Re: Gorelick testifies before Senate, unveils new executive order
At 3:04 7/18/96, David Sternlight wrote:
Serious studies have shown that the kinds of protections to make the systems we depend on robust against determined and malicious attackers (say a terrorist government, or one bent on doing a lot of damage in retaliation for one of our policies they don't like), have costs beyond the capability of individual private sector actors. Your friendly neighborhood ISP, for instance, probably can't affort the iron belt and steel suspenders needed to make his system and its connectivity sabotage-proof, and so on. Even cheap but clever solutions involving encryption in such systems require standards and common practices across many institutions.
However, the neighorhood IPS doesn't need the kind of defenses required for the powergrid and other crucial systems. The systems that do require such heightend security are typically run by parties that can afford such security. If they choose not to implement them, then it stands to reason that their threat evaluation does not deem it necessary. Let market forces govern, lest we spend money on countermeasures for inflated threats. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President.
At 12:44 PM -0700 7/19/96, Lucky Green wrote:
At 3:04 7/18/96, David Sternlight wrote:
Serious studies have shown that the kinds of protections to make the systems we depend on robust against determined and malicious attackers (say a terrorist government, or one bent on doing a lot of damage in retaliation for one of our policies they don't like), have costs beyond the capability of individual private sector actors. Your friendly neighborhood ISP, for instance, probably can't affort the iron belt and steel suspenders needed to make his system and its connectivity sabotage-proof, and so on. Even cheap but clever solutions involving encryption in such systems require standards and common practices across many institutions.
However, the neighorhood IPS doesn't need the kind of defenses required for the powergrid and other crucial systems. The systems that do require such heightend security are typically run by parties that can afford such security. If they choose not to implement them, then it stands to reason that their threat evaluation does not deem it necessary. Let market forces govern, lest we spend money on countermeasures for inflated threats.
I suggest that your comment about non-neighborhood IPS systems is speculative and isn't based on reading the formal threat assessment analysis. You are entitled to your opinion but it's just that, not an analytic argument. It also contains at least one false assumption: that if "their" threat evaluation deems it important, they can afford to implement it. As we know this is flat out false. Many aviation experts have said that we could make airplanes a lot safer than they are now (for example), but nobody could afford to fly them if we did. David
participants (2)
-
David Sternlight -
shamrock@netcom.com