<html>
Dear WG Members,<br>
I thank you for the rising interest into my proposition for the ICP-4
Internet Security and Stability Protection. Here is an update of the
initial project document.<br>
<br>
The proposed WG-ICP4 methodology is <br>
1. to determine what is to protect: a clear analysis of the Internet
system in our today society <br>
2. to establish the list the generic target areas of that system: its
building layers<br>
3. to list the different types of threats<br>
4. to list the motives of failures and/or attacks. <br>
<br>
2 and 3 will permit us to define a grid of the Internet risks. 4 will
permit to work towards prevention. Possible proposition mechanisms are
introduced further on.<br>
<br>
Each box of such a grid should then be worked on:<br>
- to better define the specifics of the menace in that area<br>
- to asses the level of risks in a pragmatic way and in a subjective
way<br>
- to determine the parties involved<br>
- to establish a WG on the matter by concerned stakeholders, with the
help of specialists of the domain involved. The mission would be to asses
the current situation, the immediate and mid term security oriented
actions, a specific preventive policy, recommended joint efforts towards
a global preventive policy and suggested innovations or complete changes
which would better protect the area's stability and foster
development.<br>
<br>
That would be the basis of the ICP-4 Internet Security and Stability
Protection document, for the establishment of an Permanent <b>ISSP
Advisory Committee</b>. It would keep that grid updated from observations
and experience, and would keep alive a permanent pragmatic
security/stability concern among the governance.<br>
<br>
A pounderation of the risk levels aking into account the real risks, the
expected impact on public, the risk chaining and the governance
unstabilization. should permit to discover the key targets and to
determine the priorities in term of protection and pro-active policies.
<br>
<br>
In a first attempt we have categorized 20 generic areas, 25 types of
menace and 18 motives. They are listed here below. Thank you to add any
area we might have overlooked. This lists are not yet structured nor
detailed in order to leave room to your imagination (several highly
debated issues don't show up because they are part of more generic
areas). Please also comment them as we now have to work on these list
"a layer below" and charatize each threat in each area and for
each motive.<br>
<br>
This list as today corresponds to the modlisation of 500 menaces and 9000
motivated possible destabilization or war acts.<br>
1. Any competence in helping modelizing and grouping the analysis is
welcome. <br>
2. from first experience the perusal of these lists by different people
should help defining general concerns. This will be purely subjective and
based upon personal backgrounds. But in confronting these quick analysis
we might have some first propositions quickly and gain working
experience. This would however not replace the permanent and fundemental
work ahead.<br>
<br>
We have to be conscioius that this task is unique as it concerns the
publicly disclosed protection of a universal system against its own
users, operators and protectors. Turning the Internet fool and terrorist
proof - or at least less easy to unstabilize. It also concerns the
protection of Peace as the Internet is increasingly a vehicle for all the
world's exchanges.<br>
<br>
The <b>ICP-4 Internet Security and Stability Protection</b> document
should propose solutions. <br>
<br>
The easiest way for that is to proceed from proposed solutions and use
the risk grid as a validation, a comparative or a killing filter. An
Excell table should be presented with a proposition telling which menaces
it address and how, providing an easy and visual decision tool.<br>
<br>
Here are the current lists:<br>
<br>
<b>Generic targets:<br>
</b>- interconnection structure <br>
- structural lines<br>
- governance<br>
- centralized services (DNS, IP, ...)<br>
- Internet industry (ISP, ASP, Communication Agency)<br>
- interconnected computer systems - stations, immotic -
teleurbanism<br>
- interconnected operators (webmasters, staff, ...)<br>
- generic services (e-mail, ftp, online payment, etc)<br>
- servicing computers <br>
- users <br>
- public and social/community area <br>
- market - economy<br>
- impacted industries<br>
- consumer organizations<br>
- communicating structures - organization, management<br>
- equipment manufacturers, content, services providers<br>
- access lines and Telcos - telecom services <br>
- regulation and standards <br>
- states relations and law<br>
- applications - innovation <br>
- protocols<br>
<br>
<b>Types of menace:<br>
</b>- single point of failure / weakness<br>
- military action - war, civil war, invasion <br>
- terrorist action <br>
- acts of God<br>
- blocus<br>
- lack of supply<br>
- technical failures<br>
- intelligence action<br>
- economic crisis - local/general <br>
- DoS<br>
- hacking <br>
- vandalism<br>
- disclosure <br>
- cybersquatting <br>
- public/management/technical distrust - disinterest<br>
- negative press campaign<br>
- alternative offerings - new technologies/solutions<br>
- complexity<br>
- overload<br>
- technology level <br>
- management instability <br>
- unfair practices<br>
- ignorance - incompetence - lack of education<br>
- misunderstanding (lexical or linguistic)<br>
- governance feud set-up <br>
<br>
<b>Motives:<br>
</b>- misunderstanding of the Internet nature and social model<br>
- strategic interests of leading partners - states, commercial<br>
- financial greed<br>
- political objections<br>
- fanatism (regligious, professional)<br>
- personal interest - employee retaliation<br>
- fun <br>
- private or political agenda and competition<br>
- attempts to dominance - lack of mutual coordination<br>
- cultural conflicts<br>
- financial, lingual and digital divide<br>
- lack of local financing <br>
- lack of local means<br>
- national exclusion <br>
- national policy <br>
- feuds<br>
- ignorance<br>
- History<br>
<br>
Jefsey <br>
<br>
</html>