Cybersecurity regulation will take its place alongside environmental regulation, health and safety regulation and financial regulation as a major federal activity. What is not yet clear is what form the regulations will take. FISMA controls, performance standards, consensus standards and industry-specific consortia standards are all possible regulatory approaches. What is not likely is an extended continuation of the current situation in which federal authorities have only limited, informal oversight of private sector cyberdefenses (or lack thereof). more
There may be no better illustration of how far we've come in Internet governance, than this: twice in the past 30 days, the global Internet community has gathered in sub-Saharan Africa to plot a path to bring the Internet to its next billion users. Just weeks after wrapping up the sixth annual Internet Governance Forum (IGF) in Kenya, Internet stakeholders from around the world traveled back to Africa for ICANN's 42nd meeting in Dakar, Senegal. more
A reader recently brought to my attention an upcoming conference in London in the UK -- The Oil and Gas Cyber Security Forum. Here's a little blurb: "Despite investments into state of the art technology, a majority of the oil and gas industry remain blissfully unaware of the vulnerabilities, threats and capability of a malicious cyber attack on control systems..." I bring this up because it is relevant to the trends in cyber security that we see this year - that of the Advanced Persistent Threat. more
Too many techies still don't understand the concept of due process, and opportunistic law enforcement agencies, who tend to view due process constraints as an inconvenience, are very happy to take advantage of that. That's the lesson to draw from Verisign's proposal and sudden withdrawal of a new "domain name anti-abuse policy" yesterday. The proposal, which seems to have been intended as a new service to registrars, would have allowed Verisign to perform malware scans on all .com, .net, and .name domain names quarterly when registrars agreed to let them do it. more
It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns. more
Recent articles in the press have outlined how sites including MSN and Hulu are now using an advanced version of the old cookie file to track user behavior. These "supercookies" are very hard to detect and delete, and can track user behavior across multiple sites, not just one. These tricky little trackers have lawmakers pressing the FTC to investigate, and the IAB scrambling to defend industry practices. more
There has been considerable debate on whether the Internet needs new Top Level Domains. Advertising advocacy groups have objected to the expense of re-investment in online branding. There's a lot of work involved in telling the world .BEYONCE is where you will now find all official Beyonce related information. I'm wondering, why would anyone object to some order being applied to the internet? more
"Smartphones (and tablets, WdN) are invading the battlefield", reports the Economist on its website of 8 October 2011. On the same day the hacking of U.S. drones is reported on by several news sites. ("They appear friendly". Keyloggers???) Is this a coincidence? more
The US government is looking at telling ISPs how to deal with compromised customers and botnets. They're a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. more
In 1964, Canadian scholar Marshall McLuhan famously wrote, "The medium is the message." This phrase popped into my head last week as I listened to the opening speakers at the Internet Governance Forum in Nairobi. McLuhan meant that the form in which a message is delivered - the medium - embeds itself in the meaning of the message. The medium influences how the message is perceived and understood and is therefore inseparable from the message itself. What does this have to do with the Internet? more