|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Did Sean Gorman's maps show the cascading vulnerability in Ohio?
Remember that Dig Safe is implemented on a state by state basis some of
the programs like the one you describe are dreadful. The one in my home
state is fairly thorough in checking bona fides before providing the data
I believe in setting a fairly low bar for access to this information i.e.
can you _prove_ that you have legitimate cause for access to this
information. The proof would be do you have
fiber/conduit/circuits/pipelines these all have identifiers which can be
checked and generally only the customer and the service provider has this
information. Not simply whose fibers are in the conduit attached to the
railroad bridge. if you own one of those fibers you get access to the
information on who else is in the conduit. if you do not you are not
privvy to the information.
We had a incident where someone accidentally started a fire under a bridge
and burned through a PVC conduit knocking phone and data out for the
better part of a week for 100,000+ lines. I really do not want that type
of information in the hands of a bored teenager so they would be able
identify potential targets so that they can be _famous_.
Remember when you go to a library to study rare manuscripts you generally
need to prove to the curator that you have a legitimate scholarly interest
in the documents not simply random curiousity.
Scott C. McGrath
On Mon, 18 Aug 2003, Mr. James W. Laferriere wrote:
>
> Hello Scott ,
>
> On Mon, 18 Aug 2003, Scott McGrath wrote:
> > A measured response is needed. Obviosly we do not want the
> > vulnerabilities disclosed to bored teenagers looking for "excitement".
> > We need controlled access to this data so that those of us who need the
> > data to fix vulnerabilities can gain access to it but access is denied to
> > people without a legitimate need for the data.
> And my statement would be , And who is that authority ?
> The government ? The Utilities ? The ... ?
>
> > The "Dig Safe" program might be a good model for controlling access to
> > Sean's work. This would not preclude further scholarship on Sean's work
> > but it would keep the data out of the hands of the 31337 crowd.
> Huh ?, Try this on for size , "Hello , I am joe's contracting
> service & I have a building permit(I do) and I need to dig at ..."
> If I remeber correctly the "Dig Safe" program will give me the
> info without so much as a check on the permit or my company name .
>
> But , Something (may) need to be put in place . I for one am not
> a great fan of any group of "X" that has a vested interest in
> keeping the information out of the public hands as being the ones
> to administer or setup or even give suggestions to a body who'd be
> involved in setting up such a commitee/org./...
>
> I'd really like to see a "Public" forum be used to take
> suggestions from the PUBLIC (ie: you & I & that neighbor you hate
> so well) for the guide lines as to who &/or when such info s/b
> released . Not the Gov. or the Util Alone .
>
> > On Sun, 17 Aug 2003, Sean Donelan wrote:
> > > So, the US Government wants to classify Sean Gorman's student project.
> > > The question is did Mr. Gorman's maps divulge the vulnerability in the
> > > East Coast power grid that resulted in the blackouts this week?
> > > Would it be better to know about these vulnerabilities, and do something
> > > about them; or is it better to keep them secret until they fail in a
> > > catastrophic way?
> Twyl , JimL
> --
> +------------------------------------------------------------------+
> | James W. Laferriere | System Techniques | Give me VMS |
> | Network Engineer | P.O. Box 854 | Give me Linux |
> | [email protected] | Coudersport PA 16915 | only on AXP |
> +------------------------------------------------------------------+
>
|