[CII] welcome to the public CII

Brunner, Mark Mark.Brunner at CIBC.com
Thu Nov 26 14:19:22 UTC 2009 

Greetings like minded, non-spam-bots,

I'm generally a lurker in most of my mailing lists, but it would be interesting to start a discussion regarding what is and what is not Critical Infrastructure, and who is charged with protecting which segment.  Start herding the cats towards the fences before the charter is issued.  Honestly, until recently, I did not consider much of the online banking environment to be "critical infrastructure" beyond its ability to generate revenue for the organization and provide convenience to the customer.  My vision has been historically narrow due to my propellor-headed view of world.  Having worked in my current position for a number of years, I see that there is a considerable amount of reliance upon networks that are beyond our ability to control, let alone to protect, and delays in trade communications in the millisecond range can cause losses of an almost unimaginable scale with cascading effects throughout multiple industries.

I would also be very interested in learning more about the actual SCADA networks that are in place, how connectivity policies are enforced on them, what controls are in place to restrict connectivity between networks and the Internet or other networks, and how these policies and controls are audited against over the next few years.  Of course so would the bad guys, so I expect a lot of off-line discussion?

Thanks to the mods for their commitment, and setting this up.

Cheers,

Mark Brunner, CISSP
Senior Security Incident Response Specialist 
CIBC Information Security Risk Management
Tel: 416-980-6622 
e-mail: mark.brunner at cibc.com


-----Original Message-----
From: cii-bounces at isotf.org [mailto:cii-bounces at isotf.org] On Behalf Of Gadi Evron
Sent: Wednesday, November 25, 2009 4:35 PM
To: cii at isotf.org
Subject: [CII] welcome to the public CII

Hello all,

This list is now officially open for discussion. The list is not moderated, although any new subscriber is auto-moderated until we are sure they are not a spam bot.

I'd like to start with a clean slate, and at least for a little while, with no set agenda. Many of us discussed what critical infrastructure on the internet is, how to define it, and how to protect it, many times before. We all have varying ideas, so let's try and be patient until we find our feet and what our specific goals are.

Before we put forth any sort of charter or specific issues, I'd like to hear from you what you think is lacking in current discussion on the subject matter, and what you would like to see happen in the next few years.

People on the list are all very busy individuals, so while we encourage discussion, please try and conduct yourselves properly.

CII is co-admin'd by Barry Greene and myself, while some more spots may open up as necessary, as we settle into a routine in the coming months.

	Gadi.


--
Gadi Evron,
ge at linuxbox.org.

Blog: http://gevron.livejournal.com/
_______________________________________________
CII mailing list
CII at isotf.org
http://isotf.org/mailman/listinfo/cii

More information about the CII mailing list