Stupidity: A Real Cyberthreat.
Jerry Pasker
jerry at jerry.org
Thu Jan 19 17:40:30 UTC 2006
[subject change since this is a change of subject, was "Re: The
Backhoe: A Real Cyberthreat?"]
The biggest threat to Cyber security is stupidity, followed only by
indifference. Period. There. Someone was bound to say it, so I
said it first.
Now, in an attempt to get my NANOG "Header to Content" size ratio to
1, I'll rant on a little for your entertainment, enjoyment,
annoyance, or hatred. :-)
Terrorists want to kill people. Did anyone die when those two
fibers were cut? Did it cripple the US Economy? Did it close the
stock markets? When the markets opened the next day, did stock
prices fall across the board for weeks and months on end? Not
exactly. Will people put bumper stickers on their cars that say
"Remember 1/9?" or "Remember Buckeye and Reno Junction" No. Not one
person will do that.
[most] Religious extremists tend to site religious verses saying
things along the lines of it being acceptable to kill those who do
not belive or who oppose their religion. [just like Christianity
during the crusades] I'm pretty sure there's nothing in the Koran
that says anything about "taking away their internet and cell phones,
and knocking out their power." [so they can live like we do] This is
something that the DHS knows, but doesn't want to admit too loudly.
Why? Because it's easy to say "We're doing more to prevent cyber
attacks. See? We took away the fiber maps! We accomplished
something! This is bound to help out!" [now give us more money so
we can afford to do more things like that]
They say that, to throw us [the public, and Congress that pays for
their department to exist] a bone every now and again. It's nearly
impossible for them to say "you're safer today than you were
yesterday!" Well, they could say it, but it would be laughed at by
the majority of the population. [more so than they are now] How are
they supposed to calm people's fears? With a statement like: "See?
You aren't being attacked by terrorists today! We must be doing our
job!"
The graphic in the Wired story from FortiusOne showing fiber optic
backbones and how they clump also shows just how many other fiber
routes exist. It also shows where terrorists should go looking for
fiber to cut. Look at THAT map. Go look for, and follow the signs.
Failing that, make a few phone calls, and have the stuff marked so it
can be found to cut it. It's really that easy. But why even do
that? We already cut enough of it without any help from terrorists.
Just in case no one was paying attention, the score is: Lack of
information + guy on backhoe = 675,000 cuts per year: Terrorists =
ZERO. It's up to carriers to either diversify or feel the wrath of
the backhoe. Fortunately [for carriers that have an outage] and
unfortunately [for long term reliability], the general population is
forgiving and forgetful enough that when outages do occur and their
life is back to 'normal' they just don't care enough to want to pay
higher prices for that extra infrastructure.
The part that wasn't mentioned, is something I'm most interested in.
How much did the outage cost Sprint? And is it worthwhile for them
to use install or lease different fiber routes to prevent that type
of revenue loss in the future? [My guess would be.... "No"]
Marketing will make up for lost customers, and trying to convince
people to forget that it ever happened, and rate increases and/or
insurance will make up for any lost revenue.
-Jerry
More information about the NANOG
mailing list