Water Utility SCADA 'Attack': The, um, washout

• Previous message (by thread): Water Utility SCADA 'Attack': The, um, washout
• Next message (by thread): Water Utility SCADA 'Attack': The, um, washout
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 26 Nov 2011 17:38:55 EST, Jared Mauch said:

> >  I suggest new secrecy legislation, for fusion centres.

> It already exists :)

> People may be subject to prosecution for leaking this to the public.
> It's that simple.  Problem is it can't be undone, so it's not an
> interesting case in some regards...

Actually, it's *not* that simple - it's complicated enough that a quick
knee-jerk "There should be a law against it" reaction is probably a bad idea.
(In fact, I'll go out on a limb and say that one-sentence "there should be a
law agains it" reactios are almost always a bad idea).

After all, fusion centers were originally created because too many agencies had
laws and regulations banning the sharing of information. We saw a decade ago
just how well *that* worked out for us. So it's not at all clear that "new"
laws making things *more* classified are a good idea in this case. Nor is it
obvious how to code useful laws to prohibit the dissemination of data from a
group set up for the express purpose of mining data and disseminating the
results.  Sure you can tighten things down, but if a fusion center can't
release something quickly, it's not a lot of use, is it?

(We've more than once gotten stuff from various TLA's stamped with a default
"No Foreign Nationals" that ended up being totally unusable because we've got
foreign nationals all over the place, and had to wait for a second copy that
had gotten kicked down to "FOUO" so we could use it - loads of fun)

So the last thing we need is people who don't even know what laws already exist
calling for the creation of *new* laws.

And quite frankly, which way do you want these things to fail?  Do you want an
early alert that says "evil packets may be coming in from Russia", or do you
want it to wait till they've verified it's a contractor's employee ssh'ing in
while on vacation? Sure, a few people have some egg on their faces and now have
a really good bar story.  But let's keep in mind that it took several days to
sort this one out - coincidentally, just about the same number of day that it
took Sony to come out and say that PSN got whacked.

You really can't have it both ways.  Which do you want, false positives or
false negatives?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111126/c49c1cdf/attachment.sig>

• Previous message (by thread): Water Utility SCADA 'Attack': The, um, washout
• Next message (by thread): Water Utility SCADA 'Attack': The, um, washout
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]