Batz, I believe we are talking about two different perspectives here operational and end user. The concern I have is with the ability of sectors dependent on information infrastructure to operate if there are problems. What web-site is abvailable to the end user is not the value judgement but if NASDAQ can facilitate stock trades, if banks can clear settlements, etc. It does get a little fuzzy in what you consider Internet and what you consider private networks. From a physical perspective they all use a common fiber infrastructure - it all runs in the same trench - so in some terms it does not matter. There has been quite a bit of discussion about physical downage being an inconveniance, and if you limit yourself to just the Internet (web sites, email, porn, etc) this is a valid statement. Where this goes off track is that the Internet is only part of the equation - the operation of several critical infrastructures is dependent on fiber based communications. A cut is a cut - it does discriminate against private networks, security protocols, encryption or anything else. A leased line does not mean you get a special ditch. ----- Original Message ----- From: batz <batsy@vapour.net> Date: Thursday, September 5, 2002 7:41 pm Subject: Re: Vulnerbilities of Interconnection
On Thu, 5 Sep 2002 sgorman1@gmu.edu wrote:
:The question is what if someone was gunning for your fiber. To date :cuts have been unintentional. Obviously the risk level is much higher :doing a phyisical attack, but the bad guys in this scenario are not :teenage hackers in the parents basement.
This happened recently in Quebec where there is a labour dispute with Videotron and one of the unions representing its workers. The dispute has been exaserbated by the sabotage of the companies fiberlines.
Now, while this may affect Videotrons bottom line, it only becomes a critical infrastructure issue when it becomes a Hydro Quebec issue, or it interferes with the provinces ability to deliver services.
Honestly, if a few million people can't get their porn streams, the world isn't going to end. If 911 operators, or ambulance services can't direct emergency crews for 10 people, then you have a serious problem.
:There is a good foundation of knowledge on the implications of cyber :attacks, but the what-if of an intentional physical attack is an :important question I believe. The context in this discussion has been :very valuable and many thanks to everyone that has offered opinions.
The What-If questions have to be sorted from a particular view, and it will be the legislators view which will ultimately matter. You can bluesky, whiteboard, game and scheme all you like, but there are only a few opinions that matter when it comes to deciding what is of importance to national security, and until we hear from them, we can be as paranoid and imaginative as we want, and it won't help the infrastructure become more secure.
So, as for Nasdaq, vs Google, vs the GSA vs Agriculture vs CNN, until we have the correct order in which to place these entities, we can't provide a useful or accurate model of how vulnerable the infrastructure is.
You mentioned that you thought Nasdaq would be the most important asset to protect, but what happens if some Internet traders on AOL can't make their trades because of a fiber cut, vs not being able to get their infotainment from CNN, vs weather and crop data data not getting to farmers on time. It's a relative and ultimately political discussion.
-- batz