Re: [ISN] Feds urge secrecy over network outages

From: InfoSec News (isn@private)
Date: Fri Jun 25 2004 - 06:06:58 PDT

  • Next message: InfoSec News: "Re: [ISN] Book Review: Network Security Architectures by Sean Convery"

    Forwarded from: Richard Forno <rforno@private>
    re: Feds urge secrecy over network outages
    Here's another example of "security through obscurity" being proposed
    by those in our government without Technology Clue One.  While this
    may give such cluebots a warm-fuzzy feeling about keeping such
    information away from the public eye -- and "potential terrorists" --
    it's a feel-good thumb-in-the-dike solution ... There are any number
    of other ways to get the same information or monitor our long-haul
    networks.  At the very least, affected customers would complain and
    news would get out to the greater internet community in short order.  
    (Or do they also plan to prohibit third-party network monitoring
    services and software because their use may "induce" such knowledge to
    facilitate 'bad' things, ala Sen Hatch's new copyright bill?)
    This goes back to the debate over disclosure of vulnerabilities, both
    in cyberspace and the physical world. Remember the post-0911 rush to
    remove public information about landmarks, utilities, and critical
    infrastructures that allegedly could be used to "assist" an
    "adversary"?  At the time, those of us with a clue about real security
    shook our heads in disbelief at the government's unwavering belief
    this would be an effective countermeasure. Sure, it looked
    "security-like" to conduct such activities in the name of protecting
    the homeland, but looking beyond that spin and thinking objectively
    about the matter you quickly begin to see it did little if anything to
    really improve security.
    In his latest book "Beyond Fear", security expert Bruce Schneier calls
    this kind of thinking "security theater" -- the ongoing desire to
    present the reassuring illusion of security instead of providing the
    real thing that works effectively.  I call it the Ostrich Security
    Solution -- the cyber equivalent of sticking one's collective head in
    the sand and hoping the problem/danger goes away before you look up
    And unfortunately, that's the approach Uncle Sam seems to be taking.
    "But politicians like to panic -- it's their substitute for achievement."
    - Sir Humphrey Appleby
    ISN mailing list
    Sponsored by: - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Fri Jun 25 2004 - 08:17:08 PDT