Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reuters: Microsoft to give holes info

From: <derek () angelofsin net>
Date: Sun, 13 Mar 2005 20:58:01 +0100

On Sat, 12 Mar 2005 16:33:46 CST, "Valdis.Kletnieks () vt edu" said:

============================
Critical infrastructure:  If it dies, things start breaking *very*
badly, very quickly.

If a PC directly related to managing calls in an E911 center dies, then
emergency calls don't get routed.  That's critical infrastructure.

-===snip a few example cases===-

Now tell me - what percent of government systems, if they were suddenly
and unexpectedly unplugged from the network, would result in a partial
or complete loss of network functionality?  Things like routers, mail
servers, Active Directory servers, and so on - *those* are "critical
infrastructure".
============================

I believe the argument here is over one simple factor, and I disagree
with you on this point.

Critical infrastructure refers to anything that takes down a lot of
other things when it collapses--you said this, and I agree completely.

However, in your argument you focus upon critical network infrastructure
as if it is the only critical infrastructure.  It is not.  There are
network components that are critical parts of judicial, private, or
corporate infrastructure.  These devices and their status may be of
little concern to the *network*, but they may be of great concern to
the *society* in which they are deployed.

For instance, if the entire IRS database (and all backups) went up in a
puff of smoke, the internet as a whole would likely experience only a
small disturbance.

This does not, however, mean that the IRS machines are not critical
infrastructure; it merely means that the IRS machines are not critical
*network* infrastructure.  If the IRS or the GAO collapsed, there would
be a pronounced disruption in governmental services (and hopefully
someone would find a way to keep things operating without funding until
a new accounting system could be deployed because things could get
quite messy... imagine the economic impact of thousands of federal
employees receiving no pay for weeks, and remember that this is just
one aspect of American activity that is directly affected by federal
financing).

To sum it all up, you narrowed the scope of critical infrastructure to
include only critical network infrastructure, and I do not see that
sufficient justification was given for doing so.

---
Derek Durski
derek () angelofsin net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: