Interesting interview with Richard Clarke re Stuxnet and that China is into everyone’s network. 

By this time, everyone narrowed the Stuxnet down to the US and/or Israel, so no real significant disclosure there. Nor is the news that China is in everyone’s network. Clarke does paint a picture of what the significance of having China in everyone’s network though. With bills such as CISPA popping up regularly, security and/or information sharing requirements (one way sharing: private sector –> government, is how it will work in reality) seem only a matter of time.

If not implemented properly, serious privacy violations could result, and, just as serious, nothing good will come of it.

So, that leaves the question, what would be a good information sharing regime? Law enforcement and the private sector have started to talk about this in informal groups. Currently, information sharing does occur, but is almost always relationship based (e.g., an IT security guy knows a secret service agent well because they went to college and still have beers). These relationships tend to be two-way. Current information sharing regimes (e.g., InfraGuard) tend to be one way.

So, what would an effective regime look like that also mitigated privacy risks?