|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Your counsel on defeating DDOS Attacks
Pascal Meunier wrote: > The policy-setters of the US should realize that if the > internet is going to be an infrastructure of the economy, > then it should be treated with the care, resources and law > enforcement power that other infrastructures get. Mike Prosser wrote: > Who is going to set these standards, enforce them....I don't > know the answer to that one. Do we have "big government" > set the standards? That's how BS7799 is being driven in > Britian, but how would that fly elsewhere? Do we make the > standards voluntary? Anyone who wants to abide by them can, > those that don't won't....no teeth, how do you enforce > those? Somewhere in between is my best guess. All, The comments by Pascal and Mike have sparked some good discussions here at MITRE. While this may be too late for Alan's deadline, here is my take on those discussions. Consider this as a potential caveat to all of the good technical suggestions that have already been offered. Dave Mann ********************************************************** As responsible technologists, we must always be aware of the limitations of what technology can accomplish. To that end, we must be careful to not perpetrate the myth that the information security problem and its solutions are purely technological. In particular, there are important legal and political issues that must be addressed for real change to take effect. Until the legal landscape of cyberspace becomes better defined and until issues surrounding liability, criminality and jurisdiction are decided, we are doomed to an ineffectual game of technological cat and mouse with cyber-criminals. Definitions of responsibility and liability must be determined, and meaningful consequences must be established for all who are involved with the internet in any way. While the government is a critical part of the solution, we also recognize that there are good reasons for the broader community to shape and define as much of this landscape as possible, especially in the early phases. The establishment of the internet (like the establishment of other technologies such as the automobile, the telephone, electric power, railroads and others) is fundamentally altering how we live and conduct business. It is difficult to determine issues of legality during those times when new infrastructures are being established. However, eventually citizens demand the rule of law to protect the rights of the individual, and business demands the rule of law to protect commerce. The ultimate solution for preventing or mitigating the distributed denial of service attacks of the future will necessarily involve both technological advances and the creation of a larger legal framework that will allow those who are responsible to be held accountable. -- ========================================================= David Mann || phone: (781) 271 - 2252 INFOSEC Engineer/Scientist, Sr || Enterprise Security Solutions || fax: (781) 271 - 3957 The MITRE Corporation || Bedford, Mass 01730 || e-mail: damann@mitre.org
|
||||
