More federal management of key components of the Internet needed
Michael.Dillon at radianz.com
Michael.Dillon at radianz.com
Thu Oct 24 09:38:06 UTC 2002
> Hardly. They have a hard enough time passing information from one squad
to
> another within the FBI, they're never going to be able to survive and
> interoperate in the Information Age against high-tech threats that move
at
> packet speed. And don¹t get me started about Infragard.....ugh...
What government fails to realize is that this is war. In a combat
situation, you have to rely on the skill and the initiative of front-line
troops to win the battle, not generals and certainly not politicians. It
is true that generals and politicians can win wars, but they do this by
making the battles irrelevant, i.e. negotiating the surrender of the
enemy. However, the war we are involved in is against a disorganized enemy
who has no politicians of his own and who probably doesn't even have any
generals. Since there are no hacker politicians to negotiate with,
political action has little chance of being effective. And since there are
no hacker generals making sweeping strategic decisions, there is not much
for an organization like the FBI or NIPC to do.
The best strategic action that government and crimefighting groups can
take is to encourage and support the front-line troops to go out there and
fight the enemey. Battles are won by persistence, rapidly adapting to the
fluid situation and quick decision making on or near the front-lines.
That's why the existing communications channels and information sharing
tools used by network operators are superior to Infragard or anything that
the FBI or NIPC could think up. They are used to the slow plodding
post-mortem analysis of crimes that have been committed. Their goal is
only to catch the perp. However, on the net, we are more concerned with
mitigating the damage of an attack while it occurs and removing newly
discovered vulnerabilities as soon as possible.
I think a lot of the debate about infrastructure protection would
evaporate if we would be clearer about the goals of the different parties
and we would recognize that different goals require different means. The
FBI can manage their own program to catch perps who attack the
infrastructure while we can manage our program to quickly react to an
attack in real time, i.e. fight the front-line battles.
Perhaps we need to better document the times when the net community was
successful in dealing with an attack and analyze what was good and should
be kept versus what was bad and could be improved. One incident that I
recall was the wave of SYN flood attacks that led to various OS kernels
being hardened against such an attack. At the time I was on both the NANOG
list and the firewalls mailing list. I crossposted several messages
between the two lists so that both communities would see the full picture
and so that both groups could work together to win that one battle over a
period of two or three days. The end result was not to eliminate SYN
floods but we did mitigate the attacks so that nowadays you cannot knock
out a server with a low-bandwidth stream of SYN packets.
--Michael Dillon
More information about the NANOG
mailing list