Scaled Back Cybersecuruty

• Previous message (by thread): Scaled Back Cybersecuruty
• Next message (by thread): Scaled Back Cybersecuruty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Seems to be a case of prisoners dilema.  The security of any one network
is to some extent at the mercy of all other connected networks.  The
overall security of the network is only as strong as it's weakest link.
 In a highly competitive market place there is going to be little
incentive to invest in security if it will just be compromised by your
cost cutting competitors.  

If this is the case then the question is what kind of intervention is
necessary to prevent a prisoners dilema and allow something like a Nash
Equilibrium - the bar scene in A Beautiful Mind where they fight over
the hottie blonde...  Basically where a set of strategies for security 
are arranged so that each player believes that it is doing the best it
can (most personal gain) given the strategies of the other players.  

The current state appears to be that many providers do little to nothing
to provide for security, so each player adjust their strategy
accordingly resulting in the prisoners dilema.  It seems to get beyond
this you have to bring up the lowest common denominator so that strategy
is not based on networks doing nothing.  How do you get the worst
offenders to improve the lowest common denominator.  Purchasing
requirements, subsidies, taxes, regulation???  Maybe a bunch of economic
voodoo, but might be a different way of looking at the issue.

----- Original Message -----
From: Pete Kruckenberg <pete at kruckenberg.com>
Date: Tuesday, January 14, 2003 8:16 pm
Subject: Re: Scaled Back Cybersecuruty

> 
> On 14 Jan 2003, Vijay Gill wrote:
> 
> > Avi Freedman <freedman at freedman.net> writes:
> > 
> >> Perhaps the Feds (and maybe states) could use their purchasing 
> power>> to effect change.  Short of that, or regulation, the I 
> don't see how
> >> the serious issues we have with the 'net will get resolved.
> >
> > People do. I've been beating this particular horse for a
> > while now, and we are starting to deploy the capex
> > hammer.  I suggest others start to do the same. See my
> > presentation at the eugene nanog.
> 
> I can see how purchasing power may motivate a vendor (and
> maybe lots of individual vendors) to fix their own problems,
> develop better products, or be more responsive.
> 
> I'm trying to envision an RFP that awards business to one or
> a few network operators, but requires that they interoperate
> effectively with other operators who don't win any of the
> business. I've only got a state-level purchasing
> perspective, but I don't see it happening at any level.
> 
> Is spending really an effective hammer (or gun) to make
> people work together if they aren't otherwise motivated to?
> Behavior related to the '96 Telecom Act doesn't inspire
> confidence.
> 
> Can technical solutions be an effective band-aid for a
> complex poli-socio-economic problem like this?
> 
> Pete.
> 
> 
> 

• Previous message (by thread): Scaled Back Cybersecuruty
• Next message (by thread): Scaled Back Cybersecuruty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]