Difference between revisions of "Cybersecurity Must Be Free"

From MgmtWiki
Jump to: navigation, search
(References)
(Problems)
Line 9: Line 9:
 
==Problems==
 
==Problems==
 
The US Government seems to be of two minds on sharing [[Cybersecurity]] information with industry:
 
The US Government seems to be of two minds on sharing [[Cybersecurity]] information with industry:
# The DHS host the Cybersecurity and Infrastructure Agency (CISA) which has a policy of [https://www.cisa.gov/information-sharing-and-awareness Information Sharing and Awareness]
+
# The DHS hosts the Cybersecurity and Infrastructure Agency (CISA) which has a policy of [https://www.cisa.gov/information-sharing-and-awareness Information Sharing and Awareness]
 
# The DoD operating thru the joint command of the NSA and the CSS investigates and hides cyberattacks that it can use for Offensive operations like that against the Iranian Nuclear Bomb initiative.
 
# The DoD operating thru the joint command of the NSA and the CSS investigates and hides cyberattacks that it can use for Offensive operations like that against the Iranian Nuclear Bomb initiative.
  

Revision as of 14:44, 23 July 2022

Full Title or Meme

The arts and sciences of Cryptography or secret writing depends on secrecy. Those with a secret to hide want to protect it. Those that can break Cryptography do not want their adversaries to know about that capability.

Context

  • As long as secret writing has existed, adversaries have tried to detect when it is used and then to break the code and read the secret information.
  • During the second World War, the Allies were able to read many of the German and Japanese encrypted messages. It was critical to the continued availability of this that the Allies not let their adversaries know about the capability because that would cause them to further strengthen their encoding methods and so close off the information. This information was not released until 1974.[1]
  • The NSA and the UK had both created public key cryptography techniques but treated them with the same level of protection that was given to the Ultra Secrets of WWII. When the Diffie Hellman paper[2] was published in 1976, they were appalled that such information was public and warned the IEEE that allowing the export of such information was a "exporting technical articles on encryption and cryptology—a technical field, which is covered by Federal Regulations, viz: ITAR (International Traffic in Arms Regulations, 22 CFR 121-128)." And the presenting the information in an international symposium could be prosecuted.[3] The paper was presented. The prosecution did not occur.

Problems

The US Government seems to be of two minds on sharing Cybersecurity information with industry:

  1. The DHS hosts the Cybersecurity and Infrastructure Agency (CISA) which has a policy of Information Sharing and Awareness
  2. The DoD operating thru the joint command of the NSA and the CSS investigates and hides cyberattacks that it can use for Offensive operations like that against the Iranian Nuclear Bomb initiative.

References

  1. Frederick William Winterbotham, The Ultra Secret Harper & Row (1974-01-01) ISBN 978-0060146788
  2. Whitfield Diffie, Martin E. Hellman, New Directions in Cryptography. (1976-11). IEEE Transactions on Information Theory. 22 (6): 644–654.
  3. Henry Corrigan-Gibbs (December 2014). "Keeping Secrets". Stanford Magazine – Stanford Alumni Association. (2014-11). https://alumni.stanford.edu/get/page/magazine/article/?article_id=74801