________________________________________ From: jsq@internetperils.com [jsq@internetperils.com] On Behalf Of John S. Quarterman [jsq@quarterman.org] Sent: Monday, January 21, 2008 7:40 AM To: David Farber Cc: John S. Quarterman; ip Subject: Re: [IP] Re: Another way of making money using the net? Dave, for IP:
From: Eugene H. Spafford [spaf@mac.com] Sent: Sunday, January 20, 2008 11:51 AM To: David Farber; ip Cc: Valdis Kletnieks Subject: Re: [IP] Re: Another way of making money using the net?
On Jan 20, 2008, at 9:20 AM, Valdis.Kletnieks wrote:
Hackers literally turned out the lights in multiple cities after breakin=
The most telling part of the article:
"Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted."
In other words, "trust us it happened, we won't give you anything verifiable, and you'll have to take our word that we're not fear-mongering.
I'll respond to this as an example of a class of replies, and not intended to single out Valdis.
Why do people automatically distrust statements that are actually quite reasonable? Many of us who work in security know that SCADA is vulnerable. We also know that the criminal element is operating online basically unchecked. So why react as if this is some form of government manipulation? That Tom said as much as he did in the venue where he did is, in many senses, surprising for its openness.
Because Congress is currently debating retroactive telco immunity for warrantless wiretapping, in which AT&T passed a full feed of everything to the feds, and meanwhile AT&T is simultaneously proposing to filter all traffic for copyright violations?
That's why we should carefully consider the sources, the issues, and the ground truths we (think) we know. That we have been lied to in the past is a given. That we will be lied to in the future is a given. But that does NOT mean that we should conclude that every statement made to us by someone working for the government is a half- truth or intended to be sinister.
This would be the same administration that is proposing to get Congress to pardon itself for war crimes: http://www.blogfordemocracy.org/2008/01/pardon_me.html The same one that is still trying to lie us into a war in Iran. This administration should bear the burden of proof that it is not lying.
Personally, my experience has been to give careful thought to anything said by any political appointee or elected official, but to give the benefit of the doubt to regular employees when something plausible is stated.
Please point at any department or agency of the U.S. government that is not completely controlled by political appointees of the current administration, well beyond the political control exerted by previous administrations.
In this case, ask yourself what is the downside to trusting that the statement is true, or is close to the truth? We harden our SCADA and digital control systems against outside interference and maybe invest in some improvements to our cyber investigation capabilities. Gee, that's an awful alternative, isn't it? I guess we should disbelieve the account, and leave our power grid wide open for attack -- that'll show those lying government types!
Would that hardening SCADA would be the result. The more likely result, unfortunately, would be legalization of filtering of everything that goes over the Internet, looking for bad guys about as effectively as airport security, and with even more dampening effect on free speech and innovation. People should be watching what goes into any FISA bill very closely. -jsq ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE