Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Government

Journal PotatoHead's Journal: Discuss: Cybersecurity Sysadmin Guild

Journal by PotatoHead

The NYTimes story linked below sparked some thought I wanted hear more from /. about. This is not your typical advocacy post, but for the simple request that we just talk about this stuff. Can that still happen on /. I'm hoping so. Take the info below, read it, then think about it, then contribute what you think will have the most value. The idea is for us to just do a bit of talking for the sake of just learning and thinking for a change.

These kinds of topics are of great interest to me, largely because the ethics and law surrounding them are new and often being formed right now, in our time. That's kind of cool really. It's interesting to consider what we sort out now will define things for generations to come.

In short, we live in interesting times.

http://www.nytimes.com/2009/06/13/us/politics/13cyber.html?_r=1&partner=rss&emc=rss

My intent with this is to just have some good discussion. I've got my flame suit on, and really just am interested on where this takes people. Consider it food for some interesting talk, not so much an advocacy piece. I am wanting to hear some thoughts on this subject matter, whatever they may be. Let's go!

The problem with cyber-defense and our traditional notions of privacy, search, seizure, etc... comes from the virtual nature of Internet communications, geographical portability, and relative inability for many to quantify how the net works in terms we agree on. Simple discussions like "theft" of movies require people understand very subtle things, like infringement and why it's not simple theft. Please, this thread is not about that topic. I contributed it to highlight one of many things we remain very confused as a nation on, not to make a position statement on what happens on a download ok?

Enter the Systems Administrator.

These people did it first. We have a net to wage war in, because they did the work to build something that would actually behave as a virtual space. And there are some fascinating parallels with our history I want to share, then make a statement at the end of this I didn't think I would make. Ideally, that's where some discussion will happen.

Our founders were these very progressive and visionary people. When they formed this nation there were only a few democracies in operation at the time. They were seen as everything from radical to just. We live in that nation today because they structured things to behave as a space where people were free to be people.

The systems administrators who built the net were like them in many ways! They were visionary, progressive and very focused on structure and freedom, knowing that good things would happen without having to actually state them.

As time passes, current generations lose some of the connection to those early builders. Today, both our founders and systems admins are not seen in the same way they were when alive and building.

Our early legislators were mentored in from the builders. Many implied things were honored because they were just, law had not yet been written and ethics controlled how a lot of things got done. Admins are the same way.

I, for example, was mentored my people who I would characterize as first and second generation admins. The net was an open place a lot like early America was. Few people had locks, few people then had cyber security.

The third generation is operating now, with the fourth upon us soon.

When I got introduced to being an admin, ethics were a part of the discussion. Then came the gentlemen's agreements and such. The net was still being formed. Now it's built and being improved, renovated, etc...

Early on, it was not possible to be an admin, without having gone through the passing of the torch. Then it became possible to just become an admin through the course of simple work, and the ratio of those being mentored by those that formed the roots of the thing to those who just end up doing it leans toward no mentoring with each passing day.

Problems escalated as more and more ordinary people jumped into the space and started doing their thing.

The net closed, security was required and the rest brings us to today.

Here's an example of the kinds of things I experienced when the keys to the kingdom were handed to me:

Ethics on privacy. It was obvious that I could examine any portion of our company net. So then, what's the right behavior? Do I read the e-mails, poke at the financials, log browser traffic? The answer is complicated and much of it depends on what the information is for, whether or not a person can be trusted to do the right thing with it, and so on.

I got the title of admin, because the prior one basically told the users I was ready, could be trusted, and had the skill needed to carry them forward. This still happens, and it happens a lot and that is good. When it doesn't happen, there are issues. Or worse, the admin is forced to disregard their ethics to hold a job, and users are left with the results.

My point is this: I don't think it's possible to operate a safe net, without some people getting to know stuff. Our open net requires us to have administrators and that's just how it is. Somebody somewhere has the keys to whatever fiefdom you care to inhabit, and you get to travel in cyberspace simply at their pleasure. They allow that traffic to exist, and they allow it because it is better with that freedom than without.

Witness nations like China and Australia and others who regulate that travel sharply, and with that comes an idea of just how much implied trust we operate on. It's a lot people. An awful lot.

As an admin, I operated (and still do operate) mail servers. Marriages can be broken with the info sitting on that server. Prison terms can be there too. There is a lot of power in that machine, and the admin could use it for personal gain quite easily. There's the implied trust bit right there.

My users know I don't read e-mail. My standard line is that it would simply piss me off, and who wants to do that? The reality is that I know that server needs to be treated in a special way so that the people who inhabit it (and that's an odd way to put it, but it makes sense to me) can just be who they are and do what they do, much like they do getting into a car and driving down the road.

Over the years, I've been asked to cross boundaries. Copy software, crack software, open up the server and take a peek "for the company", and any number of other things. I've said "no" a lot, and have been fortunate enough to be in positions where that "no", and the "why" behind it was heard and respected. I've been forced a time or two and considered an attorney, because the law actually forbid what was being requested. There are many who need their job and or don't care and will just do it. Think about that dynamic too.

So then, Obama wants to essentially create the systems admin for the nation.

IMHO, this is good.

I see everybody worried about trust. The nation is going through the same thing little pools of people went through when the net was forming. A discussion happens:

[admin]

We have networked the computers!

[users]

YEAH!!

But, what about... and it comes! Can others see my stuff, can I see their stuff, will people know things?

[admin --if they are a good one]

Admin lays down the law, ethics and commits to earn the trust of people.

So then, this discussion results in everybody operating under some common assumptions and the admin just compartmentalizes a lot of things and basically sits there and makes it all go in a way that people can live with.

We, as a nation are there now.

We as a community here on /. have been there for a while, with our admins here structuring things so that we can do what we feel compelled to do with few to no inhibitions and a lot of trust. Think about that in the context of this national development about to happen. Interesting no?

I think so.

My proposal is essentially a guild. Cybersecurity is going to require admins and our liberties are going to fall under their privy, or we operate in a less than secure environment and take the risk. That is the national question, but for the guild part. That's mine, at the moment.

If we go the guild route, then we return to how the net was formed and the trust and ethics issues that formed the place and that means people vetting people for the sake of other people.

Will the President actually have his admin tell him "no" and "why", or will that admin just take a peek?

I think about the wiretapping that happened. What if that guild were in place, and they said NO? Or, perhaps they said "maybe", and it went to the courts?

If we have a national systemsadmin, czar, etc... what do you think that looks like, and what power should it have?

Flame, rant, rave, you name it! Let's just talk about this and see where it leads!

This discussion has been archived. No new comments can be posted.

Discuss: Cybersecurity Sysadmin Guild More

Discuss: Cybersecurity Sysadmin Guild

Comments Filter:

Slashdot Top Deals

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Close