into it, only masquerading as legitimate users. The CPU is authorized to
receive the externals of such traffic,
as the voluntary users have authorized; these data streams are analyzed
through the voluntary actions of those
participating in the CPU social network for anomalies that can indicate a
cyberattack or preparation for a cyberattack. The members of the CPU network send statistical information or
alerts of varying degrees of urgency to
its contributors who are then able to
initiate defensive responses, depending on the nature of their information
to be protected and the criticality of
The process is characterized by
various operational and business models, several supported by distributed
agents. Consolidation and analysis
centers CAC(s) would receive traffic
externals from user sources, including infrastructure operators and other
organized entities. They would also
receive hierarchically processed flows
(such as EROs) for parts of the power
infrastructure, nodes in upper levels of communication systems, feeds
from CERTs, network-security companies, and, most important, private and
small-business users. Governments
are likely to have their own systems for
their needs but could participate with
filtered flows should they choose. The
CAC(s) could provide near-real-time
alerts and network status reports to users, with lengthier analyses following
as more data is analyzed.
CAC(s) might be organized as a not-for-profit corporation supported by
user consortia consisting of network-affinity groups, possibly as a subscription service with various levels of timeliness and depth of analysis. Amateurs
perform similar services, including
ham-radio operators in emergencies,
astronomers searching for asteroids,
and gamers exploring approaches to
protein folding. It could be a research
operation studying network dynamics
while also providing a real-time product, an objective that would also provide useful guidance for research. Output data could be used as a basis for
for-profit value-added services. There
is even a civil-defense aspect governments might support.
The basic governance principle,
as with the IETF, would be openness,
ternational Corporation to The Center
for International Security, Technol-
ogy, and Policy at the Georgia Institute
rough consensus, and running code to
be improved collectively over time.
Following any of the paths outlined
here, a social-network-based CPU will
develop in directions its users feel provide value. Existing social networks
(such as Facebook, Twitter, blogs, and
wikis) could provide marketing and
Further issues will also have to be
addressed, as with any user-controlled
network. Participants have to choose
between privacy and the degree to
which the network demonstrably improves their protection. The CPU’s
own protection is necessary to prevent
it being manipulated by the abusers
whose activities it seeks to mitigate. A
CPU could also give network abusers
feedback on the effectiveness of their
attacks, but attackers already know the
responses being taken by software providers and security vendors.
The voluntary technical contributions needed for its operation will have
to be forthcoming from the participant
community. The degree to which a CPU
competes against the security products
of its commercial participants will
have to be balanced against the benefits they would receive.
It may be that the most capable
and dedicated security innovators are
found in the same research community that formed the basis for the ARPANET. Such an experiment would be
1. Commission of the european Communities. brussels,
nov. 17, 2005.
2. ernst & young. y2K study, aug. 1998.
3. Federal energy regulatory Commission. Order No.
705: Mandatory Reliability Standards for Critical
Infrastructure Protection, Docket No. RM06-22-000,
Jan. 18, 2008; http://www.ferc.gov/whats-new/
comm-meet/2008/011708/e- 2.pdf and http://www.
4. gates, r.M. Secretary of Defense Memorandum:
Establishment of a Subordinate Unified U. S. Cyber
Command under Strategic Command for Military
Cyberspace Operations, June 23, 2009.
5. goodman, s.e. and lin, h.s., eds. Toward a Safer and
More Secure Cyberspace. national academies Press,
Washington, D. C., 2007.
6. hathaway, M. Keynote at rsa Conference: The Obama
Administration’s Cyberspace Policy Review (san
Francisco, Ca, apr. 22, 2009).
7. internet Crime Complaint Center, Federal bureau of
investigation. 2007 Internet Crime Report. national
White Collar Crime Center, bureau of Justice,
Department of Justice, Washington, D. C., 2007; http://
8. lukasik, s.J. Why the arPanet was built. IEEE
Annals of the History of Computing (sept. 2011).
9. lukasik, s.J. Protecting the global information
commons telecommunications policy, Next-Generation
Internet Conference (london, Feb. 21–23, 2000);
10. lukasik, s.J., goodman, s., and longhurst, D.
Protecting Critical Infrastructures Against CyberAttack, Adelphi Paper 359. international institute for
strategic studies, london, 2003.
11. President’s Commission on Critical infrastructure
Protection. Critical Foundations: Protecting America’s
Infrastructures, report. the White house, Washington,
D. C., oct. 1997.
12. Securing Cyberspace for the 44th Presidency. georgia
tech, atlanta, ga, Dec. 2008; http://www.csis.org/
13. sofaer, a.D. and goodman, s.e., eds. The Transnational
Dimension of Cyber Crime and Terrorism. hoover
institution Press, stanford university, 2001; see
lukasik, s.J., Chapter 4: Current and future technical
14. the White house; http://www.whitehouse.gov/pcipb/
I benefitted greatly from my discussions on improving cybersecurity with
Seymour E. Goodman and Anthony
M. Rutkowski. This study is based on
a grant from Science Applications In-
Stephen J. Lukasik ( firstname.lastname@example.org) is Distinguished
senior research Fellow at the Center for international
strategy, technology, and Policy of the sam nunn
school of international affairs at the georgia institute of
technology, atlanta, ga.
© 2011 aCM 0001-0782/11/09 $10.00