Cybersecurity again

I am writing again on the subject of cybersecurity because it is such a good example of where we call on government to step in where it is not even helpful, and the costs can be substantial.  In the case of computer security, I also have substantial expertise and good perspective because I run a small ISP. (Internet Service Provider)

You can see my previous posts for background:

CISPA and the myth of Security

Cyber War: The Drumbeat Continues

Dangerous Power Grab

Yes, my computer systems and servers are on the internet, and are exposed to every hacker in the world, and there are lots of them.  The hackers and spammers are a constant threat, and if they break in to my systems, they can cause substantial damage.  They pound away constantly, trying to find a way in.  For example, just one of my servers has seen roughly 4700 "attacks" in the last 24 hours.  This is typical.

The typical attacks are automated and relentless, but so far, completely unsuccessful.  It is my job - not the government's - to keep it that way.

How do I do that?  I am careful.

The most important thing is the diligence of the users of my systems.  In my case, I am selective in who I allow to use my ISP.  I do not advertise, and I do not even want large numbers of new customers.  I take on new customers only if I am confident that the new customer can be trusted to keep up our security regimen.  I also like to limit my users to those who are knowledgeable enough to know a threat when they see it.

This same basic rule applies to every computer system exposed to the internet.  Every company, every school, every agency has someone in charge of computer security.  This is exactly like the locks on the physical doors.  For every large building, someone has to be in charge of the keys, and the locks, making sure they work, and vandals can't get in easily.  Often there are cameras, or motion detectors.  It is a substantial cost.  Banks spend more.  Book warehouses spend less.  This is as it should be.

As I have outlined in my previous posts, government "help" is of zero value.  With computers, there is an entire industry working hard to address security issues, in ways that legislators don't even understand, much less have workable ideas to improve on the technology.

All of the legislative proposals I have seen would involve some sort of government control of the internet, either control of the data, or the administration of routers, systems, software or operating systems.  Some have even proposed a national "kill switch" to be activated in the case of a "horrible attack", without thinking through the implications of the entire internet going down beause some government functionary sensed a threat.

The internet gets its value from being open and free.  It allows communication between any two people on earth instantaneously.  It also allows hackers to "knock on my door" 5000 times a day.  These are two sides of the same coin.  The openness of the internet would be quickly destroyed if politicians worldwide were allowed to control it.  The tweets from Iranian protesters and the Wikileaks debacles are joined at the hip.

The addition of any measure of government "control" or "cyber defense" is likely to be a loss of freedom on the internet.  That would be a tragic loss, not a step forward.

I choose freedom, with no reservations.  Any and all proposals to "improve" the internet are really proposals to assert political control.  This must not be allowed to happen. The internet should remain out of the reach of political operatives.  That is the only way it can be preserved.