Don't forget -- there's a series of meetings coming up in Mankato (we'll be hanging out at the Loose Moose -- I like the name) this month. Starting tomorrow with a Blandin Foundation shindig and an open house in the afternoon, a reception in the evening, and then a full meeting on Friday. Here's a little more scoop from Rick King;
On Thursday, July 16th Christensen Communications (104 W. Main Street in Madelia) is hosting an open house from 2:00 – 5:00 p.m. The Minnesota Telecom Alliance is hosting a reception at the Loose Moose Saloon and Conference Center from 7:00 – 9:00 p.m. Also note that we are welcome to join the Blandin Foundation sponsored Minnesota Broadband Policy Seminar at the Region 9 Development Commission (Suite 400, 410 E Jackson St) from 3:00 – 5:00 p.m. on Thursday.
One topic of our conversation will be a first-bash at Security, Vulnerability and Redundancy. Once I get a good model going, I start seeing lots of places it can be applied. In my last post I pushed out this same graphic as a way to advance broadband in the state. Hereis is again, but the topic this time is Internet security (another of the sub-groups that had homework due today in advance of our meeting on Friday).
There have been a batch of security-related news stories recently, so I thought I'd do a recap and tie it in to the Task Force stuff we've been working on the last few weeks. First there's this opinion piece in the LA Times that points out the pitfalls of security at the core of the network instead of the edge. Here's the lede;
Cyber security is a real issue, as evidenced by the virus behind July 4 cyber attacks that hobbled government and business websites in the United States and South Korea. It originated from Internet provider addresses in 16 countries and targeted, among others, the White House and the New York Stock Exchange.
Unfortunately, the Obama administration has chosen to combat it in a move that runs counter to its pledge to be transparent. The administration reportedly is proceeding with a Bush-era plan to use the National Security Agency to screen government computer traffic on private-sector networks. AT&T is slated to be the likely test site. This classified pilot program, dubbed "Einstein 3," is developed but not yet rolled out. It takes two offenders from President Bush's contentious secret surveillance program and puts them in charge of scrutinizing all Internet traffic going to or from federal government agencies.
Despite its name, the Einstein 3 program is more genie than genius -- an omnipotent force (run by the NSA via AT&T's "secret rooms") that does the government's bidding -- spying. The last time around, this sort of scheme was known as the "special access" program -- "special" being code for "unconstitutional."
Einstein 3 purportedly is meant to protect government networks from hackers. But cyber-security experts -- such as Babak Pasdar, who blew the whistle on a mysterious "Quantico Circuit" while working for a major service provider -- agree that Einstein 3 offers no intrinsic security value. The program is implemented where servers exchange traffic between one another -- in the heart of a network system rather than at the perimeter, which interfaces with the outside world. This is similar to a home security system that only monitors the central interior of a house, rather than keeping an eye on the actual doors (and the purpose of hackers may simply be to enter).
At the same time, NPR is running this story that talks about how "Analysts Turn to Software for Spotting Terrorists." Again, here's the lede;
Intelligence officials have been hoping for some time that vacuuming up vast amounts of information and putting it into a computer would uncover some sort of discernable terrorist pattern. The technique, known as data mining, is controversial because information on the innocent, as well as potential terrorists, ends up in the same database. Now it is increasingly unclear whether data mining will ever really work because terrorists don't appear to have predictive patterns.
"We don't even have enough of a data set to get a good pattern of 'What does a terrorist look like?' " says Fred Cate of Indiana University's Center for Applied Cybersecurity Research. "And terrorists, of course, are constantly changing their patterns because, quite simply, they don't want to get caught."
That's why they use one-time cell phone numbers and drop-box addresses.
"There had been, over the past seven years, this sense that if you collect more and more data and put it into a powerful enough computer, shake it and bake it the right way you'll come up with the unknowns" — terrorists who aren't yet on law enforcement's radar screens — says Jim Dempsey, the executive director of the Center for Democracy and Technology, a privacy group in San Francisco.
"I think, and other people who are more technically adept than I think, that's really a fool's errand."
Given all that, what can a poor hapless state like Minnesota possibly do to make things better? Our sub-team's answer is "there's LOTS that we can do." That's where this model/picture comes in. As articles like these show, the parallels between Internet-security and regular meat-space security are growing ever more pronounced. Which means that we have lots to learn from people outside the geek realm. And our geek silver-bullets are just as much a last-resort solution as real bullets are in the real world. Should be an interesting discussion!