[164]                             home                             [166]   

Saturday, November 20, 2004

The BCNGroup Beadgames

Center of Excellence Proposal à 

Challenge Problem  à

 National Project à

 White Paper on Incident Information Orb Architecture (IIOA) à

   Adi Structural Ontology Part I  à

Cubicon language descriptive à

Orb Notational Paper  à

 

 

 

 

Types of Ontology for Crisis Management    ß hyperlink

 

Dear Q. R.

 

The founding committee has edited the following communication so that, in fact, we spoof specifics of identity and plans that might be proprietary.  But so that the concepts are abstracted and a concept filter placed to remove those things that are not relevant to the larger planning process for the National Project.  The result is a “bead” that is then placed into the BCNGroup Glass Bead Games.  

 

Paul…

 

This is an interesting article, but, really, there is nothing new here.  I have heard Clark speak on this and he, like all before him (and all after him in the current administration) took their work a lot more seriously than their boss(s) did.  

 

Having said that, the one truth that everyone in the administration dances around is that our information infrastructure is horribly weak and unprotected.  Corporations do the best they can (or are willing to pay for), but the “National Policy to Secure Cyber Space” comes up woefully short in anything but talk. 

 

The National leadership puts the monkey on the backs of the corporate world and the public.  This leads to the re-enforcement of the proprietary interests in having a cyber war.  The problem is fed rather than being solved. 

 

This is completely wrong-headed.  The Little Old Lady From Pasadena has absolutely no idea how to secure her computer – all she uses it for is to send email and get pictures of her grandkids.  But her computer sits out on a cable modem and probably has been loaded up with so many zombies that it’s become a full blown attack machine for some hacker.  And yet the government tells her it’s her responsibility to protect cyber space.  She doesn’t know what that means and she doesn’t care.

 

Worse, about 70% of all unclassified government data travels on public data circuits including the Internet.  So how is it not government’s responsibility to take a role in protecting that infrastructure?  Instead, we shove that all off on the corporations that are focused upon profits, greed, and PR spin, not security.  It is a battle security practitioners have fought since the beginning of computing.

 

I am absolutely convinced that the only way to win the battle for cyber space is to do exactly what I’m looking at doing:

 

immunize the systems on it so that attacks no longer work.

 

That’s a panacea, but within less than five years it is, I am convinced, possible.  The studying we have been doing lately on artificial immune systems reveals a very promising potential when taken with the foundational work we are pursuing right now. 

 

Developing a comprehensive set of ontologies and resulting taxonomies for cyber attacks and their components will help us understand attack mechanics.  Once we understand that, we can protect against any type of attack because the organism (the network) can be given the ability to protect itself.

 

Work currently being done by the likes of Cisco is brute force and more hype than substance.  A more elegant approach is needed and that comes not from huge amounts of money invested (although it will, some day, come to that as well), but from a deeper understanding of the problem

 

How can companies such as Cisco and Microsoft solve the problem when they don’t even understand the questions?

 

We are getting close to finishing the foundational paper on this that sets up the problem and the suggested solution set, at least the first part of it .

 

We are almost ready to publish some of the more advance thinking.  The problem space has become well-defined. 

 

We are looking to communicate to just those who can contribute to a sufficiently deep view of the problem, something that has had, to date, only surface attention.  

 

The paper is due 1 December.  If I may, I’ll pass it by you for comment before I submit.  It has a lot of your core principles in it. I also need the mathematic notations and concepts validated (as always <grin>).

 

 

Sincerely ,   Q. R.