Klossner: What d'ya know?
"When the ants unite their mouths, they can carry an elephant." — Mossian proverb
I have a friend who was a police detective in a community near me. He said his fellow detectives have a running joke that, upon retirement, they will all move as far away from the community as possible because they know too much about the criminal activity in town.
What if they shared all of this information with the public? Would it scuttle as many solutions as it would provide by letting those engaged in nefarious activities know that they were being watched? Or would more openness discourage some of these activities from ever starting or progressing?
I'm a cartoonist. It is in my professional and personal interest to have as much transparency on a topic as possible. This will lead to better-informed readers, who will be better able to understand references in my cartoons, making me appear funnier, hopefully leading to a fruitful and well-compensated career. Of course, this relies on me making the most intelligent and humorous use of this pile of information and obscure points, but let's not dwell on that for now, shall we?
The current administration is working on a Comprehensive National Cyber Security Initiative (read the FCW story), and as can be expected of anything with the word "security" in it, it is classified. (If I were to parse for a moment, is the word "comprehensive" necessary? Does it mean that all plans without "comprehensive" in the title aren't? I'll let "national" slide, but think of the time, energy and ink supplies that could be saved by eliminating unnecessary words from policy titles.)
Just the thought of the creation of a national cybersecurity plan overwhelms me, kind of like trying to inventory all the leaves on U.S. trees. And, as I've pointed out before, I would consider any cybersecurity initiative a resounding success if it eliminates all spam promising me videos of Angelina Jolie. But will keeping the initiative highly classified best serve the cybersecurity challenges we face?
In a world where teenagers successfully hack into major corporations and agencies, can we honestly expect a small group of people to create policy that will secure cyberspace for the entire planet? Yes, I know this is supposed to be a "national" initiative, but does the Internet have borders? (OK, I didn't let "national" slide.) This may be naive, but I would think the more people involved in such an initiative, the better. Including the uncomfortable — for some — notion of opening cybersecurity plans to the public.
(As a side note, the plans for most of the cybersecurity initiative have been kept secret so far — successfully, it seems. Maybe they should use the same techniques to secure cybersecurity that they've used to secure the initiative.)
While I find the debate over open-sourcing vs. classifying to contain as many strands as a cybersecurity initiative itself, the one item that caught my eye in this particular story was the recommendation by a panel of experts — the few who have had access to the initiative — who have stated that the initiative as it stands reads more like an execution plan than a comprehensive strategy. Kind of like when you were first writing term papers in high school, and you wrote an outline, and then the paper was the outline, rewritten with a couple of word changes. We all learned to flesh out our papers from those early experiences, right? Right?
For now, we are left to rely on those experts, as we are left to rely on law enforcement personnel in our communities. I'd keep an eye on where the experts move when they retire.
One note on the cartoon below: Every time I look at it, I go back and forth over whether I should have underlined/emphasized the word "this" instead of "is." Say it to yourself a few times and you'll see what I mean. Please feel free to use whichever version works better in your personal readings of the cartoon.
Posted by John Klossner on Oct 07, 2008 at 12:18 PM