[CII] CII Digest, Vol 12, Issue 3
Mark Scherling
markscherling at shaw.ca
Sat Nov 28 15:35:17 UTC 2009
Hi, I'm new to the list and saw the issue about the Internet and the analogy
of it being like the air we breathe. Not sure if any of you have seen the
video on Ted from Kevin Kelly on the web , link below but his thoughts about
"the machine" and the Internet never going down is very interesting. Parts
have been broken but the whole thing has not failed. It starts to make
things very interesting. I've been looking at information risk management
for a few years now, expanding from information security into taking a more
holistic approach to information management and service delivery. I was
very excited that Dan invited me to participate in this forum and from my
initial reads there are a lot of folks out there who are struggling with all
the new technologies, risks, services. Another presentation that I really
liked was "Shift Happens" on Youtube. I will sign off for now.
Kevin Kelly on the next 5,000 days of the web | Video on TED.com
* At the 2007 EG conference, Kevin Kelly shares a fun stat: The
World Wide Web, as we know it, is only 5,000 days old. Now, Kelly asks, how
...
*
http://www.ted.com/talks/lang/eng/kevin_kelly_on_the_next_5_000_days_of_the_
web.html
-----Original Message-----
From: cii-bounces at isotf.org [mailto:cii-bounces at isotf.org] On Behalf Of
cii-request at isotf.org
Sent: November 27, 2009 5:09 AM
To: cii at isotf.org
Subject: CII Digest, Vol 12, Issue 3
Send CII mailing list submissions to
cii at isotf.org
To subscribe or unsubscribe via the World Wide Web, visit
http://isotf.org/mailman/listinfo/cii
or, via email, send a message with subject or body 'help' to
cii-request at isotf.org
You can reach the person managing the list at
cii-owner at isotf.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of CII digest..."
Today's Topics:
1. Re: welcome to the public CII (John Osmon)
2. Re: welcome to the public CII (Paul Schmehl)
3. Re: welcome to the public CII (Joe St Sauver)
4. Re: welcome to the public CII (manny fuentes)
5. Re: welcome to the public CII (Angela Cataldo)
6. Re: welcome to the public CII (Jeff Johnstone)
7. Re: welcome to the public CII (Ahmad Taha Zaki)
8. Re: welcome to the public CII (Marc)
9. howdy ... (The Mighty Phlabaud)
----------------------------------------------------------------------
Message: 1
Date: Thu, 26 Nov 2009 10:21:02 -0700
From: John Osmon <josmon at rigozsaurus.com>
Subject: Re: [CII] welcome to the public CII
To: bmanning at vacation.karoshi.com
Cc: "cii at isotf.org" <cii at isotf.org>
Message-ID: <20091126172102.GB9694 at jeeves.rigozsaurus.com>
Content-Type: text/plain; charset=us-ascii
On Thu, Nov 26, 2009 at 12:58:30PM +0000, bmanning at vacation.karoshi.com
wrote:
>
> I occasionally get confused. Is there a common understanding
> of the term "Critical Internet Infrastructure"?
We all get confused at times. :-) CI *ought* to be pretty obvious, huh?
> Or are we all talking past each other?
I think there will be lots of talking past each other at one level or
another. The layering of modern communications services makes it inherent
in the conversation.
Consider a situation where:
- Big Telco sells service to smaller provider.
- Smaller provider sells service to local goverment.
- Local government considers end service "critical."
Assuming we can all agree that the end service is critical, what pieces or
layers of underlying infrastructure get to have have that designation as
well? All of the smaller provider? Or just the individual services sold by
the Big Telco? If the end service is packet based and the smaller provider
is multi-homed do we have to consider all Big Telco links used for backhaul
critical?
Some "critical infrastructure" is obvious -- others not so much.
Talking past each other will occur. The value of this mailing list will be
defined by the number of people served by their view.
One man's network layrer is another man's application layer...
------------------------------
Message: 2
Date: Thu, 26 Nov 2009 12:16:45 -0600
From: "Paul Schmehl" <pschmehl_lists at tx.rr.com>
Subject: Re: [CII] welcome to the public CII
To: "'Andrea Glorioso'" <andrea at digitalpolicy.it>, <cii at isotf.org>
Message-ID: <177f01ca6ec4$9d57e8f0$d807bad0$@rr.com>
Content-Type: text/plain; charset="us-ascii"
The first thing governments must understand is that they cannot control the
internet. Therefore they must learn how to develop policies that will
result in resilience of CI (whatever that is defined to be) rather than
attempting to stop "bad stuff" from happening.
If you listen to politicians in the US, you quickly realize that they think
of the internet as a contiguous "thing" that can be controlled somehow. The
internet is more like air. You cannot hope to control air. You can merely
try to keep it as clean as possible while acknowledging that one hurricane,
tornado or volcanic eruption can undo years of hard work.
