[Dshield] DHS wants to silence reporting of network outages -- DSHIELD next?
markt442 at yahoo.com
Fri Jun 25 21:49:20 GMT 2004
Politics aside - I perceive the information they are
attempting to control is more related to the "effect"
of an attack.
Yes, technically from across the world I can confirm
that I took out a server - but what business processes
were dependant upon said server?
A published report in the media could help an attacker
understand the "effect" of taking a system out and
better help them understand the soft underbelly of
We'd all like to think that "business continuity"
planning and consistent security best practices are
implemented and in use; but in the real world this is
often lacking at many sites.
I'd agree (slightly - I vote for full disclosure) that
we want to limit major media attention to a security
breach. Keep in mind that large banks are exactly
forthcoming when they are hacked, except in the case
of law enforcement involvment and/or regulatory laws
require said reporting.
Ex. hacker discovers a vuln on a banking site -
executes said attack (Denial of Service). Technically
he can verify the 'success/failure' of the methods and
the service availability of the machine. But how did
it affect the business model? Unless he/she is an
insider, they'd have to rely on the media to report
Sorry to make this long, but I wanted to bring this
side of the discussion forward. There is great
discussion on the "tech side" of security - but I
didn't see any posts on the digest arguing the "biz
continuity" aspect of security and security planning.
Best to all!
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
More information about the list