[CII] welcome to the public CII

[Dotzero]

On Wed, Nov 25, 2009 at 4:35 PM, Gadi Evron <ge at linuxbox.org> wrote:
> Hello all,
>
> This list is now officially open for discussion. The list is not moderated,
> although any new subscriber is auto-moderated until we are sure they are not
> a spam bot.
>

I am not a spam bot. In Gadi We Trust. (Do spam bots have a sense of humor?)

> I'd like to start with a clean slate, and at least for a little while, with
> no set agenda. Many of us discussed what critical infrastructure on the
> internet is, how to define it, and how to protect it, many times before. We
> all have varying ideas, so let's try and be patient until we find our feet
> and what our specific goals are.
>

I would be interested in a stalking horse definition for CI as a
starting point. Critical to whom? In what way? Is Critical a generic
or are there differentiators for criticality? Do we consider macro,
micro or both? Do we consider protection or do we consider
survivability to use the vernacular of the Software Engineering
Institute? How about geography or political boundaries in terms of CI?
How useful might "Islands of Survivability/functionality" as a concept
be? How much might realistically be protected in a target rich
environment?

> Before we put forth any sort of charter or specific issues, I'd like to hear
> from you what you think is lacking in current discussion on the subject
> matter, and what you would like to see happen in the next few years.
>

Most of the attacks that I am aware of (Palestinian/Israeli, Estonia,
Georgia, etc) are what I would call tactical rather than strategic in
terms of concept and execution. Much of the focus appears to be on the
mechanics. What exactly do we think we are ultimately defending CI
against? What is the difference between criminal acts and acts of war?
What about the combination of physical and remote/network based
attacks?

Just a few thoughts.