Monthly Archives: November 2019

Remember these 13 names (and the idea that the Internet is for everyone)

Walid Al-SaqafRichard BarnesGonzalo CamarilloOlga CavalliHans Peter DittlerHiroshi EsakiMike GodwinJohn LevineGlenn McKnightRobert PepperAndrew SullivanSean Turner, and Mieke van Heesewijk

These are the names and links to profiles of the Board of Trustees for the Internet Society (as of this date in November 2019).  According to their dot org web page, the Internet Society has a vision that “the Internet is for everyone”.   These people are the Trustees of the Society at the time when the organization has arranged to  sell the rights to the .org registry for an undisclosed sum to a private equity company called Ethos Capital.

Why is this important?  In my opinion if the Internet is truly for everyone there should be a means for everyone to share their thoughts there.  The dot org registry in my mind has always been the domain where organizations; both for and not for profit, could acquire a domain and have an opportunity to spread their views.

I’m disappointed that the Internet Society has chosen to sell the rights to the domain; which includes setting prices and completing sales transactions for all dot org domains.  I believe this has a chilling effect on there actually being an Internet for everyone,

Brian

Update: I’m not alone in this opinion.

Another update:  I’m not always a fan of these organizations but apparently they too think this sale is a bad idea.

Yet another update: It’s starting to look like this sale won’t happen but I’m waiting to hear about potential judicial challenges.

Understanding the Traffic Light Protocol (TLP)

The Traffic Light Protocol (TLP) takes something that most people know and applies it to a new problem.  In this case the simple concept of roadway traffic lights applied to information sharing.   As defined by FIRST, an organization formed by cyber first responders; the Traffic Light Protocol is “a set of designations used to ensure that sensitive information is shared with the appropriate audience”.

According to the TLP when sharing information between two parties (a source and a recipient) the traffic light colors instruct the party receiving the information (the recipient) what the party sending the information expects regarding how the information will be used.

The key to understanding TLP is its simplicity.  Traffic lights or signals are something used and seen by drivers and passengers on roadways around the world.

It’s important that each person in an organization handling information understand and use TLP all the time and the same way.  Successful implementation of TLP in an organization is when everyone uses the protocol to process information the same way.

While most roadway traffic signals have either two or three lights; the protocol defines 4 conditions.

TLP:Red – information classified as RED when the party sharing the information intends that it will not be disclosed.  The use of this information should be restricted to participants only.  I tell people that when information classified as TLP:Red is shared with you; that information should stay with you.

TLP:Amber –  Information classified as AMBER is intended for limited disclosure.  That means you should only share this information with people in your organization.  If you work for a company in the Information Security department when you receive information classified as TLP:Amber you can share it with others in your Information security department.  Some organizations stretch this to be interpreted as within the company.  Specific company policies and procedures should clarify this.

TLP:Green – Information classified as GREEN is also limited disclosure, however disclosure should be limited to the community; people in your organization and other organizations  whom you regularly work with.  Like TLP:Amber your organizations policies and procedures should define the community.

TLP:White –  Information classified as TLP:White carries minimal or no foreseeable risk of misuse” and can be shared broadly.  It’s important to note that information classified as TLP:White is still subject to other organizational information classification (such as Secret, Top Secret , or NoForn and copyrights should be observed.