Stupidity: A Real Cyberthreat.

Jerry Pasker jerry at jerry.org
Thu Jan 19 17:40:30 UTC 2006


[subject change since this is a change of subject, was "Re: The 
Backhoe: A Real Cyberthreat?"]

The biggest threat to Cyber security is stupidity, followed only by 
indifference.  Period.  There.  Someone was bound to say it, so I 
said it first.

Now, in an attempt to get my NANOG "Header to Content" size ratio to 
1, I'll rant on a little for your entertainment, enjoyment, 
annoyance, or hatred.  :-)

Terrorists want to kill people.   Did anyone die when those two 
fibers were cut?  Did it cripple the US Economy?  Did it close the 
stock markets?  When the markets opened the next day, did stock 
prices fall across the board for weeks and months on end?  Not 
exactly.  Will people put bumper stickers on their cars that say 
"Remember 1/9?" or "Remember Buckeye and Reno Junction" No.  Not one 
person will do that.

[most] Religious extremists tend to site religious verses saying 
things along the lines of it being acceptable to kill those who do 
not belive or who oppose their religion.  [just like Christianity 
during the crusades]  I'm pretty sure there's nothing in the Koran 
that says anything about "taking away their internet and cell phones, 
and knocking out their power." [so they can live like we do]  This is 
something that the DHS knows, but doesn't want to admit too loudly. 
Why? Because it's easy to say "We're doing more to prevent cyber 
attacks.  See?  We took away the fiber maps!  We accomplished 
something!  This is bound to help out!"  [now give us more money so 
we can afford to do more things like that]

They say that, to throw us  [the public, and Congress that pays for 
their department to exist] a bone every now and again. It's nearly 
impossible for them to say "you're safer today than you were 
yesterday!"  Well, they could say it, but it would be laughed at by 
the majority of the population.  [more so than they are now] How are 
they supposed to calm people's fears?  With a statement like:  "See? 
You aren't being attacked by terrorists today!  We must be doing our 
job!"

The graphic in the Wired story from FortiusOne showing fiber optic 
backbones and how they clump also shows just how many other fiber 
routes exist.  It also shows where terrorists should go looking for 
fiber to cut.   Look at THAT map.  Go look for, and follow the signs. 
Failing that, make a few phone calls, and have the stuff marked so it 
can be found to cut it.  It's really that easy.  But why even do 
that?  We already cut enough of it without any help from terrorists. 
Just in case no one was paying attention, the score is: Lack of 
information + guy on backhoe = 675,000 cuts per year:  Terrorists = 
ZERO. It's up to carriers to either diversify or feel the wrath of 
the backhoe.   Fortunately [for carriers that have an outage] and 
unfortunately [for long term reliability], the general population is 
forgiving and forgetful enough that when outages do occur and their 
life is back to 'normal' they just don't care enough to want to pay 
higher prices for that extra infrastructure.

The part that wasn't mentioned, is something I'm most interested in. 
How much did the outage cost Sprint?  And is it worthwhile for them 
to use install or lease different fiber routes to prevent that type 
of revenue loss in the future?  [My guess would be.... "No"] 
Marketing will make up for lost customers, and trying to convince 
people to forget that it ever happened, and rate increases and/or 
insurance will make up for any lost revenue.

-Jerry



More information about the NANOG mailing list