Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0)
Howard C. Berkowitz
hcb at netcases.net
Tue Oct 7 13:44:21 CDT 2008
Superficially, one difference between government and business security
programs is that government has intelligence agencies that they can draw
upon for threat assessment. It is a separate question if intelligence
agencies accurately determine certain threats, or if politicians pay
attention to accurate assessments if the assessment conflicts with ideology
or generic preconceptions.
Seriously, one of the major problems in convincing businesses about a need
for security is that many managers, sensitive to cost, do not see a real
threat. If one broadens that to continuity of operations in general, those
managers whose firms have survived major disasters tend to be far more in
favor of disaster recovery planning.
Unfortuately, many security technologists are in the unfortunate position of
the parent trying to convince a child not to touch a hot stove, when they
have never been burned. In my case, that is convincing a dearly beloved cat
that the stovetop is not on the feasible route from point A to point B.
While some use the analogy of herding cats, that is more appropriate with
technical people than top managers. In the case of the latter, the analogy
may be more akin to the lion, who woke one day, and strode through his
Encountering an antelope, he roared, "WHO IS KING OF THE JUNGLE?"
The antelope quivered and said "you, mighty lion."
He next encountered a gnu (no, it's not Gnu). Again, even the tougher beast
said "You are the great one."
The lion walked further, and met an elephant. As he started to say "WHO
IS...", the elephant wrapped his trunk around him, whopped him into several
trees, juggled him on his tusks, and then threw him into a mud wallow.
Scrambling to avoid an indignant hippopotamus, the lion looked at the
elephant and said "Gee, your Majesty, could you chill out a little?"
From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu]
Sent: Tuesday, October 07, 2008 1:40 PM
To: J. Oquendo
Cc: nanog at nanog.org
Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber
On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said:
> What about exceeding the minimum requirements for a change.
It's like any other field - the customer wants more than the minimum,
have to pay more. Almost all contractors will at least act like they're
to meet the local building codes, because that's a minimum requirement. It's
the rare contractor indeed who will throw in the upgraded appliance package
and real marble flooring for free...
(I think you'll find that if somebody is actually willing to *pay* for more
security, there's plenty of outfits who are more than happy to make it
More information about the NANOG