At 3:04 7/18/96, David Sternlight wrote:
Serious studies have shown that the kinds of protections to make the systems we depend on robust against determined and malicious attackers (say a terrorist government, or one bent on doing a lot of damage in retaliation for one of our policies they don't like), have costs beyond the capability of individual private sector actors. Your friendly neighborhood ISP, for instance, probably can't affort the iron belt and steel suspenders needed to make his system and its connectivity sabotage-proof, and so on. Even cheap but clever solutions involving encryption in such systems require standards and common practices across many institutions.
However, the neighorhood IPS doesn't need the kind of defenses required for the powergrid and other crucial systems. The systems that do require such heightend security are typically run by parties that can afford such security. If they choose not to implement them, then it stands to reason that their threat evaluation does not deem it necessary. Let market forces govern, lest we spend money on countermeasures for inflated threats. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President.