Regulating the US critical infrastructure is complicated, moreover, because it is largely controlled by the private sector. Proposals to enhance cyber protection of such infrastructure, called recommendations, have been prepared by the US government, but the standards or practices recommended could render critical
infrastructure more vulnerable both because any flaws would be widely applicable (reducing redundancy) and because the US government would likely seek continued access to systems through measures that could be exploited by attackers. The Obama administration has backed away from mandating standards, and its proposals are so general they provide no assurance as to what any particular company will do.
The Cyber infrastructure of the world is transnational; thus it is illusory to expect it to be effectively managed by a single state, or even by a group of states’ having dominant conventional military power and vast economic resources. Only a transnational framework, based on the consent of all participating states, could be effective in reducing the security threat posed by cyber activities. To the extent the Internet has security today, it is largely because the Internet Engineering Task Force (IETF) and other private, standard setting bodies have developed and mandated protocols that must be followed by users to gain access. Send your comments to the Cloud and Cyber Security Center. To download this report visit: http://www.hoover.org/sites/default/files/fw_hoover_foreign_policy_working_group_unconventional_threat_essay_series/201411%20-%20Sofaer.pdf
infrastructure more vulnerable both because any flaws would be widely applicable (reducing redundancy) and because the US government would likely seek continued access to systems through measures that could be exploited by attackers. The Obama administration has backed away from mandating standards, and its proposals are so general they provide no assurance as to what any particular company will do.
The Cyber infrastructure of the world is transnational; thus it is illusory to expect it to be effectively managed by a single state, or even by a group of states’ having dominant conventional military power and vast economic resources. Only a transnational framework, based on the consent of all participating states, could be effective in reducing the security threat posed by cyber activities. To the extent the Internet has security today, it is largely because the Internet Engineering Task Force (IETF) and other private, standard setting bodies have developed and mandated protocols that must be followed by users to gain access. Send your comments to the Cloud and Cyber Security Center. To download this report visit: http://www.hoover.org/sites/default/files/fw_hoover_foreign_policy_working_group_unconventional_threat_essay_series/201411%20-%20Sofaer.pdf
No comments:
Post a Comment