Securing the government

Securing objects is an science. Large volumens has been written about the subject and security professionals use carefully developed methods in their work.

In computer science security professionals identifies vulnerabilites wich may provide access to sensitive information or applications, cause production downtime and other disruptions. The vulnerabilites may be unpatched servers, badly implemented programs, weak passwords, untrustful insiders, lack of physical security and many more. The security professional will try to identify the likelihood that some will actually exploit the vulnerabilites, and the corresponding business impact. He suggest countermeasures for the most serious risks.

A government is an institution that holds the exclusive power to enforce certain rules of social conduct in a given geographical area. The means of enforcement is physical violence. Physical violence may be used by criminals for plunder and other abuses and it is a great threat to society if criminals take control of the government in wich case the citizens has now way of selfdefense except breaking the law or leaving the country.

There are many methods to limit this treat:
The security professional would place the various task of the gowernment in many separate institutions.
For example those actually doing the violence, would do so only on strict orders given by others. Those giving these orders would again be carefully restricted and monitored be others again. Courts with due process will protect the citizens. Taxing must be proven by court and always with time limits.

Each institution will follow the least privilege principle and have clearly limited scope and tasks. The institutions will be regularily and systematically monitored by other institutions and actions will be taken following established procedures in case of misconduct.

Important institutions will have forced job rotation and other mechanism to make collusion as difficult as possible.

The whole design will be intricate and delicate to as far as possible eliminate all vulerabilities against the obvious threats of criminally minded citizens.

Using these well established security methodolgies will result in something like the American constitution of 1776 or the Norwegian constitution of 1814. The founding father had a clear goal to avoid abuse of the citizens by their government.

Unfortunately the design was not clever enough. Our constitutions contained contained many vulnerabilites wich has be exploited. The workings of our gowerments today contains little of the great ideas of the men creating them.

The norwegian constitution was hacked in 1884. When we abondend the principle of “The Rule of Law” to “The Rule of men” and embraced the system of Majority Rule “parlamentism”. From a security perspective the Principle “All power in this hall” (all makt in denne sal) is horrible.

To use the information security analogy: The norwegian gowenment was hacked in 1884 and various trojans have since been placed. The malware now controls the applications and servers almost completely.

The consequnces are serious. The malware has caused a serious financial crisis and unsustainable welfare states wich are now collapsing. The prospect of riots and violent activism met by increasingly authorative and totalitarianian gowernments are are real and growing by the day.

To tackle the problems from the root a new carefully designed constitution 2.0 should be designed and implemented.

Tips oss hvis dette innlegget er upassende

Filed under: on November 15, 2009 at 12:01 am Comments Off

Sorry, the comment form is closed at this time.

Denne bloggen blir ikke forhåndsredigert av VG Nett. Bloggens eier står ansvarlig for alt innhold.
Ingenting varer evig og nå er vi dessverre ved veis ende. VGB er lagt ned og vil ikke komme tilbake.
VG Blogg var en tjeneste levert av VG Multimedia AS. Henvendelser rettes til: Magne Antonsen
Ansvarlig redaktør/Administrerende direktør: Torry Pedersen
Redaktør digitalt Espen Egil Hansen. Redaktør avis: Helje Solberg. Politisk redaktør Hanne Skartveit
Digital direktør: Jo Christian Oterhals. Sentralbord VG: 22 00 00 00