Saturday, July 11, 2009

Internet safety requires leadership, but also competition


The Washington Post today (July 11) has an editorial “Securing the Internet: Recent cyber-attacks highlight the need for administrative action”. It starts with “where is our cyber-czar?” and ends well with “All the more reason to make someone accountable for striking the right balance between liberty, security and openness.” The URL for the link is here.

The scale of the denial of service attacks, and the lack of any coherent plan in the administration to protect all agencies against them, does deserve such a comment.

But the public focus on the style and substance of government leadership misses a major point. The vulnerability of the Internet – both private (sometimes very and micro-private) and public (government) components, is a function of three major factors: (1) a lack of sufficient competition among service providers, particularly of operating systems (2) asymmetry, which means that a bad actor with no commitment to “social contract” and do enormous damage, (3), a combination of the first two: sustainability, which means that the sorts of grudges that can lead to these attacks somehow get addressed.

When we speak of competition, we have precedents. IBM came to control the mainframe market in the 1970s and 1980s, and in some critical areas, Microsoft still dominates the PC market too much. Despite all the advances with the MacIntosh and Linux machines, there are some parties that need what (and all) that Microsoft can do in their I.T. setups. Furthermore, a lot of times, these same parties often tend to attract grudges (all the lines of “social contract”) and mischief. With so much concentration on Microsoft as the dominant player, parties – even whole governments -- make easier targets. Even miniscule vulnerabilities, such as the reported overflow problem in Micorsoft Internet Explorer ActiveX, can suddenly have large global consequences, or can lead to subtle social and political problems by the targeting of specific interest.

There is another factor, too, that so much youthful programming talent seems to go toward bringing things down. A lot of that is explained by economic and social circumstances overseas, in places like Russia and some of eastern Europe, especially during severe recession. All of this seems to make North Korea sound like a sideshow, and perhaps become less likely to be the sole culprit last week.

Update: July 12, 2009

The Washington Times, on p A5 of the Sunday paper, carried a CBN story by Hyung-jin Kim, "North Korea army linked to cyber-attacks", in slightly different text online here. The report points to five specific IP addresses used to distribute the attacks. The atory identifies Kim as an AP writer, but curiously this story did not appear on the AP site, even though other similar stories by him do.

Picture: from Digital Media Conference, Tysons Corner VA, June 25, 2009

No comments: