Forwarded from: Richard Forno <rforno@private> re: Feds urge secrecy over network outages Here's another example of "security through obscurity" being proposed by those in our government without Technology Clue One. While this may give such cluebots a warm-fuzzy feeling about keeping such information away from the public eye -- and "potential terrorists" -- it's a feel-good thumb-in-the-dike solution ... There are any number of other ways to get the same information or monitor our long-haul networks. At the very least, affected customers would complain and news would get out to the greater internet community in short order. (Or do they also plan to prohibit third-party network monitoring services and software because their use may "induce" such knowledge to facilitate 'bad' things, ala Sen Hatch's new copyright bill?) This goes back to the debate over disclosure of vulnerabilities, both in cyberspace and the physical world. Remember the post-0911 rush to remove public information about landmarks, utilities, and critical infrastructures that allegedly could be used to "assist" an "adversary"? At the time, those of us with a clue about real security shook our heads in disbelief at the government's unwavering belief this would be an effective countermeasure. Sure, it looked "security-like" to conduct such activities in the name of protecting the homeland, but looking beyond that spin and thinking objectively about the matter you quickly begin to see it did little if anything to really improve security. In his latest book "Beyond Fear", security expert Bruce Schneier calls this kind of thinking "security theater" -- the ongoing desire to present the reassuring illusion of security instead of providing the real thing that works effectively. I call it the Ostrich Security Solution -- the cyber equivalent of sticking one's collective head in the sand and hoping the problem/danger goes away before you look up again. And unfortunately, that's the approach Uncle Sam seems to be taking. Rick -infowarrior.org "But politicians like to panic -- it's their substitute for achievement." - Sir Humphrey Appleby _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)
This archive was generated by hypermail 2b30 : Fri Jun 25 2004 - 08:17:08 PDT