Firewall Wizards mailing list archives
RE: .gov/.mil threat ID
From: "Stout, Bill" <StoutB () pioneer-standard com>
Date: Tue, 26 Jan 1999 18:25:13 -0500
The NSA at the RSA conference discussed their role in 'Information Assurance', which is a more comforting way of saying they're into the Internet Information Security business. See Presidential Decision Directive PDD-63 (related: http://www.ciop.gov/, and http://www.ciao.gov/63factsheet.html). They're concerned with the 'Interlocking Global Critical Infrastructure', which to them requires an 'active cyber defense'. This comprises of the ability to protect, detect and report, then respond to a threat. Protect relies on personnel, detect and report relies on operations, and respond relies on technology. Technology is developed by industry, supplimented by Government-Of-The-Shelf (GOTS) products. One of the Directors said they only go as far as to report, they don't police. They collect information for their customers, and forward information to the appropriate agency. The ability to respond depends on 'industry developed' technology, where the NSA claims most of the security vulnerabilities exist. A new program for testing products according to 'common criteria' is planned where NIAP (National Information Assurance Partnership) accredited commercial labs test products. Soon to live will be http://www.niap.gov/ (not online yet). Their presentation documents state they're into Risk Management, and not risk avoidance. I'll see if I can get those documents posted at http://www.isr.net/. Bill Stout
----- Original Message ----- From: AI mailer v .1 alpha [SMTP:tyme () dreams res cmu edu] Reply To: AI mailer v .1 alpha [SMTP:tyme () dreams res cmu edu] Sent: Thursday, January 21, 1999, 22:30:55 To: firewall-wizards () nfr net Subject: .gov/.mil threat ID <lurker> <first time post> I think the government and military may be the only organizations with the resources to respond to potential threats, but they still do not know how to effectively respond, or even to decide which events their threat detection systems log should be responded to. Apparently someone sent a "small number of probes" to a .mil site spoofed from one of my computers' addresses a few weeks ago, and they were quite paranoid about it. If the government can log but doesn't have the resources to decide what to do with that potential threat information, what good would it do a company with alot less resources? Or is the military just inept at their analysis? Justin ----- End Of Original Message -----
Current thread:
- .gov/.mil threat ID AI mailer v .1 alpha (Jan 26)
- Re: .gov/.mil threat ID Joseph S D Yao (Jan 27)
- Re: .gov/.mil threat ID Paul D. Robertson (Jan 27)
- <Possible follow-ups>
- RE: .gov/.mil threat ID Stout, Bill (Jan 27)
- RE: .gov/.mil threat ID Crumrine, Gary L (Jan 28)
- RE: .gov/.mil threat ID Paul D. Robertson (Jan 28)
- RE: .gov/.mil threat ID David Harley (Jan 29)
- RE: .gov/.mil threat ID Paul D. Robertson (Jan 28)
- RE: .gov/.mil threat ID Stout, Bill (Jan 28)