[Dshield] DHS wants to silence reporting of network outages -- DSHIELD next?

Mark markt442 at yahoo.com
Fri Jun 25 21:49:20 GMT 2004


Politics aside - I perceive the information they are
attempting to control is more related to the "effect"
of an attack.

Yes, technically from across the world I can confirm
that I took out a server - but what business processes
were dependant upon said server?

A published report in the media could help an attacker
understand the "effect" of taking a system out and
better help them understand the soft underbelly of
critical systems.

We'd all like to think that "business continuity"
planning and consistent security best practices are
implemented and in use; but in the real world this is
often lacking at many sites.

I'd agree (slightly - I vote for full disclosure) that
we want to limit major media attention to a security
breach. Keep in mind that large banks are exactly
forthcoming when they are hacked, except in the case
of law enforcement involvment and/or regulatory laws
require said reporting.

Ex. hacker discovers a vuln on a banking site -
executes said attack (Denial of Service). Technically
he can verify the 'success/failure' of the methods and
the service availability of the machine. But how did
it affect the business model? Unless he/she is an
insider, they'd have to rely on the media to report
it.

Sorry to make this long, but I wanted to bring this
side of the discussion forward. There is great
discussion on the "tech side" of security - but I
didn't see any posts on the digest arguing the "biz
continuity" aspect of security and security planning.

Best to all!

Mark


		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 



More information about the list mailing list