Digital Borders: Maybe It’s Time.
I’m on vacation near St. Louis, working on the family farm for a few days. (Yes, I enjoy driving tractors and fixing fence in my spare time. It’s a big change from the day job.) So, with a few spare minutes, it’s about time that I updated the blog. Thanks for waiting.
I have a conundrum for all of you.
If a foreign nation parachuted soldiers into St. Louis, Missouri and started invading homes, I’m pretty certain that the US government would send in the military to defend us. That’s because it’s an attack on the homeland. However, if we use the Internet model, they’d tell those people to call the Saint Louis Police Department and give them the URL for a web page on how to defend oneself from foreign invaders.
Doesn’t that sound strange?
With the US government spending more than $10 billion this year on Cybersecurity – for the US government – isn’t it time they talked about protecting the rest of us?
So far, much of the protection money was spent on plans to fence off government networks. We’ve heard lots about fencing off government networks from people like Richard Clarke. To me, it’s like building a castle, while the peasants live outside. Is that what we want from our government?
I recommend that we discuss a more comprehensive option, called Digital Borders. I wrote about this back in 1997 in an article called “Electronic Borders: Defining and Protecting National Networks” for Computers and Security magazine, here. (I changed the name because of conflict with another type of border technology.) I’m posing the concept again, since the open Internet has failed to bring harmony to the digital world.
Digital Borders are nothing more than a way to define the territory of any individual nation on the Internet. Usually, that space would be defined as the logical space owned by servers and network connections located in the physical space of any nation. In that regard, those IP addresses are governed by that nation’s laws. Knowing about where your national interest begins and ends makes it easier to enforce laws and to keep foreign interests from interfering in your local business. If the government will do this for itself, why won’t it do the same thing for the rest of us?
Any government can get started with a digital border by licensing all data connections that transfer data to and from locations outside the physical borders of that nation. Yes, this is additional regulation, but it only affects those entities that make direct connections outside the nation. From that point, the people of the nation should decide how much control is exercised over those connections. Filtering known malware and attacks is a simple step that would do lots of good for the average Internet user.
I am not advocating a massive and intrusive firewall, similar to the one used by the People’s Republic of China. The level of control is a matter of public policy and should be debated in any nation that considers the concept. However, I’d at least like to have the debate. It’s time we stopped fooling ourselves about the risks of an uncontrolled Internet and began seriously discussing a comprehensive plan for protecting ourselves.
Jim Molini, CISSP, CSSLP
