[ncdnhc-discuss] Re: [ga] Update: ICP-4 Internet Security and Stability Protection

Jefsey Morfin jefsey at wanadoo.fr
Tue Oct 9 15:24:04 CEST 2001


Dear WG Members,
I thank you for the rising interest into my proposition for the ICP-4 
Internet Security and Stability Protection. Here is an update of the 
initial project document.

The proposed WG-ICP4 methodology is
1. to determine what is to protect: a clear analysis of the Internet system 
in our today society
2. to establish the list the generic target areas of that system: its 
building layers
3. to list the different types of threats
4. to list the motives of failures and/or attacks.

2 and 3 will permit us to define a grid of the Internet risks. 4 will 
permit to work towards prevention. Possible proposition mechanisms are 
introduced further on.

Each box of such a grid should then be worked on:
- to better define the specifics of the menace in that area
- to asses the level of risks in a pragmatic way and in a subjective way
- to determine the parties involved
- to establish a WG on the matter by concerned stakeholders, with the help 
of specialists of the domain involved. The mission would be to asses the 
current situation, the immediate and mid term security oriented actions, a 
specific preventive policy, recommended joint efforts towards a global 
preventive policy and suggested innovations or complete changes which would 
better protect the area's stability and foster development.

That would be the basis of the ICP-4 Internet Security and Stability 
Protection document, for the establishment of an Permanent ISSP Advisory 
Committee. It would keep that grid updated from observations and 
experience, and would keep alive a permanent pragmatic security/stability 
concern among the governance.

A pounderation of the risk levels aking into account the real risks, the 
expected impact on public, the risk chaining and the governance 
unstabilization. should permit to discover the key targets and to determine 
the priorities in term of protection and pro-active policies.

In a first attempt we have categorized 20 generic areas, 25 types of menace 
and 18 motives. They are listed here below. Thank you to add any area we 
might have overlooked. This lists are not yet structured nor detailed in 
order to leave room to your imagination (several highly debated issues 
don't show up because they are part of more generic areas). Please also 
comment them as we now have to work on these list "a layer below" and 
charatize each threat in each area and for each motive.

This list as today corresponds to the modlisation of 500 menaces and 9000 
motivated possible destabilization or war acts.
1. Any competence in helping modelizing and grouping the analysis is welcome.
2. from first experience the perusal of these lists by different people 
should help defining general concerns. This will be purely subjective and 
based upon personal backgrounds. But in confronting these quick analysis we 
might have some first propositions quickly and gain working experience. 
This would however not replace the permanent and fundemental work ahead.

We have to be conscioius that this task is unique as it concerns the 
publicly disclosed protection of a universal system against its own users, 
operators and protectors. Turning the Internet fool and terrorist proof - 
or at least less easy to unstabilize. It also concerns the protection of 
Peace as the Internet is increasingly a vehicle for all the world's exchanges.

The ICP-4 Internet Security and Stability Protection document should 
propose solutions.

The easiest way for that is to proceed from proposed solutions and use the 
risk grid as a validation, a comparative or a killing filter. An Excell 
table should be presented with a proposition telling which menaces it 
address and how, providing an easy and visual decision tool.

Here are the current lists:

Generic targets:
- interconnection structure
- structural lines
- governance
- centralized services (DNS, IP, ...)
- Internet industry (ISP, ASP, Communication Agency)
- interconnected computer systems - stations, immotic - teleurbanism
- interconnected operators (webmasters, staff, ...)
- generic services (e-mail, ftp, online payment, etc)
- servicing computers
- users
- public and social/community area
- market - economy
- impacted industries
- consumer organizations
- communicating structures - organization, management
- equipment manufacturers, content, services providers
- access lines and Telcos - telecom services
- regulation and standards
- states relations and law
- applications - innovation
- protocols

Types of menace:
- single point of failure / weakness
- military action - war, civil war, invasion
- terrorist action
- acts of God
- blocus
- lack of supply
- technical failures
- intelligence action
- economic crisis - local/general
- DoS
- hacking
- vandalism
- disclosure
- cybersquatting
- public/management/technical distrust - disinterest
- negative press campaign
- alternative offerings - new technologies/solutions
- complexity
- overload
- technology level
- management instability
- unfair practices
- ignorance - incompetence - lack of education
- misunderstanding (lexical or linguistic)
- governance feud set-up

Motives:
- misunderstanding of the Internet nature and social model
- strategic interests of leading partners - states, commercial
- financial greed
- political objections
- fanatism (regligious, professional)
- personal interest - employee retaliation
- fun
- private or political agenda and competition
- attempts to dominance - lack of mutual coordination
- cultural conflicts
- financial, lingual and digital divide
- lack of local financing
- lack of local means
- national exclusion
- national policy
- feuds
- ignorance
- History

Jefsey

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20011009/3d07d7a4/attachment.html>


More information about the Ncuc-discuss mailing list