Re: UN calls for global cyber treaty

[David Farber <dave () farber net>]

Begin forwarded message:

From: Doug Humphrey <doug () joss com>
Date: February 1, 2010 9:11:41 PM EST
To: dave () farber net
Cc: "ip" <ip () v2 listbox com>
Subject: Re: [IP] UN calls for global cyber treaty

> Begin forwarded message:
>
> > From: Rahul Tongia <tongia.cmu () gmail com>
> > Date: February 1, 2010 5:53:04 PM EST
> > To: dave () farber net
> > Cc: ip <ip () v2 listbox com>
> > Subject: Re: [IP] UN calls for global cyber treaty
> >
> > Dave,
> >
> > If someone uses the Internet to take down your electricity grid, that's not a very "smart grid"...
> >
> > One REALLY has to design cybersecurity up front - and this may mean NOT using the public internet for anything even 
> > remotely critical, or adding layers of security, access control, gateways, and segmentation.  One can use internet 
> > *protocols* - that doesn't make it the Internet.  It's not that hard to create a separate network for a smart grid - 
> > SCADA systems have been doing it for years.  The world's largest SCADA of its kind is actually up and running in 
> > India (built by ABB).  

As everything in life seems to go in cycles, the "public/private network"
oscillation is a common one - in this case, the urge to put it all "on the
net" is fueled by ease of access and lowered expense - isn't it great that
we can access the control system from anywhere?  and we don't have 
the expense and effort of administering a separate network...  and it just
looks so much more MODERN.  We all want to look modern, right?

Those with backgrounds in risk assessment and mission critical operations
generally understand the other side of the shiny coin, but alas, sometimes
those engaged in policy, and management, tend to see all of that described 
above as "progress" and arguments against it as "obstructionist" or perhaps
luddite-ism.

> > Physical layer threats (including wireless) are a bigger challenge than a remote hacker should be. 

all layers have their threats - its all risk...

> > [I have an article submitted for publication to IEEE that uses the difference between the Internet and internet to 
> > postulate how there is actually an analogous difference between a smart grid and a Smart Grid.  Just using smart 
> > grid technologies (e.g., a smart meter) doesn't make a Smart Grid...copies available to folks on request]

please!  love to read it!

doug

> > Rahul
> >
> > On Tue, Feb 2, 2010 at 4:04 AM, Dave Farber <dave () farber net> wrote:
> >
> >
> >
> >
> > Begin forwarded message:
> >
> > > From: Richard Forno <rforno () infowarrior org>
> > > Date: February 1, 2010 5:27:28 PM EST
> > > To: Infowarrior List <infowarrior () attrition org>
> > > Cc: Dave Farber <dave () farber net>
> > > Subject: UN calls for global cyber treaty
> > >
> > >
> > > Once again, we hear rumblings of "internet drivers' liscenses as part of any 'solutions' to 'protect' the net.....  
> > >  -rf
> > >
> > >
> > > UN calls for global cyber treaty
> > > http://www.zdnet.com.au/news/security/soa/UN-calls-for-global-cyber-treaty/0,130061744,339300673,00.htm?omnRef=1337
> > > By AAP
> > > 01 February 2010 10:07 AM
> > > Tags: un, treaty, security, google, china, cyber, war, attack
> > > The world needs a treaty to prevent cyber attacks becoming an all-out war, the head of the main UN communications 
> > > and technology agency has warned.
> > >
> > > International Telcommunications Union secretary general Hamadoun Toure gave his warning on Saturday at a World 
> > > Economic Forum debate where experts said nations must now consider when a cyber attack becomes a declaration of war.
> > >
> > > With attacks on Google from China a major talking point in Davos, Toure said the risk of a cyber conflict between 
> > > two nations grows every year.
> > >
> > > He proposed a treaty in which countries would engage not to make the first cyber strike against another nation.
> > >
> > > "A cyber war would be worse than a tsunami — a catastrophe," the UN official said, highlighting examples such as 
> > > attacks on Estonia last year.
> > >
> > > He proposed an international accord, adding: "The framework would look like a peace treaty before a war."
> > >
> > > Countries should guarantee to protect their citizens and their right to access to information, promise not to 
> > > harbour cyber terrorists and "should commit themselves not to attack another".
> > >
> > > John Negroponte, former director of US intelligence, said intelligence agencies in the major powers would be the 
> > > first to "express reservations" about such an accord.
> > >
> > > Susan Collins, a US Republican senator who sits on several senate military and home affairs committees, said the 
> > > prospect of a cyber attack sparking a war was now being considered in the United States.
> > >
> > > "If someone bombed the electric grid in our country and we saw the bombers coming in it would clearly be an act of 
> > > war.
> > >
> > > "If that same country uses sophisticated computers to knock out our electricity grid, I definitely think we are 
> > > getting closer to saying it is an act of war," Collins said.
> > >
> > > Craig Mundie, chief research and strategy officer for Microsoft, said "there are at least 10 countries in the world 
> > > whose internet capability is sophisticated enough to carry out cyber attacks ... and they can make it appear to 
> > > come from anywhere."
> > >
> > > "The internet is the biggest command and control centre for every bad guy out there," he said.
> > >
> > > The head of online security company McAfee told another Davos debate on Friday that China, the United States, 
> > > Russia, Israel and France were among 20 countries locked in a cyberspace arms race and gearing up for possible 
> > > internet hostilities.
> > >
> > > Mundie and other experts have said there is a growing need to police the internet to clampdown on fraud, espionage 
> > > and the spread of viruses.
> > >
> > > "People don't understand the scale of criminal activity on the internet. Whether criminal, individual or nation 
> > > states, the community is growing more sophisticated," the Microsoft executive said.
> > >
> > > "We need a kind of World Health Organisation for the internet," he said.
> > >
> > > He also called fo a "driver's licence" for internet users.
> > >
> > > "If you want to drive a car you have to have a licence to say that you are capable of driving a car, the car has to 
> > > pass a test to say it is fit to drive and you have to have insurance."
> > Archives      
> Archives       





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com