Re: Vulnerbilities of Interconnection

[<sgorman1 () gmu edu>]

Batz,

I believe we are talking about two different perspectives here 
operational and end user.  The concern I have is with the ability of 
sectors dependent on information infrastructure to operate if there 
are problems.  What web-site is abvailable to the end user is not the 
value judgement but if NASDAQ can facilitate stock trades, if banks 
can clear settlements, etc.  

It does get a little fuzzy in what you consider Internet and what you 
consider private networks.  From a physical perspective they all use a 
common fiber infrastructure - it all runs in the same trench - so in 
some terms it does not matter.  There has been quite a bit of 
discussion about physical downage being an inconveniance, and if you 
limit yourself to just the Internet (web sites, email, porn, etc) this 
is a valid statement.  Where this goes off track is that the Internet 
is only part of the equation - the operation of several critical 
infrastructures is dependent on fiber based communications.  A cut is 
a cut - it does discriminate against private networks, security 
protocols, encryption or anything else.  A leased line does not mean 
you get a special ditch.

----- Original Message -----
From: batz <batsy () vapour net>
Date: Thursday, September 5, 2002 7:41 pm
Subject: Re: Vulnerbilities of Interconnection

> On Thu, 5 Sep 2002 sgorman1 () gmu edu wrote:
>
> :The question is what if someone was gunning for your fiber.  To 
> date 
> :cuts have been unintentional.  Obviously the risk level is much 
> higher 
> :doing a phyisical attack, but the bad guys in this scenario are 
> not 
> :teenage hackers in the parents basement.  
>
> This happened recently  in Quebec where there is a labour
> dispute with Videotron and one of the unions representing its 
workers.
> The dispute has been exaserbated by the sabotage of the companies 
> fiberlines. 
>
> Now, while this may affect Videotrons bottom line, it only becomes 
> a 
> critical infrastructure issue when it becomes a Hydro Quebec 
> issue, 
> or it interferes with the provinces ability to deliver services. 
>
> Honestly, if a few million people can't get their porn streams, the
> world isn't going to end. If 911 operators, or ambulance services 
> can't direct emergency crews for 10 people, then you have a serious
> problem. 
>
> :There is a good foundation of knowledge on the implications of 
> cyber 
> :attacks, but the what-if of an intentional physical attack is an 
> :important question I believe.  The context in this discussion has 
> been 
> :very valuable and many thanks to everyone that has offered opinions.
>
> The What-If questions have to be sorted from a particular view, and
> it will be the legislators view which will ultimately matter. You 
> can bluesky, whiteboard, game and scheme all you like, but there are
> only a few opinions that matter when it comes to deciding what 
> is of importance to national security, and until we hear from 
> them, 
> we can be as paranoid and imaginative as we want, and it won't help
> the infrastructure become more secure. 
>
> So, as for Nasdaq, vs Google, vs the GSA vs Agriculture vs CNN, 
> until we have the correct order in which to place these entities, 
> we can't provide a useful or accurate model of how vulnerable the
> infrastructure is. 
>
> You mentioned that you thought Nasdaq would be the most important 
> asset to protect, but what happens if some Internet 
> traders on AOL can't make their trades because of a fiber cut, vs
> not being able to get their infotainment from CNN, vs weather
> and crop data data not getting to farmers on time. It's a relative
> and ultimately political discussion.  
>
>
> --
> batz