Overall I like the executive summary. As a challenge to the libertarian (myself included), I wonder why the market does not solve this problem. I wonder what is in the head the manager of some utility responsible for continuity of service, when this issue arrises. Perhaps he only reacts to past events and since we have had no nation wide breakdowns in electricity or internet it is not on his radar. Utilities plan for demand, but not for contingencies. I do not think the solution is to rework the PUC’s.
The summary refers to Appendix 1 so I jump there first. Recommendation 1.1 raises the DDoS question, which is very important. My only proposal there is DSR which is not a quick fix and I skip that for now.
I find in action item 1.2.2 the noun phrase “cybersecurity activities in order to identify, protect from, detect, respond to, and recover from cyber incidents affecting critical infrastructure”. I like the “protect from” part, but the ‘activity’ leading to that is a replacement of infrastructure rather than a ‘activity’.
What is this “Cybersecurity Framework”? (◉) I am reminded of recent federal rules concerning the nature of automobile head lights that set back the very goals they were designed for a few years. Such frameworks, designed to enhance, can impede.
Consider Action item 1.5.2.
Recommendation 2.2 (sponsoring R&D) is very interesting. I would assert that both the Keykos line of development (EROS & Coyotos) and perhaps seL4 have already achieved the goals stated there, except perhaps for a modern UI. The problem is not in research, or even development, but in marketing.
Regarding Imperative 3, “Prepare Consumers to Thrive in a Digital Age”. This is indeed an issue. I would characterize this as inventing a new UI that presumes new notions of what is in the user’s head. That includes things such as neither Apple nor Android has conceived of yet. These new notions are familiar to people, but not in a computer context. Perhaps this is a worthy R&D goal.
“The interconnectedness and openness that the Internet, digital networks, and devices allow have also made securing our cyber landscape a task of unparalleled difficulty.” I deny this. The new paradigm is different. It is not a matter of adding patch on patch, nor restriction upon restriction, but a new paradigm on thinking of authority. Much software needs to be discarded, and replaced by simpler, smaller and usually faster software. Besides security the benefits include integrity and reliability.
“We should be able to reconcile security with innovation.” Indeed security requires much innovation. Perhaps this plaint is stimulated from some Stanford professor’s comment that much of the Internet innovation that had taken place by about 2009, would have been impossible if the current (2009) firewall policies had been in place. This must be and can be addressed. In short, firewalls are the wrong solution.
“Past reports also contained several recommendations that, while arguably in the best interest of the security of the nation, were not realistic, given the market forces at the time they were written or in the present day. The Commission asserts that market forces and the needs of private businesses, governments, households, and individuals must be taken into account when putting forth recommendations. This Commission’s recommendations balance ambitious, long-term goals with practical and pragmatic solutions.” Indeed Keykos died in the market. People were sure that some lesser innovation would come along and suffice. They are still waiting.
A section with the structure:
“2. Organizations and their employees require flexible and mobile working environments.” Good point. Cap security at the OS layer allows the following pattern. If the device is tamper resistant then the platform can vouch for both the employer and employee to control their respective parts of the system. Interactions are even possible. The user is aware of the distinction.
“3. Many organizations and individuals still fail to do the basics. Malicious actors continue to benefit from organizations’ and individuals’ reluctance to prioritize basic cybersecurity activities and their indifference to cybersecurity practices.” I presume they refer here to phishing. “cybersecurity practices” are not nearly so onerous even today with sandboxed browser components. Other practices are simplified with YURL.
“6. Technological complexity creates vulnerabilities.” Indeed! Some of the issues they raise are addressed here.
“7. Interdependencies and supply chain risks abound.” Caps have nothing to add to solving the hardware supply chain problem. They have substantial to add to solving the software supply chain problem.
“9. Trust is fundamental.” This is still true. Well, actually ‘trustworthiness’ is fundamental. Too much unwarranted trust is the root of some of our problems. Caps may greatly decrease the number of those you must trust as a direct consequence of decreasing the amount of code that you rely on for security.
“The challenge is to ensure that the positive impacts far outweigh the negative ones and that the necessary trade-offs are managed judiciously.” The only negative impact of caps that I see is the initial disruption; but that ain’t small.
Once there were phones in landline termination offices over which engineers could cooperate when the switching equipment was not running. I wonder if they are still there. The engineers thought of such contingencies then. Why not now?
Several years ago there was a massive power outage around New York City. They discovered that some power stations were unable to do a ‘cold boot’; they relied on electricity to run the pumps that lubricated the generators.
Overall I view this chapter as a set of recommendations on how to connect groups of people, instead of connecting software systems. I am pessimistic. As ‘software architect’ I imagine that the solution is introducing a new software paradigm and such is not even mentioned as a possibility.