Why I said "Yes" to CyberGreen
This is my first blog on a project which is close to my heart.
Since my days as heading the Australian National Office for Information Economy and then ICANN, I have been increasingly convinced that we would do well to also take a public health approach to the cybersecurity problem rather than just a traditional security approach. Just as in health, there is a responsibility for the individual, family and company to take steps to ensure its own cyber-health, there is a role for national coordination to support this, and there is a role for an international trusted body to collect and share comparative data (and best practices) to assist the allocation of international and national resources. CyberGreen, a non-profit organization, is a step to establish just such an international function.
Traditional approaches to cybersecurity are based on a reactive approach to addressing threats or incidents. They do not improve the underlying conditions in the national and international networks nor do they alter much the risk at a systemic level. CyberGreen's focus is on collecting and analysing vast amounts of data on vulnerable systems, in particular the generation of unsolicited traffic, compromised hosts and vulnerable nodes of activities such as web sites and DNS servers. It then presents this data in a way which shows the the change in the underlying risk conditions at a global and national level. Today metrics do not exist to track the impact of national or international initiatives over time. CyberGreen is directed specifically to giving policy makers, CERTS and network operators the data to compare the effectiveness of their remediation efforts.
As an analogy, CyberGreen is not in the business of developing anti-Malaria drugs; it is in the business of identifying, measuring, and help draining the swamps. CyberGreen is not in this for profit - it is in it for the global public good.
CyberGreen has been developed by technologists out of the Asia-Pacific CERT community with particular support from Japan's JPCERT.
We are now looking to internationalize and build on this support to bring CyberGreen's data analysis to the global commons. If you have ideas on how in helping to practically achieve this goal please share - it would be greatly appreciated.
Author: Dr. Paul Twomey
Senior Advisor to CyberGreen