to screw up DOD websites and such
X) 51 For some reason beyond logic... Canada and Mexico specifically? are
going to have to listen up some more. Piplines and power, etc make them more
important to US security, it's presumed
Y) 52 A new Techo-diplomat get a swanky job
Z) 52 More joint committees and alignment with the recent Council of Europe
Convention on Cybercrime