ISACA (sort of) looks on the bright side of darknets
There’s an old humor routine about a comedian who learns a particular martial arts attack and then, eager to test and prove his newfound skills, walks down dark alleys with 20-dollar bills hanging out of his pockets hoping to get mugged. For many, terms like darknet conjure similar images of poorly illuminated and generally unsafe areas off the beaten path where criminal mischief lurks.
So it’s a little jarring to read about the good folks at ISACA, a professional association widely noted for its resolute advocacy of heightened cybersecurity awareness and activity, issuing a memo that touches on the use of darknet technology for legitimate business purposes. It’s a little like the Women’s Christian Temperance Union speaking out about the holistic aspects of anarchy.
The disconnect surfaced this week when ISACA announced the release of a free publication titled “ISACA Tech Brief: The Darknet,” which examines proper procedures for exlporing “potential benefits” of using the darknet. The brief largely addresses proper risk management procedures when resorting to darknet exploration and utilization for legitimate business purposes, so it’s not like the whole of ISACA is suddenly marching to the beat of a different drum.
Still, it’s unusual to see darknet technology viewed as being productive, helpful, or positive in any sense. The term “darknet,” incidentally, is often used interchangeably with “dark web” and “deep web,” though there are points of distinction. Technically speaking, a darknet is a restricted-access computer network generally used for peer-to-peer file sharing.
By contrast, “dark web” refers to regions of the worldwide web that are only accessible by means of special software, while “deep web” merely describes regions of the worldwide web that are not discoverable using a standard search engine. There are some hairs being split, to be sure, but each of the three terms does have its particular usage and application.
At any rate, ISACA’s approach is to recognize that business use darknets and to provide a framework of precautions and protections for engaging in such activity. You probably shouldn’t do that thing you’re doing, in other words, but if you insist on doing it or can’t get by without doing it, then be sure to do it responsibly.
The new brief is available free of charge, but users must agree to register with ISACA in order to download it. Or, you know, maybe there’s a copy floating around on the deep web somewhere.