-----Original Message-----
From: cii-bounces at isotf.org [mailto:cii-bounces at isotf.org] On Behalf Of
Andrea Glorioso
Sent: Thursday, November 26, 2009 2:58 AM
To: cii at isotf.org
Subject: Re: [CII] welcome to the public CII
In terms of "what is missing", I think policy-makers have still a long way
to go before they understand what the Internet actually is and how it is
operationally managed. One consequence of this is that in some cases they
still try to apply crisis management approaches that will not work. On the
other hand, the private sector must stop pretending (at least with us) that
we are still in the '80s and that the Internet infrastructures they operate
are not vital for society.
------------------------------
Message: 3
Date: Thu, 26 Nov 2009 08:30:51 -0700 (PDT)
From: "Joe St Sauver" <joe at oregon.uoregon.edu>
Subject: Re: [CII] welcome to the public CII
To: Mark.Brunner at cibc.com
Cc: cii at isotf.org
Message-ID: <09112609305166_1F92D at oregon.uoregon.edu>
Mark mentioned:
#I would also be very interested in learning more about the #actual SCADA
networks that are in place, how connectivity #policies are enforced on them,
what controls are in place #to restrict connectivity between networks and
the Internet #or other networks, and how these policies and controls are
#audited against over the next few years.
If you're interested, feel free to see my December 2004 talk:
"SCADA Security and Critical Infrastructure,"
http://www.uoregon.edu/~joe/scadaig/infraguard-scada.pdf (or
.ppt)
Unfortunately, what I said five years ago continues to be all too applicable
even today. :-(
If you have a particular ongoing interest in SCADA/process control security,
you may also want to check out Bob Radvanovsky's SCADA Security mailing list
(see http://scadasec.infracritical.com/ )
Depending on the failure/attack modes you're interested in, I've got some
other talks you may also want to see:
"Electromagnetic Pulse,"
http://www.uoregon.edu/~joe/infragard-2009/infragard-eugene-2009.pdf
(or .ppt) and
"Cyber War, Cyber Terrorism and Cyber Espionage,"
http://www.uoregon.edu/~joe/cyberwar/cyberwar.pdf (or .ppt)
Despite the unquestionably serious nature of these topics, I hope that
everyone's having a nice Thanksgiving (including those of you outside the
United States). I think we *all* have much to be thankful for, for one
thing, and I heartily encourage everyone to "adopt" any/all holidays that
provide an excuse for getting together for food, drink and good times with
families and friends, whether those holidays happen to be foreign or
domestic. (I *will* say that you're "excused" from the traditional
"obligation" to watch American football, however, unless you want to, much
as I sometimes watch cricket or that "other football" :-) just for a change
of pace.
Go Ducks! (#8 in the BCS national rankings, 9 and 2 overall) :-)
Regards,
Joe St Sauver (joe at oregon.uoregon.edu)
http:/www.uoregon.edu/~joe/
Disclaimer: all opinions strictly my own
------------------------------
Message: 4
Date: Thu, 26 Nov 2009 08:30:16 -0800 (PST)
From: manny fuentes <manny.fuentes at yahoo.com>
Subject: Re: [CII] welcome to the public CII
To: Gadi Evron <ge at linuxbox.org>, "cii at isotf.org" <cii at isotf.org>
Message-ID: <220766.48562.qm at web58508.mail.re3.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"
Hello All,
Looking forward to spamming, err participating in these discussions :-)
Coming from the utilities sector, I have first hand knowledge regarding CI -
scada, ems, bulk electric system, etc. Looking forward to it.
Regards,
Manuel Fuentes
CISSP, GIAC, MBA
________________________________
From: Gadi Evron <ge at linuxbox.org>
To: "cii at isotf.org" <cii at isotf.org>
Sent: Wed, November 25, 2009 1:35:24 PM
Subject: [CII] welcome to the public CII
Hello all,
This list is now officially open for discussion. The list is not moderated,
although any new subscriber is auto-moderated until we are sure they are not
a spam bot.
I'd like to start with a clean slate, and at least for a little while, with
no set agenda. Many of us discussed what critical infrastructure on the
internet is, how to define it, and how to protect it, many times before. We
all have varying ideas, so let's try and be patient until we find our feet
and what our specific goals are.
Before we put forth any sort of charter or specific issues, I'd like to hear
from you what you think is lacking in current discussion on the subject
matter, and what you would like to see happen in the next few years.
People on the list are all very busy individuals, so while we encourage
discussion, please try and conduct yourselves properly.
CII is co-admin'd by Barry Greene and myself, while some more spots may open
up as necessary, as we settle into a routine in the coming months.
??? Gadi.
-- Gadi Evron,
ge at linuxbox.org.
