This might be premature as we’re still very small, but what thought has been given to national defence?
Obviously we have no physical land or citizens to defend, but if you stop and think for a moment we still have an attack surface made up of discord servers, logins that could be hacked, smart contract hacks, b2b services, emails, DNS, web servers, economic token price attacks, and even discourse here.
What I’m saying here is that it seems like defence is something a nation will need to plan for and evolve as they get bigger and become a larger target. Not having a defence plan can leave us open to attack by other bad actors. Should there be a Defence and Security Guild where the members only focus on these tasks?
It could start small, like a security strategy, and then a longer road map could be planned and implemented to keep our nation secure from threats to the best of our ability.
It’s, in fact, an exciting topic. I remember a dinner at the launch of Nation3 where the founders discussed this topic.
I’m personally a fan of the OSINT movement. I agree that a DefSec guild to protect the Nation and its citizens would be an excellent service to build going forward.
Let’s start the discussion.
Perhaps we could start by token gating this form so it’s not viewable publicly?
I totally agree with this idea
I felt the need for a security department (I call it a military department in an article I was researching on the nation3 project myself）.
Nation on the cloud do not need violent institutions in theory, but because it is a code-based world, it is very necessary to establish defense institutions.
- Establishing a code review body to review the ever-increasing amount of modular code to make it secure.
- Develop a security manual to prevent the loss of assets caused by attacks or theft of community service tools or “phishing attacks” on citizens.
- Prepare contingency plans on how to deal with insecurity in the event of an incident, and establish a hierarchical system for dealing with it.
I wouldn’t recommend closing the forum. Our source code is open, and our communication should be open as well. It’s essential to have ideas and discussions of problems/solutions flow easily between the members of our DAO, and even be open to people who are not yet members of the DAO. This reduces friction for people who want to evaluate past decisions made by the Nation3 DAO (some of which are people who are considering to join as a new DAO contributor).
Have you considered ways to implement security measures while remaining open and transparent?
Don’t get me wrong, I love openness, but there are some very bad actors out there. Just look at what happened to UST and LUNA last month.
As the nation evolves it could become targeted. Open communications on your standard webapp are perfectly acceptable, but I think it requires at least we challenge the norm that all internal conversations, strategies etc are 100% public.
Fully public information means people who would wish to take down the nation by targeting key people, or learning strategies would be able to gain valuable inteligence to pre-plan attacks.
On the flip side we don’t want to be so secretive that no one knows anything.
A balance needs to be in place to protect sensitive information, while keeping general discussion more open.
I don’t need it right now, but I’ll probably need it later.
I understand some elements of the discussion here, but I think that some of the language being used is suggestive of the wrong type of threat landscape.
I think that Nation3 should continue to operate in the open, that is a strength and is core to many aspects of web3, but that does not mean that we hould behave in a naive fashion.
It makes complete sense to understand what the risks of that are and what security should be put in place. As such I would advocate a Risk and Security Guild/Strategy, starting out with some simple understanding of the risk appetite across key verticals - what is tolerable, where do we accept no risk and what sits in between.
Outside of Risk and Security as strategic guilds, I’d rather see us create an ESG or CSR or Charity Guild before a Military or Defence, these are areas where we can immediately do good rather than hunkering down and potentially turning inwards at such an early stage.
Defence doesn’t need to be closed and definitely doesn’t need to be offensive. We are (at least now) a cloud Nation and we should attempt helping our citizens in what we consider “our” territory, that is, the cloud.
People are getting scammed daily, in many shapes and forms. Many of you make fun of ape’s being hacked (and yeah, kinda funny) but they are fellow soon to be citizens of the movement and in need of group of shadowy super coders who defend their belongings.
A way to help these peeps and many more people could be a browser extension that, the same way metamask injects web3, it injects in your web3 and checks and decompiles better the tx your are sending/signing. At the same time it can flag addresses know to be hackers so you don’t interact with those (or warns you about it). Could have some features Passport gated if it’s desired, but I do not think that’s necessary for a first version.
We are creating a solarpunk future, let there be light, not dark.