Nato warns of strike against cyber attackers

Jorge Amodio jmamodio at gmail.com
Wed Jun 9 07:21:38 CDT 2010


>> On the other hand think as the Internet being a vast ocean where the
>> bad guys keep dumping garbage, you can't control or filter the
>> currents that are constantly changing and you neither can inspect
>> every water molecule, then what do you do to find and penalize the
>> ones that drop or permit their systems to drop garbage on the ocean ?
>
> Bad analogy. There's some plumes of oil in the Gulf of Mexico that are
> getting mapped out very well by only a few ships.  You don't have to
> examine every molecule to find parts-per-million oil, or to figure out
> who's oil rig the oil came from.

May be, but that is a particular case where you can exactly finger
point who made the mess and make him accountable and responsible to
cleaning it. But it's another example that shows that companies make
decisions based not on what is right or wrong to do but what is more
or less profitable to do within a risk management context.

> And you don't need to look at every packet to find abusive traffic
> either - in most cases, simply letting the rest of the net do the work
> for you and just reading your [email protected] mailbox and actually dealing with
> the reports is 95% of what's needed.

Agreed, but you still have no control about what happens on the other
side of the ocean, and if you don't provide a liability waiver to the
[email protected] guy they may have their hands tied by their legal department to
do anything.

I'll give you another bad analogy, for sure we need to keep an eye and
deal with transport and distribution, but the only way to eradicate
drugs (most unlikely because of the amount of $$$ it moves) is to go
after production and particularly consume, meanwhile the only thing
you can do is damage control and contention.

If it is still so freaking easy for the crocks to have a profitable
criminal biz on the net, they will find the workaround to keep making
money while its easy.

My point is, go hard after the crocks and fix the holes, things like
why the heck access to the power grid control systems are accessible
over the net from Hackertistan ? And if there is a real reason for it
to be on the net put the necessary amount of money and technology to
make it as secure as possible.

Regards
Jorge




More information about the NANOG mailing list