What are your thoughts on the cybersecurity implications of a net neutrality repeal?
Here is some emerging discussion on the topic:
Are You Worried? - How net neutrality repeal might affect cybersecurity
FCC votes to repeal net neutrality, could increase cybersecurity threats
I think what is more concerning that on average 4000 pieces of information is known about individuals within the USA, due to the opt out approach to data privacy. Whereas as the European model is opt in.
It means, potentially giving greater anonymity to the attackers, but also to other organisations for other intelligence gathering purposes for good or bad intent. The most affected potentially will be shareholders, due to organisations having not invested appropriately to the increased level of threats and the inability to response in a timely manner to detect, protect and respond to attacks.
I find on net neutrality that a lot of people speak out both sides of their mouth. A number of times I have heard someone complain against the repeal with "The government shouldn't control the Internet!" Fine, but that would seem to favor getting the FCC out of the Internet (and maybe disbanding the FCC all together).
From a security standpoint granting service providers more flexibility in terms of throttling or banning certain traffic should be a good thing. It's what every network administrator does on a daily basis. The grand fear of course, is that it allows corporate giants to restrict access or at least skew it. Fair enough, but have any of these alarmists ever heard of a newspaper? For centuries, newsprint has functioned without government oversight. When a publisher starts being biased, you stop buying that newspaper. If your ISP starts throttling you, you go to another ISP. Sure it might cost more or you might have a lower tier of service, but you have choices.
One upshot of getting ISPs further from the FCC is it could increase their civil liability as they no longer have the regulatory excuse for permitting/ignoring traffic on their network.
A seemingly neutral, wild-west type of internet gave us all kind of security related issues. Net neutrality may have more to do with privacy than actual security (two things which are somewhat related, but are not the same at all). Honestly, I can't seem to get myself angry or motivated regarding net neutrality one way or the other. Having it hasn't made cable companies better. Getting rid of it just puts us back where we were -- and this is just in terms of raw quality of service.
I like to think that giving network operators a freer hand will lead to a more secure situation. However, I also don't think they'll do that great of a job, anyway. I'm concerned that traffic monitoring/shaping technologies will be used to subvert security controls like TLS and inject ads into streams, rather than just cutting down on spam, worm propagation, botnets, DDoS, etc.
Ultimately, I think that the question has become so political, with the loudest voices often being the least technically competent, that the only appropriate solution is to settle the question through legislation rather than regulation.
@JoePete @Badfilemagic @Caute_cautim Thanks for sharing your thoughts! Clearly it's difficult to get a clear read on the total impact and potential ramifications of this move based on coverage and online opinions so far. Very interesting perspectives. Thanks again!
It looks as though you are applying Burp Suite for testing applications and man in the middle type sampling - https://portswigger.net/burp
Do you have permission from ISC2 to carry out such tests?
Regards
Caute_cautim
@Caute_cautim wrote:
Is this a test of our ability to read scripting languages? Please illuminate?
You'll notice that the message you were replying to no longer exists.
Somebody took advantage of the fact that anybody can create an account on our "community" and tried to spam it. I suspect that they were trying to use some automated spamming tool, because the half dozen or so postings that they made seem to be portions of some larger posting. Full marks to the "community" admins for being johnny-on-the-spot and getting rid of the stuff quickly, but it does demonstrate that our "community" is completely open to the world.