[ISN] Low-Tech Humans Subvert High-Tech Information Assurance

From: InfoSec News (isnat_private)
Date: Mon Jan 21 2002 - 00:34:30 PST

  • Next message: InfoSec News: "RE: [ISN] Italian Police Nab Hacker Group"

    Forwarded from: kelley <kwalker2at_private>
    
    http://www.us.net/signal/CurrentIssue/Jan02/low-jan.html
    
    Low-Tech Humans Subvert High-Tech Information Assurance
    By Col. Alan D. Campen, USAF (Ret.)
    SIGNAL Magazine 2002
    
    TEXT BLURB
    
    The tragic events of September 11 provide ghastly substance to the 
    metaphor of asymmetric warfare. And, they add credence to prescient 
    but nebulous warnings of threats to homeland security and concomitant 
    vulnerabilities of critical infrastructures. 
    
    While public switched networks (PSNs), cellular telephones, wireless 
    networks and the Internet--the backbone and heart of the U.S. 
    information infrastructure--were not prime targets, the cascading 
    consequence of collateral damage to information systems was laid bare. 
    The information infrastructure was found wanting in support to 
    intelligence collection, law enforcement, disaster mitigation and 
    recovery efforts. 
    
    A shortfall in network capacity, single-node sensitivity and the lack 
    of interoperability among police, fire and first responder networks 
    exposed gaps in the road to information assurance that cannot be 
    filled solely with new technology, firewalls, anti-virus patches or 
    cryptography.
    
    A once indifferent but now belatedly aroused public clamors for 
    government action, so money will be provided--perhaps thoughtlessly. 
    The Information Technology Association of America proposes spending 
    $10 billion for information technology (IT) security, and Senator 
    Joseph Lieberman (D-CT) proposes a $1 billion IT fund to jump-start 
    some of the more pressing security requirements in government and the 
    private sector. But these resources may be wasted in fruitless quest 
    of a technical silver bullet if we overlook problems created by humans 
    who misuse available technology.
    
    The United States has yet to conduct a comprehensive national threat 
    assessment of its information systems. Nevertheless, the ability to 
    transact business, operate government and respond to physical, 
    chemical, biological or nuclear attacks will be constrained by the 
    capacity, accessibility, reliability and security of the information 
    infrastructure. 
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jan 21 2002 - 03:47:31 PST