Re: [ISN] Feds urge secrecy over network outages

From: InfoSec News (isn@private)
Date: Fri Jun 25 2004 - 06:06:58 PDT

Next message: InfoSec News: "Re: [ISN] Book Review: Network Security Architectures by Sean Convery"

Previous message: InfoSec News: "RE: [ISN] LayerOne Hacking Exposed"
Maybe in reply to: InfoSec News: "[ISN] Feds urge secrecy over network outages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Richard Forno <rforno@private>

re: Feds urge secrecy over network outages

Here's another example of "security through obscurity" being proposed
by those in our government without Technology Clue One.  While this
may give such cluebots a warm-fuzzy feeling about keeping such
information away from the public eye -- and "potential terrorists" --
it's a feel-good thumb-in-the-dike solution ... There are any number
of other ways to get the same information or monitor our long-haul
networks.  At the very least, affected customers would complain and
news would get out to the greater internet community in short order.  
(Or do they also plan to prohibit third-party network monitoring
services and software because their use may "induce" such knowledge to
facilitate 'bad' things, ala Sen Hatch's new copyright bill?)

This goes back to the debate over disclosure of vulnerabilities, both
in cyberspace and the physical world. Remember the post-0911 rush to
remove public information about landmarks, utilities, and critical
infrastructures that allegedly could be used to "assist" an
"adversary"?  At the time, those of us with a clue about real security
shook our heads in disbelief at the government's unwavering belief
this would be an effective countermeasure. Sure, it looked
"security-like" to conduct such activities in the name of protecting
the homeland, but looking beyond that spin and thinking objectively
about the matter you quickly begin to see it did little if anything to
really improve security.

In his latest book "Beyond Fear", security expert Bruce Schneier calls
this kind of thinking "security theater" -- the ongoing desire to
present the reassuring illusion of security instead of providing the
real thing that works effectively.  I call it the Ostrich Security
Solution -- the cyber equivalent of sticking one's collective head in
the sand and hoping the problem/danger goes away before you look up
again.

And unfortunately, that's the approach Uncle Sam seems to be taking.


Rick 
-infowarrior.org

"But politicians like to panic -- it's their substitute for achievement."
- Sir Humphrey Appleby



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
(Broke? Spend 15 minutes a day on the project!)

Next message: InfoSec News: "Re: [ISN] Book Review: Network Security Architectures by Sean Convery"
Previous message: InfoSec News: "RE: [ISN] LayerOne Hacking Exposed"
Maybe in reply to: InfoSec News: "[ISN] Feds urge secrecy over network outages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 25 2004 - 08:17:08 PDT