Tag Archives: cyber policy

Cyber Security Policy Tools – parental control

What you don’t know, can hurt your kids:

Because parents generally don’t understand that Internet features exist on these devices, they are not supervising their use (other than for choice of game content for sex or violence). They are often shocked to learn that their kids are using voice-over-Internet phone technologies (VoIP) to scream at or chat with anyone else playing the game.

Even when strong parental controls exist, such as with Xbox 360 or Wii, parents don’t think about setting them and rarely know they are available.

Leave a comment

Filed under Policy, policy tools

Evolving governance issues

BBC story on the Facebook policy dispute is interesting from a policy perspective.  First the chronology:

  1. Facebook publishes a change in terms regarding Facebook’s “ownership” of individual data published on the site
  2. Individuals protest via social network tools
  3. Organizations, mainly nonprofit groups focused on privacy issues, raise the stakes, threaten action via judicial and regulatory (FTC) venues
  4. Facebook withdraws proposed terms
  5. Facebook creates online group to discuss “Facebook Bill of Rights and Responsibilities
  6. Organizations withdraw their threatened legal/regulatory actions

And this happened within a week.  Is this a new “governance” paradigm that can resolve societal issues within short periods of time, with little “old” government interference?

Leave a comment

Filed under cyber policy, privacy

Internet Privacy – FTC worried self regulation not working

Lots of tangents from the story on new FTC study on industry policing and advertising their privacy policies:

  • FTC has two votes for regulation or legislation (doubts cast upon self regulation as a tool – public failure)
  • Study thinks companies make the information regarding their privacy policies too difficulty for the average person to find/comprehend (market failure = information assymetry)

Points of interest here:

  • Center for Digital Democracy
  • Future of Privacy Forum

Interesting difference in headlines:

Note to self:  Start an inventory of policy tools in each category of cyber policy

Leave a comment

Filed under cybersecurity, policy tools

Cyber Threats – A known surprise

Evidently, according to a Defense Science Board study, the Pentagon needs to address institutional change to deal with the new threat environment.  Interesting categorization of surpises as “surprise” surprises and “known” surprisies.

According to this report:

Among the “known surprises” are threats in the cyber realm, space and nuclear regimes. The study’s authors conclude that the US has made a start in dealing with the cyber threat “but we still have a large, difficult and costly way to go.” To mitigate those risks the chairman of the Joint Chiefs must initiate a series of exercises to gauge “what and how deep our vulnerabilities are.” Also, the services and combatant commands must improve the ability of critical information systems to resist attack.

so, where are the thought leaders on weaponizing cyber capabilities?

Of interest as a research target for lowering cyber risk: OR Applications for ISR

http://www.acq.osd.mil/dsb/reports/2009-01-Operations_Research.pdf

Leave a comment

Filed under cybersecurity

Cyber Policy – Safety and the Internet

Post reports Berkman study challenging assertions that the internet makes children more likely to be abused than real life circumstances:

“The risks minors face online are complex and multifaceted and are in most cases not significantly different than those they face offline.”

There are opposing views from law enforcement and other advocacy groups:

Jeffrey Chester, executive director of the Center for Digital Democracy, a District-based consumer advocacy group, has been critical of the report because its expenses were underwritten by interested parties such as MySpace, Google and Microsoft. “Surprise, surprise,” he said. “They pay for a study, and it says there’s no problem. It was kind of a brilliant PR move.”

However, note that Chester doesn’t provide data to oppose the report, he attackes the source of funding for the report.  The lack of data is actually a concern, for both sides of the argument do not have enough data from which legislators and policy makers can make competent choices:

One online safety advocate, named as a member of the report’s task force, said she is embarrassed by the report because it highlights the fact that there isn’t enough good data on the subject and it doesn’t give lawmakers a clear to-do list. Parents’ concerns about Internet predators are sometimes overblown, said Parry Aftab of WiredSafety.org, but it’s nearly impossible to tell how overblown they are; when quizzed about online activity, kids don’t usually tell the truth if their parents are around, she said.

Market failure occurs, among other reasons, for lack of sufficent information for the market to behave efficient and effectively.  Public failure occurs for the same reason.

2 Comments

Filed under Market Failure, Policy, public failure

A digital Pearl Harbor?

Conficker — the most recent pandemic in cyber space — is said to be connecting machines, at home, office and campuse, into botnets controlled by masters spread throught cyber space.  One consultant describes the potential of conficker as:

“If you’re looking for a digital Pearl Harbor, we now have the Japanese ships steaming toward us on the horizon,” said Rick Wesson, chief executive of Support Intelligence, a computer security consulting firm based in San Francisco.

More later…

Leave a comment

Filed under cybersecurity

DHS – Additional Cyber Security Directives

From DHS today:

Cyber Security. Given the increasingly sophisticated number of threats to all areas of national cyberspace and considering the authorities provided by the Homeland Security Act, the Post-Katrina Emergency Management Reform Act, and Homeland Security Presidential Directive 23/National Security Presidential Directive 54, what are the authorities and responsibilities of DHS for the protection of the government and private sector domains, what are the relationships with other government agencies, especially the departments of Defense, Treasury, and Energy, and the National Security Agency, and what are the programs and timeframes to achieve the department’s responsibilities and objectives? An oral report is due by Feb. 3, with a final report due Feb. 17.

Leave a comment

Filed under cybersecurity