Saturday, November 20, 2004
Center of Excellence Proposal
à
White Paper on Incident Information Orb
Architecture (IIOA) à
Adi Structural Ontology Part I
à
Cubicon language descriptive
à
Types of Ontology for Crisis
Management ß hyperlink
Dear Q. R.
The founding committee has edited the following communication so that, in fact, we spoof specifics of identity and plans that might be proprietary. But so that the concepts are abstracted and a concept filter placed to remove those things that are not relevant to the larger planning process for the National Project. The result is a “bead” that is then placed into the BCNGroup Glass Bead Games.
Paul…
This is an interesting article,
but, really, there is nothing new here. I have heard Clark speak on this
and he, like all before him (and all after him in the current administration)
took their work a lot more seriously than their boss(s) did.
Having said that, the one truth
that everyone in the administration dances around is that our information
infrastructure is horribly weak and unprotected. Corporations do the best
they can (or are willing to pay for), but the “National Policy to Secure Cyber
Space” comes up woefully short in anything but talk.
The National leadership puts
the monkey on the backs of the corporate world and the public. This leads to the re-enforcement of the
proprietary interests in having a cyber war.
The problem is fed rather than being solved.
This is completely
wrong-headed. The Little Old Lady From Pasadena has absolutely no idea
how to secure her computer – all she uses it for is to send email and get
pictures of her grandkids. But her computer sits out on a cable modem and
probably has been loaded up with so many zombies that it’s become a full blown
attack machine for some hacker. And yet the government tells her it’s her
responsibility to protect cyber space. She doesn’t know what that means
and she doesn’t care.
Worse, about 70% of all
unclassified government data travels on public data circuits including the
Internet. So how is it not government’s responsibility to take a
role in protecting that infrastructure? Instead, we shove that all off on
the corporations that are focused upon profits, greed, and PR spin, not
security. It is a battle security practitioners have fought since the
beginning of computing.
I am absolutely convinced
that the only way to win the battle for cyber space is to do exactly what I’m
looking at doing:
immunize the systems on it
so that attacks no longer work.
That’s a panacea, but within
less than five years it is, I am convinced, possible. The studying we
have been doing lately on artificial immune systems reveals a very promising
potential when taken with the foundational work we are pursuing right
now.
Developing a comprehensive set of
ontologies and resulting taxonomies for cyber attacks and their
components will help us understand attack mechanics. Once we understand
that, we can protect against any type of attack because the organism (the
network) can be given the ability to protect itself.
Work currently being done by
the likes of Cisco is brute force and more hype than substance. A more
elegant approach is needed and that comes not from huge amounts of money
invested (although it will, some day, come to that as well), but from a
deeper understanding of the problem.
How can companies such as
Cisco and Microsoft solve the problem when they don’t even understand the
questions?
We are getting close to
finishing the foundational paper on this that sets up the problem and the
suggested solution set, at least the first part of it .
We are almost ready to
publish some of the more advance thinking.
The problem space has become well-defined.
We are looking to
communicate to just those who can contribute to a sufficiently deep view of the
problem, something that has had, to date, only surface attention.
The paper is due 1
December. If I may, I’ll pass it by you
for comment before I submit. It has a lot of your core principles in it.
I also need the mathematic notations and concepts validated (as always <grin>).
Sincerely , Q. R.