RE: New York Red Cross Needs Tech assistance!

[InfoSec News <isn () c4i org>]

Fowarded from: Mark Bernard <MEBERNAR () mccain ca>

Dear Associates of The Information Security Profession,

I cannot believe the stuff that I read some days, it really surprises
me.

The unfortunate, tragic events of last Tuesday have implications for
Information Security at so many different levels it would be
exhausting to list each individual relationship here. What I will do
is provide some elementary insights to assist with the stimulation of
those neurons that you are suppose to have.

Basics: Integrity; Availability and Confidentiality, Information is
not just a technology issue but also a human issue. Actually human's
really are "the weakest link".

The Integrity of the US was severely impacted as a result of this
disaster. The trickle down affect further impacted the integrity of
interest in the country and it assets as measured in stocks and
trading.

The Integrity of counter intelligence information was also placed
under a microscope and partially held to blame.

As a direct result of the disaster the Availability of information
assets, such as the ACL's of known persons within the Buildings, the
terrorists identities, was an issue then and continues to be now.

The Availability of system resources hence the outcry for additional
technology and technical assistance, intellectual property in the
forms of humans with special skills.

The Availability of over burdened emergency resources was also an
issue even though many, many people came together to help ultimately
the situation was overwhelming.
  
Confidentiality, much like privacy was tossed out the door when the
manhunt ensued and in all likelihood will never be then same. In some
cases there are trade offs.

As for Microsoft, I've always been a blueblood and I have some issues
certainly stemming mostly from our over dependency on one product.
However, any time that someone reaches out to help please have some
class and except it! Remember they don't have to help, they may have
lost somebody or perhaps even a number of people and this is their way
of seeking out some closure.

Finally, learning about what just happened and why is a critical
element in preventing it from happening again. Counter intelligence
has an opportunity to somewhat redeem itself. It is also a critical
element in Information Security

I hope that this has helped you in someway to broaden your perspective
and open your eyes.

Best regards,

Mark.
Global Information Security Specialist


-----Original Message-----
From: InfoSec News [mailto:isn () c4i org]
Sent: Tuesday, September 18, 2001 5:06 AM
To: isn () attrition org
Subject: Re: [ISN] New York Red Cross Needs Tech assistance! 


Forwarded from: Darren Reed <darrenr () reed wattle id au>

Forgive me for being insensitive, but will someone please explain what
the World Trade Centre disaster has to do with Information Security ?
I don't give a rats arse how much money Microsoft has given or how much
equipment Cisco has donated.

I think I've heard enough about it by now, as has the rest of the world,
I imagine.  I've observed my minute's silence for those who were unfortunate
to be caught up in this madness and heck I was standing on top of #2 just a
few weeks ago.  Lets move on, eh?

A more pertinent angle on this affair is do either the USA or terrorists
have any plans to make further moves which involve IT: hacking web sites,
launching huge DDoS attacks, HERF guns, attacking phone exchanges,or
large Internet telehousing/exchanges, etc.  If Bin Laden is a big user
of crypto then isn't he just as prone to an IT attack/failure being
disruptive as anyone in the USA?

Of all of these, the most intesting is HERF.  Why?  Well, if large
commercial site gets hit/targetted (lets say the NYSE) then does that
provide the non-government world with the pick to the lock around TEMPEST ?
Maybe the terrorist groups will use a nuke just to generate a large EMP
and wipe out a city that way.  Sure, it may be fiction in some movie or
book, but so was flying a large plane into an American state building
until last week...(yes, I read "Debt of Honor" some time ago, along with
"Executive Orders").

Hitting NYC, or just the down town area with a large EMP would have a
much more devastating effect, (if it was able to penetrate some of those
old stone bulidings) than killing thousands, on the NYSE, with most of
the big computer suppliers now running on lead times of "weeks" to prevent
inventory buildup.  Maybe those sort of weapons are too hard to build and
operate for Bin Laden, maybe he's never heard of them - lets hope he hasn't
or it's just too hard for him to make.

Anyway, this is more appropriate for a risks forum now than here...but
please, no more WTC stuff, eh, unless it has a direct relationship with
IT security ?

Darren



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.