Editing FreshThinking
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 5: | Line 5: | ||
Much like the fable of [https://www.urbandictionary.com/define.php?term=the%20emporer%20has%20no%20clothes '''The Emperor's New Clothes''']] the standards being proposed while lauded and much acclaimed are ineffective and may be dangerous. https://www.sott.net/image/s14/280830/full/Naked_Emperor.jpg | Much like the fable of [https://www.urbandictionary.com/define.php?term=the%20emporer%20has%20no%20clothes '''The Emperor's New Clothes''']] the standards being proposed while lauded and much acclaimed are ineffective and may be dangerous. https://www.sott.net/image/s14/280830/full/Naked_Emperor.jpg | ||
== Techno Legal == | == Techno Legal == | ||
| − | The Task Force is proposing a new techno legal approach to IoT Security. It borrows ideas from how surveillance and security is done in the physical world and proposing similar concepts in cyberspace. The core idea is to adapt to the fact that with increasing usage of Cyberspace it is no longer a jungle but a | + | The Task Force is proposing a new techno legal approach to IoT Security. It borrows ideas from how surveillance and security is done in the physical world and proposing similar concepts in cyberspace. The core idea is to adapt to the fact that with increasing usage of Cyberspace it is no longer a jungle but a series of cyber cities and cyber townships. The standard of care required to protect a person or a house in a city is much less then in a jungle because there is a enabling legal and institutional support like the Police and [[wikipedia:Neighbourhood Watch (United Kingdom)|Neighbourhood Watch]] and bystanders and neighbors also pitch in to report suspicious activity and chase criminals. Key ideas |
| − | + | *Reduce Complexity | |
| − | + | :Cybersecurity protection is complex. An analogy is effort required to secure a house. Normally putting a lock on the doors is sufficient( password protect the WiFi/Broadband router). Securing the kitchen window or chimney is stronger but not necessary( Bluetooth or Amazon Alexa vocie operated Home automation). Creating a moat and a high fence with barbed wires may be required for high value property only ( [[wikipedia:Intrusion detection systems|Intrusion Detection System IDS]]) and a gold vault like Fort Knox requires a different level of security. Cybersecurity also requires great discipline from users as identity theft is a common attack. Technical tools to reduce complexity are required. However complexity is a function of legal and technical factors just like program complexity is a function of data structure and language used. Some types of tasks would be very difficult with COBOL ( machine Learning?) and the technical foundations of the Internet make it very difficult to secure as IP and MAC spoofing obscures the origin of entry.The legal framework which does not adequately provide right of self defense and following criminals in cyberspace is also a contributing factor. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | Cybersecurity protection is complex. An analogy is effort required to secure a house. Normally putting a lock on the doors is sufficient( password protect the WiFi/Broadband router). Securing the kitchen window or chimney is stronger but not necessary( Bluetooth or Amazon Alexa vocie operated Home automation). Creating a moat and a high fence with barbed wires may be required for high value property only ( [[wikipedia:Intrusion detection systems|Intrusion Detection System IDS]]) and a gold vault like Fort Knox requires a different level of security. Cybersecurity also requires great discipline from users as identity theft is a common attack. Technical tools to reduce complexity are required. However complexity is a function of legal and technical factors just like program complexity is a function of data structure and language used. Some types of tasks would be very difficult with COBOL ( machine Learning?) and the technical foundations of the Internet make it very difficult to secure as IP and MAC spoofing obscures the origin of entry.The legal framework which does not adequately provide right of self defense and following criminals in cyberspace is also a contributing factor. | ||
<code> The complexity of a program can be greatly reduced by right data structure and proper programming language(Algorithm) .Similarly complexity of cyber-security can be greatly reduced by a different legal framework and SAFENET {{link and explain}} design of networks</code> | <code> The complexity of a program can be greatly reduced by right data structure and proper programming language(Algorithm) .Similarly complexity of cyber-security can be greatly reduced by a different legal framework and SAFENET {{link and explain}} design of networks</code> | ||
| − | + | *Reduce cost and effort | |
| − | Cyber-security requires lot of effort and is expensive and skills required are increasing. There is a lack of enough expertise at a scale that can be effective. So business models which encourage cooperation and pooling should be enabled | + | : Cyber-security requires lot of effort and is expensive and skills required are increasing. There is a lack of enough expertise at a scale that can be effective. So business models which encourage cooperation and pooling should be enabled |
| − | + | * Legal sanction for self help groups(SHG) | |
