Pages

Thursday, April 22, 2010

Accountability in the "cyberwar" era

So who is accountable?

Well you could hold the software user responsible,  but that will just cause them to switch to other software or hardware which most likely is also vulnerable.  You could tell them dont open attachments,  dont respond to email,  dont browse the web,  dont do your job.  But what does that do.

What about the government?  What can they do?  they can spend all the money in the world to improve security at the backbone level...  but the issue is still there if software is vulnerable,  it still goes on and accountability in government does nothing.

How about the attacker?  Anything technology related cannot be proven.  As a matter of fact,  Anyone who does not admit guilt cannot be proven to have done anything wrong in the cyber world  it is 100% imposible to prove sombody did something on the internet.  all an attacker needs is your name and a proxy on your computer to make it look like you did whatever they want without any sophistication.  Log files are just composed of bits,  bits can be modified to say whatever.  There is external logging systems where an attacker supposedly cannot modify the logs this is very untrue the logs get sent from the machine being attacked to the machine doing the logging,  but the attacker already has control of the computer and can make it send any log it wants to the logging machine or not at all.  whats to say they have not compromise that logging computer as well?  How do you pass on accountability to something that cannot be proven?  You cant,  To many innocents will wind up a "cyber terrorist"

How about the Software/Hardware vendor?  Vendors usually know about their security flaws before attacks happen,  but this is not always the case.  If vendors are held responsible for security flaws in their software/hardware probably 90% of all hacking would stop.  But what about the flaws they dont know about?  should they still be held accountable?  Gun makers are not responsible if someone buys there gun(computer),  that person gets there gun(computer stolen)  and someone else shot with it  which is essentially the same thing with software/hardware vendor's.