|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: More federal management of key components of the Internet needed
> Hardly. They have a hard enough time passing information from one squad to > another within the FBI, they're never going to be able to survive and > interoperate in the Information Age against high-tech threats that move at > packet speed. And don�t get me started about Infragard.....ugh... What government fails to realize is that this is war. In a combat situation, you have to rely on the skill and the initiative of front-line troops to win the battle, not generals and certainly not politicians. It is true that generals and politicians can win wars, but they do this by making the battles irrelevant, i.e. negotiating the surrender of the enemy. However, the war we are involved in is against a disorganized enemy who has no politicians of his own and who probably doesn't even have any generals. Since there are no hacker politicians to negotiate with, political action has little chance of being effective. And since there are no hacker generals making sweeping strategic decisions, there is not much for an organization like the FBI or NIPC to do. The best strategic action that government and crimefighting groups can take is to encourage and support the front-line troops to go out there and fight the enemey. Battles are won by persistence, rapidly adapting to the fluid situation and quick decision making on or near the front-lines. That's why the existing communications channels and information sharing tools used by network operators are superior to Infragard or anything that the FBI or NIPC could think up. They are used to the slow plodding post-mortem analysis of crimes that have been committed. Their goal is only to catch the perp. However, on the net, we are more concerned with mitigating the damage of an attack while it occurs and removing newly discovered vulnerabilities as soon as possible. I think a lot of the debate about infrastructure protection would evaporate if we would be clearer about the goals of the different parties and we would recognize that different goals require different means. The FBI can manage their own program to catch perps who attack the infrastructure while we can manage our program to quickly react to an attack in real time, i.e. fight the front-line battles. Perhaps we need to better document the times when the net community was successful in dealing with an attack and analyze what was good and should be kept versus what was bad and could be improved. One incident that I recall was the wave of SYN flood attacks that led to various OS kernels being hardened against such an attack. At the time I was on both the NANOG list and the firewalls mailing list. I crossposted several messages between the two lists so that both communities would see the full picture and so that both groups could work together to win that one battle over a period of two or three days. The end result was not to eliminate SYN floods but we did mitigate the attacks so that nowadays you cannot knock out a server with a low-bandwidth stream of SYN packets. --Michael Dillon |