Blog: http://gevron.livejournal.com/
_______________________________________________
CII mailing list
CII at isotf.org
http://isotf.org/mailman/listinfo/cii
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://isotf.org/pipermail/cii/attachments/20091126/53d894df/attachment-000
1.htm>
------------------------------
Message: 5
Date: Thu, 26 Nov 2009 22:23:44 +0100
From: Angela Cataldo <angela.cataldo at gmail.com>
Subject: Re: [CII] welcome to the public CII
To: Gadi Evron <ge at linuxbox.org>, cii at isotf.org
Message-ID:
<4d9107cf0911261323x6e0bf35agd6987108edfd916b at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi Gadi, hi all,
I'm not a bot, I'm from Italy, I work as System Administrator and Engineer
and something else.
I'm here as listener: hope to help, but first hope to understand the
discussion context.
Regards
AC
--
Ing. Angela Cataldo
System Engineering, Integration, Administration, Design and Planning
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://isotf.org/pipermail/cii/attachments/20091126/0f0d053e/attachment-000
1.htm>
------------------------------
Message: 6
Date: Thu, 26 Nov 2009 13:39:21 -0800
From: Jeff Johnstone <jjohnstone at diamondtech.ca>
Subject: Re: [CII] welcome to the public CII
To: Gadi Evron <ge at linuxbox.org>
Cc: "cii at isotf.org" <cii at isotf.org>
Message-ID:
<558b776c0911261339v216cca6fueb9da9513a56e56d at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hello World
Looking forward to mostly lurking here as I do on many other lists. Semi
retired now and mostly acting as advisory to local governments and a few
long term corporate clients.
cheers
Jeff Johnstone
On Wed, Nov 25, 2009 at 1:35 PM, Gadi Evron <ge at linuxbox.org> wrote:
> Hello all,
>
> This list is now officially open for discussion. The list is not
> moderated, although any new subscriber is auto-moderated until we are
> sure they are not a spam bot.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://isotf.org/pipermail/cii/attachments/20091126/d0189e92/attachment-000
1.htm>
------------------------------
Message: 7
Date: Fri, 27 Nov 2009 07:17:57 +0200
From: Ahmad Taha Zaki <ahmad.taha at usa.net>
Subject: Re: [CII] welcome to the public CII
To: "cii at isotf.org" <cii at isotf.org>
Message-ID: <4B0F6105.3010807 at usa.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hello everyone,
I'm not a bot either although my former employer thinks I am, anyway I'm
glad to see this issue brought to light.
Regards,
Ahmad Taha Zaki
CISSP, GCIH, OSCP
------------------------------
Message: 8
Date: Fri, 27 Nov 2009 02:06:52 -0500
From: "Marc" <marc at marcd.org>
Subject: Re: [CII] welcome to the public CII
To: <cii at isotf.org>
Message-ID: <013501ca6f30$3329a100$997ce300$@org>
Content-Type: text/plain; charset="us-ascii"
> -----Original Message-----
> From: cii-bounces at isotf.org [mailto:cii-bounces at isotf.org] On Behalf Of
> Gadi Evron
> Sent: Wednesday, November 25, 2009 16:35
> To: cii at isotf.org
> Subject: [CII] welcome to the public CII
>
> Hello all,
>
>
.....
>
Hi,
I too, am looking forward to the discussion. I especially liked the comment
about relying on networks over which we have no control and limited
visibility. Even backup systems, such as dial in modems, rely on these
networks. In a true emergency, the backup management system of last resort
(physical access) may not be available due to other infrastructure (roads,
fuel, transportation, buildings, etc.) not being available, so this may
become a huge subject area.
As far as being a bot, I don't believe I am a bot - unless I've been
root-kitted, then I wouldn't know - in which case, the only real solution is
a wipe and re-image. Crap - there goes my weekend - I hope I have a good
image of myself.
Marc D'Aloisio, CISSP
------------------------------
Message: 9
Date: Fri, 27 Nov 2009 02:04:39 -0800 (PST)
From: The Mighty Phlabaud <sys at aniota.com>
Subject: [CII] howdy ...
To: "cii at isotf.org" <cii at isotf.org>
Message-ID: <Pine.LNX.4.64.0911270144290.11646 at yossarian.aniota.com>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
... ciao:
i tend to think technology will ultimately solve the 'availability'
aspect 'critical infrastructure'. that an optimistic view of standards
implementation, bounds checking, and advances in hardware deployment.
however, what happens, when "google aware" routers, start making
decisoins for the network's users. ignoring legal issues, the flap
over bit-torent, and voip, suggests 'commercial' factors that might come
into focus ...
------------------------------
_______________________________________________
CII mailing list
CII at isotf.org
http://isotf.org/mailman/listinfo/cii
End of CII Digest, Vol 12, Issue 3
**********************************
More information about the CII
mailing list