[Dshield] DHS wants to silence reporting of network outages--DSHIELD next?

Ed Truitt ed.truitt at etee2k.net
Fri Jun 25 15:23:18 GMT 2004

Well, I don't know exactly where Bum#$%^, NE is (and I was stationed in 
NE for several years back in the '70s), but I am of the opinion that a 
cable being backhoed isn't exactly Top Secret material, either.  I 
suspect that UBL could figure out that some of our infrastructure is 
vulnerable to idiots with construction machinery -- after all, the local 
Telco has signs on every truck that say something like "Call us before 
you dig -- it's the law!"  Not only that, but we map out exactly where 
those vulnerable lines are, by putting pretty multi-colored flags over 
the spots where the line is (to keep the backhoes from cutting us off 
from our spam and pourn and telemarketing calls and whatnot.)

You do bring up a good point, however.  We have to balance free flow of 
information with safeguarding those "essential elements".  It's the same 
as in InfoSec -- a completely secure system is totally unusable.  So, 
you have to evaluate the risks, and *balance* those risks against the 
benefits of granting access.   The devils in the details, however -- 
what is the dividing line between "essential liberties" and "essential 
elements of friendly information"?  I suspect a whole lot lies in the 
gray area between the two, which is why this will be a topic of ongoing 
debate on this list (and elsewhere, once Johannes decides to declare 
this thread dead.)

David Kennedy CISSP wrote:

>YMMV, but personally, I don't include knowing about a fiber cut in
>Bum#$%^, Nebraska as being an essential liberty.  But my background
>includes several years of duties including Operations Security
>(http://www.opsec.org).  One of the doctrinal principles of OPSEC is
>safeguarding "essential elements of friendly information."  When you
>can't be strong everywhere, you be strong where you judge you need to
>be.  In those places where you are not strong, you do not advertise
>to your adversary, "the gap in our defenses is here...."
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

More information about the list mailing list