Fowarded from: Mark Bernard <MEBERNARat_private> Dear Associates of The Information Security Profession, I cannot believe the stuff that I read some days, it really surprises me. The unfortunate, tragic events of last Tuesday have implications for Information Security at so many different levels it would be exhausting to list each individual relationship here. What I will do is provide some elementary insights to assist with the stimulation of those neurons that you are suppose to have. Basics: Integrity; Availability and Confidentiality, Information is not just a technology issue but also a human issue. Actually human's really are "the weakest link". The Integrity of the US was severely impacted as a result of this disaster. The trickle down affect further impacted the integrity of interest in the country and it assets as measured in stocks and trading. The Integrity of counter intelligence information was also placed under a microscope and partially held to blame. As a direct result of the disaster the Availability of information assets, such as the ACL's of known persons within the Buildings, the terrorists identities, was an issue then and continues to be now. The Availability of system resources hence the outcry for additional technology and technical assistance, intellectual property in the forms of humans with special skills. The Availability of over burdened emergency resources was also an issue even though many, many people came together to help ultimately the situation was overwhelming. Confidentiality, much like privacy was tossed out the door when the manhunt ensued and in all likelihood will never be then same. In some cases there are trade offs. As for Microsoft, I've always been a blueblood and I have some issues certainly stemming mostly from our over dependency on one product. However, any time that someone reaches out to help please have some class and except it! Remember they don't have to help, they may have lost somebody or perhaps even a number of people and this is their way of seeking out some closure. Finally, learning about what just happened and why is a critical element in preventing it from happening again. Counter intelligence has an opportunity to somewhat redeem itself. It is also a critical element in Information Security I hope that this has helped you in someway to broaden your perspective and open your eyes. Best regards, Mark. Global Information Security Specialist -----Original Message----- From: InfoSec News [mailto:isnat_private] Sent: Tuesday, September 18, 2001 5:06 AM To: isnat_private Subject: Re: [ISN] New York Red Cross Needs Tech assistance! Forwarded from: Darren Reed <darrenrat_private> Forgive me for being insensitive, but will someone please explain what the World Trade Centre disaster has to do with Information Security ? I don't give a rats arse how much money Microsoft has given or how much equipment Cisco has donated. I think I've heard enough about it by now, as has the rest of the world, I imagine. I've observed my minute's silence for those who were unfortunate to be caught up in this madness and heck I was standing on top of #2 just a few weeks ago. Lets move on, eh? A more pertinent angle on this affair is do either the USA or terrorists have any plans to make further moves which involve IT: hacking web sites, launching huge DDoS attacks, HERF guns, attacking phone exchanges,or large Internet telehousing/exchanges, etc. If Bin Laden is a big user of crypto then isn't he just as prone to an IT attack/failure being disruptive as anyone in the USA? Of all of these, the most intesting is HERF. Why? Well, if large commercial site gets hit/targetted (lets say the NYSE) then does that provide the non-government world with the pick to the lock around TEMPEST ? Maybe the terrorist groups will use a nuke just to generate a large EMP and wipe out a city that way. Sure, it may be fiction in some movie or book, but so was flying a large plane into an American state building until last week...(yes, I read "Debt of Honor" some time ago, along with "Executive Orders"). Hitting NYC, or just the down town area with a large EMP would have a much more devastating effect, (if it was able to penetrate some of those old stone bulidings) than killing thousands, on the NYSE, with most of the big computer suppliers now running on lead times of "weeks" to prevent inventory buildup. Maybe those sort of weapons are too hard to build and operate for Bin Laden, maybe he's never heard of them - lets hope he hasn't or it's just too hard for him to make. Anyway, this is more appropriate for a risks forum now than here...but please, no more WTC stuff, eh, unless it has a direct relationship with IT security ? Darren - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 14:28:40 PDT