Q: What do ISPs really think about security issues?
Gadi Evron
ge at linuxbox.org
Fri Jan 11 14:31:44 UTC 2008
On Fri, 11 Jan 2008, Suresh Ramasubramanian wrote:
>
> All of it translates to
>
> 1. X more mailing lists to sign up to (lots and lots more email, great)
> 2. X more conferences to attend (more miles, yay, that's plat for this
> year taken care of)
> 3. A sizeable amount of reinvention of the wheel too
>
> Fun, isn't it?
To begin, I hate my inbox too. I want the same thing. And yes, I know a
serious part of your inbox problem comes from me and mine--all I can
offer in reparations is beer. I also dislike the fact many people are
clueless, but I do like the fact clueless people are starting to get
clued by, to a level, re-inventing the wheel.
This email is long, I am giving you my take. What I want to see is not
necessarily your thoughts on my philosophy, but rather what YOU think
should be done. What would MAKE a difference in the fighting, for you?
Suresh, you *know* I am with you and that there is nothing more important
to me that information sharing and cooperation. Now let me correct that to
recent times, that *used* to be the most important consideration, whether
some of those in need never share back or give feedback only meant we
only shared some of what we have, rather than all of it--not that we won't
share.
Getting cooperation inside industries, then between them, then with
academics, then with law enforcement, then with policy makers. It's been a
rocky ride.. but well worth it.
The first ammendment to this was the understanding that 'diversity is
good', meaning; not to get upset when others choose to double resources
and not cooperate. Diversity truly is great:
* It lets new blood in
* It creates new political presences (not necessarily powers) that
we need to cope with, making us less close-minded
* Helps create and foster a community
* Proves time and again that what we believe to be evil may have
been bad once, but is actually pretty good in the current
landscape--we got set in our ways and set taboos (sharing virus
samples outside the AV world, sharing C&C information, listening
in on bad guys, etc.)
Letting efforts run free enforces a sort of Darwinian selection as far as
their methods and people, but more importantly it pushes the successful
ones up to our sand box.. if only we can protect them from people like us
long enough.
Naturally, diversity is not *always* good, which is the second ammendment
to the thinking process.
Moving on, these subjects are in fact mainstream, no longer discussed in
rants by few looney people such as us. This brought some good, and
naturally some bad.. but when affecting change one has to remember people
need to decide for themselves and they in turn let us be successful in
protecting them. Our accomplishments aside we kept what we were working
on so secret that:
* Administrators didn't have the knowledge or tools to cope (and
they could help)
* Public awareness was non existent (which we are suffering from
now)
* Political awareness was non existent (which we are suffering
from now)
It is not about an holier than thou attitude, it's about understanding
that the Internet is truly the only functioning anarchy, and that "doing"
by itself makes a difference. New people who come along and will try their
own way, and a sort of non-committal Darwinian seclusion or capitalism
(not necessarily monetary) will determine their success. We can't stop
them so may as well help them, yes?
As to current existing mail tornados of too many places to be and to
see... we get less and less over time, but it is what it is, and it is
about human nature. Human nature, social structures, etc.--nuff said.
Meeting the new crowd is always good, but seeing how they not only
re-invent the wheel on the how to cope, but rather in their whole thinking
process, I am slightly concerned. We HAVE information sharing, we HAVE
cooperations. What the Internet, and we, need, is to move to the next
level, whatever that may be--of course I have my ideas about that.
That means moving from good-will based relationships to something more
substantial, as the criminal side has moved on long ago to billions in
revenue, R&D teams, outsourcing, and kinetic [support] operations (from
fraud to throat-cutting).
We are of course limited to what we *can* do:
* Physical world efforts (law enforcment getting better,
conferences to bring people together)
* Intelligence gathering
Non operational:
* Political outreach ("there is no cyber-crime problem")
* Awareness raising
We may have achieved a LOT on our end, but at the end of the day we
have made exactly a dent in the criminals' operations, and no more. We
make that dent once in a while and they move on, evolving. In retrospect
we haven't made any difference on their side, and they won.
Won what, you may ask. The war? We never really fought, it is a false
argument that we did, and as one of the many people who are doers out
there and gave a chunk of their lives to this 'fighting' I can say that
and not offend myself.
Our fighting has been (mostly) limited to getting slapped, and writing
analysis about it.
What I'd like to see? Here's three items on a strategic level rather than
tactical, which I can go on about forever (you know I like to hear my own
voice, right? :) )
* People working to bridge the tech-policy gap between people like
us and policy makers (who following Estonia *are* writing
policy which will affect us)
* In a situation where we don't start a war not we, but rather the
Internet can't win--actively fight back
* These efforts stopping to be a volunteer-based 'thing' and
moving to people who should be doing it (not people like me)
> Listening is, of course, important. As is coming in with an open mind
> and without a holier than thou attitude .. especially if the attitude
> is combined with the sort of URGENT!! TAKE THIS PHISHER DOWN NOW!!"
> abrasiveness nobody else really appreciates.
>
> That, by the way, is why I'm glad to see more and more organizations
> holding collocated / joint meetings .. across, to use some igov jargon
> (and for want of a better word) "stakeholder communities" .. banks
> talking to ISPs talking to LE / regulators talking to independent
> researchers etc.
Indeed!
Thing is, most stop at the talking stage, which they get off their chest
and will do again 6 months from now.
The Internet is not gonna die tomorrow, it is already IPv6 in Asia. :P
Taking a step back from security, from my niche, in which I am extremely
worried--as long as people can download their pr0n and argue over Captain
Kirk, I am happy. Thing is, all these millions of incidents every moment
are nothing but background noise.
WE CAN'T handle them, we can just jump at big ones. As long as things
remain this way, my hollistic-view self will be happy, but as the
awareness decreases and the background noise increases--we will eventually
be "only useless" rather than "mostly useless" in bottom line net effect
on the criminals. That of course unless we understand we need to do
something drastically different than what failed us so far, even if it did
help us get organized.
What ISPs can do? They can do a lot more than they do now. That is also a
false statement as people can always do more. ISPs may be a part of the
solution, but they are not the solution. We can affect how techies work,
but the business folks are the ones making the decisions and making
fighting criminals make business sense is not always the best use of our
time.
ISPs? Some of the best and smarted people in the world work at ISPs.
Unfortunately, also some of the stupidest.
> --srs
>
More information about the NANOG
mailing list