[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ISN] Feds urge secrecy over network outages

Forwarded from: Richard Forno <rforno@xxxxxxxxxxxxxxx>

re: Feds urge secrecy over network outages

Here's another example of "security through obscurity" being proposed
by those in our government without Technology Clue One.  While this
may give such cluebots a warm-fuzzy feeling about keeping such
information away from the public eye -- and "potential terrorists" --
it's a feel-good thumb-in-the-dike solution ... There are any number
of other ways to get the same information or monitor our long-haul
networks.  At the very least, affected customers would complain and
news would get out to the greater internet community in short order.  
(Or do they also plan to prohibit third-party network monitoring
services and software because their use may "induce" such knowledge to
facilitate 'bad' things, ala Sen Hatch's new copyright bill?)

This goes back to the debate over disclosure of vulnerabilities, both
in cyberspace and the physical world. Remember the post-0911 rush to
remove public information about landmarks, utilities, and critical
infrastructures that allegedly could be used to "assist" an
"adversary"?  At the time, those of us with a clue about real security
shook our heads in disbelief at the government's unwavering belief
this would be an effective countermeasure. Sure, it looked
"security-like" to conduct such activities in the name of protecting
the homeland, but looking beyond that spin and thinking objectively
about the matter you quickly begin to see it did little if anything to
really improve security.

In his latest book "Beyond Fear", security expert Bruce Schneier calls
this kind of thinking "security theater" -- the ongoing desire to
present the reassuring illusion of security instead of providing the
real thing that works effectively.  I call it the Ostrich Security
Solution -- the cyber equivalent of sticking one's collective head in
the sand and hoping the problem/danger goes away before you look up

And unfortunately, that's the approach Uncle Sam seems to be taking.


"But politicians like to panic -- it's their substitute for achievement."
- Sir Humphrey Appleby

ISN mailing list
Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
(Broke? Spend 15 minutes a day on the project!)