Presumably, this is to make investigating terrorism easier – police won’t have to waste time interviewing unwitting WiFi owners, but in reality it strikes me as a waste of resources. Locating hotspots, identifying their owners and enforcing proper security are all likely to be time consuming (and futile) exercises. Terrorists will still be able to get online, whether by hacking WPA, finding an open connection or using an Internet cafe. And besides, wouldn’t you want the additional evidence made possible by the warning emails (such as IP, email account, etc.)?

As security guru Bruce Schneier endlessly points out, security is a trade-off. In this case, it seems that the Indian police are making a bad trade.

But before we irrevocably frame the issue as one of war, we need to ask if it even is so. Last year during the Estonia attacks, Tim Lee wrote a post arguing that what was happening was little more than petty vandalism. While the media reported that the government, banks and media in Estonia were being targeted, it was really only their public websites. He asked, would the average American even notice if Congress’s website was down?

“I suppose it would be a bit of a pain if I wasn’t able to check CNN or my bank account balance. But that’s not “cyber war.” It’s petty vandalism. It deserves the attention of network security experts at the companies whose websites were targetted, of course, but it’s ridiculous to get NATO involved or to act as though Russia engaging in this kind of “cyber warfare” is even remotely on par with Russia launching cruise missiles against Estonian targets.”

Although in Georgia, obviously, real war is taking place, the cyberattacks don’t seem to be taking down critical infrastructure. Instead, the websites of government ministries have been compromised. In response, the Georgian Ministry of Foreign Affairs has created a blog using Google’s hosted service. With Google’s network engineers protecting the integrity of the site, the ministry can use it to provide information updates. Will other governments come to depend on hosted solutions for their websites? So far consumers and commerce have taken to cloud computing with a vengeance, and one wonders if government, too, will do so. The same benefits of outsourcing internal IT will make it useful for governments to host their websites at specialized hosting services.

“The group calls itself the International Multilateral Partnership Against Cyber-Terrorism (IMPACT), and its advisory board features tech luminaries like Google’s Vint Cerf and Symantec CEO John Thompson.”

As the Ars Technica writer points out, this CDC-like approach of cooperating and sharing information and strategy to avoid catastrophic network-based attacks is probably a smarter approach to cybersecurity than the “nation-state-centric “cyber warfare” paradigm that is also emerging.” Although I’m still wary that an organization like IMPACT, which doesn’t include China and Russia, will be too centralized, it is certainly closer to the “rough consensus and running code” approach which characterizes the net.

Another approach to Internet security I recently learned about is OpenDNS which aims to speed up web-surfing and block malware sites. Unfortunately, because it is marketed as a solution to businesses, libraries and schools, administrators can also block innocuous sites like popular social networks. However, they have had great success so far (commercially) and use an intriguing community-based model to label suspicious websites – something which is much better than the secret blocklists of many filtering companies.

Finally, another approach which has gained some traction is StopBadware.org which is a partnership between academia, private enterprise and non-profits to identify “badware sites.” Most interesting is their partnership with Google who now warns search users that they may be visiting a badware site. In the coming months, expect more out of StopBadware.org, including the Herdict project which seeks to crowdsource security.

[See previous thoughts on cybercrime here.]

Update: See Cory Doctorow’s word of caution regarding unintended consequences of fighting malware (in this case spam).

Update II: More news on Federal involvement in cybersecurity.