Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
Global
2. Africa
Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
Share
White House: Problem of Online Trust Has No Government Solution
Source: fiercegovernmentit.com
Source Date: Friday, October 22, 2010
Country: United States
Created: Oct 28, 2010

The prevailing, certificate-based web browsing model is a significant cybersecurity threat for Internet users, but this multi-jurisdictional, multi-stakeholder problem has no governmental solution, said a White House official during an Oct. 22 event in Washington, D.C.

"Government can't fix it and government shouldn't fix it. So this is not an area where public policy is going to be able to waltz in with a thunder set of regulations, or some kind of rule set perpetrated down through the system by an authority--it's just not going to happen," said Andrew McLaughlin, White House deputy chief technology officer, while speaking at the New America Foundation.

"You don't want government to try to be your front line. We have a history of screwing things up. Even if it were possible, there are good reasons for government not to try to dictate solutions here," he added.

This issue is the classic Internet policy problem, he said, and the diversity of players, jurisdictions, standards, hardware and physical interconnection make trusted browsing difficult to pin down. Browser certificates depend on a chain of trust between many different entities, and within each link, is another micro-chain of trust, said Ari Schwartz, senior Internet policy advisor at the National Institute of Standards and Technology. Because the Internet is a collection of voluntarily interconnected networks, one party's insecure practices can make the network insecure for the other entities, even when they are being as secure as possible.

While government can't fix the problem, McLaughlin said there is room for government to spur collective action for these multiple and competing actors to cooperate and adopt best practices. International standards bodies should help map out what a better, more secure ecosystem would look like, he said.

McLaughlin added that there also needs to be an incentive system, of some sort, to halt the "race to the bottom"-- the competition among certificate authorities to be less expensive than their competitors and, thus, often sacrificing the thoroughness of their audits in the process.

With the Commerce Department's Internet Policy Task Force, NIST's work with the Internet Corporation for Assigned Names and Numbers, and the Homeland Security Department's emergency preparedness efforts, it appears some government players are actively addressing the problem.

"It's important to note that there are folks in government that are paying attention to this problem," said Schwartz.

"In the Cyber Storm III exercise that just went on, some of these attacks were simulated--and I actually asked DHS if it was okay to talk about it and they said if it was at the level of saying that certificate authorities and related DNS issues were raised and that simulated impact, then that it was okay to do that," said Schwartz. "So it's worth pointing out that there has been a lot of talk about that. These kinds of attacks have real-life examples of things that can go wrong, if not properly taken care of."


News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
Rate:
0 ratings
Views: 233

Comments: 0 Bookmarked: 0 Tagged: 0



0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2008-2010 by UNPAN - United Nations Public Administration Network