| − | In a gated community or a Office tower block access may be restricted and incoming visitors and outgoing people may be checked by security . This allows residents to share the cost of common security and other facilities. Cloud providers like Amazon AWS or Microsoft Azure provide multi tenanted space and can provide more secure space.These are semi private spaces in Cyberspace. Semi Public places also have their own surveillance and secure operations . Banks,Malls,Concerts hall may frisk visitors and refuse entries to masked people. These and other self help groups should be recognized entities in Cyberlaw. It should not be a "each-person-for-self" world | + | : In a gated community or a Office tower block access may be restricted and incoming visitors and outgoing people may be checked by security . This allows residents to share the cost of common security and other facilities. Cloud providers like Amazon AWS or Microsoft Azure provide multi tenanted space and can provide more secure space.These are semi private spaces in Cyberspace. Semi Public places also have their own surveillance and secure operations . Banks,Malls,Concerts hall may frisk visitors and refuse entries to masked people. These and other self help groups should be recognized entities in Cyberlaw. It should not be a "each-person-for-self" world |
| − | + | *SHG should have delegated Police authority | |
| − | SHG should be able to deter criminal behavior by imposing costs on criminals. A industrial township can have its own security and surveillance with legal rights to chase and capture suspected criminals.While these [[wikipedia:Parapolice |ParaPolice]] may have oversight from the urban local body (ULB) police they have some delegated rights to enter property (Car or safe house) and size people and stuff. Current cyberlaw makes entry of a attackers server or inspection of suspected attackers network or equipment illegal if not done by the Police. | + | :SHG should be able to deter criminal behavior by imposing costs on criminals. A industrial township can have its own security and surveillance with legal rights to chase and capture suspected criminals.While these [[wikipedia:Parapolice |ParaPolice]] may have oversight from the urban local body (ULB) police they have some delegated rights to enter property (Car or safe house) and size people and stuff. Current cyberlaw makes entry of a attackers server or inspection of suspected attackers network or equipment illegal if not done by the Police. |
| − | + | *SECURENET A secure net may use a different foundation then the TCP/IP and UDP approach. | |
**A CLASS E subnet | **A CLASS E subnet | ||
**Packets routed thru identified and secured routers . A military grade sub net | **Packets routed thru identified and secured routers . A military grade sub net | ||
| Line 26: | Line 21: | ||
**CyberCCTV. All packets are logged for forensics and real time correlation of emerging threats used to throttle and block. Preventive rather then post fact forensic approach. Network level correlation may make it easier to spot incipient attacks. Logging is not just centralized but at different levels. So anomaly detection for a local neighbourhood is much easier and reduces false positive that currently overwhelm IDS. | **CyberCCTV. All packets are logged for forensics and real time correlation of emerging threats used to throttle and block. Preventive rather then post fact forensic approach. Network level correlation may make it easier to spot incipient attacks. Logging is not just centralized but at different levels. So anomaly detection for a local neighbourhood is much easier and reduces false positive that currently overwhelm IDS. | ||
**Collaboration across all actors in SECURENET. The potential is visible from the [https://krebsonsecurity.com/2017/08/tech-firms-team-up-to-take-down-wirex-android-ddos-botnet/ '''WireX Botnet'''] incident. | **Collaboration across all actors in SECURENET. The potential is visible from the [https://krebsonsecurity.com/2017/08/tech-firms-team-up-to-take-down-wirex-android-ddos-botnet/ '''WireX Botnet'''] incident. | ||
| − | + | *Piracy law in Cyberspace | |
:[https://www.britannica.com/topic/piracy-international-law| International law] allows captains of ships and airplanes police rights to deter criminal behavior. Since cyber criminals operate across territorial borders we need to evolve the legal framework and enable victims to catch criminal and bring them to justice under territorial country criminal courts | :[https://www.britannica.com/topic/piracy-international-law| International law] allows captains of ships and airplanes police rights to deter criminal behavior. Since cyber criminals operate across territorial borders we need to evolve the legal framework and enable victims to catch criminal and bring them to justice under territorial country criminal courts | ||
| − | |||
==ToDo== | ==ToDo== | ||
-Links to TaskForce presentations and position papers | -Links to TaskForce presentations and position papers | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
:https://www.slideshare.net/cisoplatform7/keynote-session-internet-of-things-iot-security-taskforce | :https://www.slideshare.net/cisoplatform7/keynote-session-internet-of-things-iot-security-taskforce | ||
:http://www.iotforindia.org/blog-post/iotsecurity-the-standards-are-injurious-not-just-wrong/ | :http://www.iotforindia.org/blog-post/iotsecurity-the-standards-are-injurious-not-just-wrong/ | ||
-Crtiques and open issues | -Crtiques and open issues | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
==See Also== | ==See Also== | ||
| − | [[ | + | [[IoT Security Standards]] |
[[Category:Security]] | [[Category:Security]] | ||
