It has occurred to me that perhaps one of Putin's major goals (assuming he is pulling these strings) is to get the rest of the world to spend itself to death on network security much like the (possibly apocryphal) claim that we (US) caused the USSR's demise by causing them to spend themselves to death on defense. It doesn't matter if that's factually true, it probably isn't. The USSR's spending on defense didn't rise much in the claimed era. Only whether Putin believes it to be true, or is an opportunity. It is a game which is weighted in favor of the attacker who only has to get it right once in a while to do a lot of damage while the defender has to try to thwart every effort. That said I'll say what I've been saying for decades: We never designed the net to be secure. We never designed it to do things which require so much security. That was an afterthought largely beginning in the mid-90s when some realized that they could make (and/or save) a lot of money if they could proceed on the fiction that the net was or could be made secure. So we (the technological community) bought into that fiction and proceeded to try to layer on security. It hasn't really worked. It may not even be possible. Or, perhaps put better, we only encouraged those exploiting the net for their own pecuniary interests to keep coming back for more security acting as if we'd promised it was secure but haven't tried hard enough and have let them down. We didn't ever promise that. Show me where, in writing, anyone ever promised anyone that. The net was designed to share pictures of cats, bottomless talking clubs, and document sharing, all of little importance, as frictionlessly, cheaply, quickly, and without accountability as possible. If those making literally trillions off the net actually care about security perhaps they could throw in some billions to achieve it and stop hoping they can humiliate this vast army of largely unpaid volunteers to deliver it to them for free. On January 6, 2022 at 14:39 at-large@atlarge-lists.icann.org (Karl Auerbach via At-Large) wrote:
On 1/6/22 9:39 AM, Dev Anand Teelucksingh via At-Large wrote:
ICANN Blog : Relying on ICANN Community-Developed Processes for a Safe, Secure Internet
In our race to be safe and secure we are forgetting about maintenance, monitoring, diagnostics, and repair.
Our layers of security are making it harder to keep the net running.
I've been working on the monitor/diagnose/repair side of things for more than 4 decades. I've watched as the number and strength of security walls being erected, walls that make running the net hard, is increasing.
Yes, we need security. But we also need means to keep the net running and to fix it when thing go awry.
Few have been willing to discuss this trade-off between security and maintenance/repair.
The solution may require empowerment of people with special privileges and use of privileged tools of exceptional power; a cadre of privileged internet priests.
The creation of such a cadre has been strongly resisted when that cadre has taken the form of things like backdoors into cryptography. However, to keep the net alive sometimes people and tools are going to have to go into the cellars and sewers of the net where unpleasant and uncomfortable things will be seen. To my mind this all comes down to ethics and trust, the trust that those who have special powers to maintain the net operate within a set of ethical guidelines backed by strong enforcement.
At the present time the internet is like a patent on a surgical table. Perhaps the patient is sick, perhaps not, perhaps in need of immediate care. But on our present internet the doctors are locked outside the building and the the surgeon is allowed only butter knives rather than sharp scalpels.
The internet has become a lifeline utility - health, safety, and even lives depend on it. That will increase in the future.
Yet we have only weak and filtered means to monitor the net, to understand its pathologies; to even know when things are working badly (whether due to failure, attack, or simple mis-configuration) are, at best, weak; and to make repairs.
Questions of security must be considered, hand-in-hand, with matters of the necessary access and the sharp, potentially dangerous, tools that must be wielded to keep thins operating well.
--karl--
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*