| |
ChevaunSamuelsSecondEssay 3 - 11 Jan 2020 - Main.ChevaunSamuels
|
|
META TOPICPARENT | name="SecondEssay" |
| | -- By ChevaunSamuels - 02 Dec 2019 | |
< < | Cyberspace has become a key domain of power execution and a core issue of global politics. Initially, cyberspace was constructed as a space free from regulation and intervention. However, after many cyber-attacks and the expansion of knowledge, the rising tide of threats to the stability and future development of cyberspace has spurred calls for more expansive governance. Cyberspace governance is characterized by a large number of actors, issue areas, and fora involved in processes of steering. Cyberspace is often equated with the World Wide Web but the two are not the same. Cyberspace can be thought of as a complex, highly distributed network infrastructure. In contrast, the World Wide Web denotes a collection of resources identifiable by means of global Uniform Resource Identifiers, and accessible via cyberspace. | | | |
< < |
These sentences feel like they have been cut and pasted from other sources. What is the subject of your draft? "Cyberspace," as I explained in the second week of the course, doesn't actually exist.
Accountability in cybersecurity is virtually non-existent. Despite billions of dollars spent worldwide on cybersecurity solutions, cyberspace is in one of its most fragile states ever. The World Economic Forum’s (WEF) Global Risks Landscape 2018 ranked cyber-attacks alongside extreme weather events and the prospect of nuclear war as the most likely and dangerous risks threatening the stability of society.
Why bother with the
troublesome metnonymy of "cyberspace"? You mean, computers are too
easy to break into, and corporate networks contain lots of defective
programs that reduce security. But because we have a free society,
people are mostly free to run insecure computers if they want to, so
collectively the result of individual insecurity is an increase in
overall risk. Put that way, without having to ask whether
"cyberspace is in a fragile state" we can have a useful conversation
about which sorts of general safety or security regulation we would
consider imposing, why and how.
Our society has moved from a period where it was simply a few people torrenting movies and songs to put on an MP3 player. Large-scale attacks are becoming more commonplace as well as more damaging. The cost of cybercrime to businesses is expected to top $8 trillion by 2022.
What is the difference between "cybercrime" and "crime"? Crimes involving telephones aren't "telephone crime."
There are many resources that are in existence to protect software from being attacked. But despite these precautions, there are still many attacks that happen. The goal for governance should be to protect all the people from all possible attacks.
Why is that the goal? Does that mean that all computers should be operated by government to prevent careless insecure operation? That all software should be approved by government? That I shouldn't be able to modify the software I use in case I make a security mistake and an attack becomes possible? I have no reason to believe that the government would do a better job securing my home, academic and business networks than I do myself, or would turn out to be good at protecting me from its own listening. Why am I wrong?
To do that, we need to fill all the gaps and spaces of attack. By shifting our collective mindset about what we expect from the cybersecurity industry, there can be a tremendous benefit for all those concerned and all those who are sitting around waiting to be attacked.
I'm not sitting around, I'm securing my systems. I use free software and I have no need for a "cybersecurity industry," as opposed to secure software we can make, share and improve for ourselves. Why are you telling me that someone else knows better than I do, or than you could know if you wanted to?
Accountability structures should be reflective of the diversity of the individuals who are attacked and use the cyberspace. The enlistment of stakeholders essential to the resolution of specific cyberspace governance problems presents an important first step with regard to streamlining collective accountability structures and identifying corresponding responsibilities. The adoption of constitutionally inspired enforcement mechanisms has proven fruitful in various cases. In the context of one of the largest cyberspace governance entities, the Internet Corporation for Assigned Names and Numbers (ICANN), the appointment of an ombudsman has helped clarify otherwise murky accountability structures and provided community members with a useful mechanism of recourse.
Furthermore, accelerating the development of advanced methods for controlling access to networks or the information resident on them is crucial. While one of the principal advantages to cyberspace is the ability to share information nearly instantly and globally, at every level of classification, and with one person or millions, there is no “inalienable right” to unfettered access to all systems and all information. We need systems engineered to be used responsibly by people with a reasonable amount of training. Otherwise, we may be asking for unreasonable levels of proficiency on the part of the operator and not enough on the network administrator or software engineer.
To help with governance, it is imperative that we have more programs to equip the younger generation to learn about computers and cyberspace in general. Often times the younger generation is not provided with the proper exposure to computer science and to the technicalities of things such as coding. This exposure for the younger generation will help to make sure that we have a positive future and we have individuals who are willing to learn about the industry and grow in knowledge. Cyberspace’s ubiquity demands lifelong attention to norms of behavior. To have high standards for cyberspace means protection training should begin literally in elementary school and receive an appropriate emphasis throughout one’s entire career to include all military profession schools, service and joint professional development education, and technical training. There are too many case studies to help drive home the costs and risks of bad cyberspace practices in our education and training courses. Despite substantial differences between nuclear and cyberspace operations, when it comes to developing a culture of accountability the nuclear analogy reigns supreme and should be viewed as the gold standard when devising cyberspace protection training at every level.
I don't understand the comparison. No private person needs to or can operate a nuclear reactor. But everyone can and should know how to run a basic server: that's the idea of FreedomBox. Why should I agree to this "gold standard" comparison that seems to fly in the face of my own personal experience and to be at odds with my social intentions? If your argument is persuasive, so much the better, but where is it?
| | |
|
|
|
This site is powered by the TWiki collaboration platform. All material on this collaboration platform is the property of the contributing authors. All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|
| |