It’s nice when the plan works!

February 7, 2007 at 8:29 am | Posted in Technical | Leave a comment

Last night CNN reports there was a massive influx of traffic targeted at the DNS root system. The attack, which seems to have originated in South Korea, spectacularly failed to cause any problems for us at all.

The DNS system as it stands today has so much built-in redundancy that the good guys won this time! It is nice to hear that proactive system design can work for such a large and critical target.

It is difficult to budget and design proactive solutions, even on a smaller scale. It is always a guessing game; how will intrusions and attacks happen next? 12 years ago the chief concern for office-level security staff was email-borne virus attachments. It’s safe to say that the types of computer threats have diversified and intensified since then, and will likely continue to do so.

Can we look to our government for protection? Yesterday both the Senate and the House introduced revamped versions of failed bills to address Internet security. Both bills seem to focus on punishing companies who attempt to conceal breaches after the fact. I suppose this indirectly discourages them from allowing a breach to occur in the first place, but it seems odd that the bills are focused on the defenders, not the attackers. One important exception is the Cyber-Security Enhancement and Consumer Data Protection Act of 2007, which criminalizes attempts to gain access to private data:

“Section 1030(a)(7) of title 18, United States Code, is amended by inserting ‘, or to access without authorization or exceed authorized access to a protected computer’ after ’cause damage to a protected computer’.”

The interesting word in that paragraph is “protected”. While the bill doesn’t define a “protected” computer, it seems to suggest that an uprotected system is fair game for the hackers and thieves. I hope that is not the spirit of the bill.

Maybe it is merely restating the fact that we’re on our own in terms of data security. This could be the next iteration of American individualism. The pioneers in the 1800’s were theoretically protected by the laws of the land, but they advanced west more quickly than the ‘long arm of the law’, and were in effect on their own.  Perhaps to some degree, modern data security comes down to individuals making the decision to protect their own, since we have run so far ahead of our government’s ability to protect us.

Advertisements

TrackBack URI

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: