RE: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)

• From: Howard C. Berkowitz
• Date: Sun Oct 05 13:21:49 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

I'm not sure that this may not be veering into political OT, but, to the
extent that proactive and automated reaction tools are being considered,
even as benign as internal blackhole route generation, it may be worth
discussing cases where, for various reasons, an automated defense system did
not operate and people died.

>From a technical perspective, the Iran Air shootdown probably would not have
happened, rather like Chernobyl, if there hadn't been humans in the loop
overriding safeguards and making determinations of threats. In particular,
if one wanted to look at a technical parallel that actually might be useful
in network operations, part of the Iran Air disaster was that the decisions
were all being made at one point, the ship that actually fired the missiles.
Think centralized routing. Now, there's a military technique called
Cooperative Engagement Capability that I liken to link state routing; it's a
distributed computation model where each participating ship, radar aircraft,
etc., gets the sensor information from the others, and the decisionmaking
can become much more precise. In the Iran Air incident, at least one other
U.S. ship had radar tracking on the airliner and was trying to warn that it
was not a valid target.  I'm saying this technically and from a standpoint
of fault analysis avoidance, not politics.  Just as the USS Vincennes'
captain caused a disaster by deciding to fire on a very questionable target,
the USS Stark took missile hits because the captain had not turned on the
missile defenses.  The one SCUD hit in the Gulf War that caused major
casualties was not engaged at all, apparently from a mixture of one radar
being down for maintenance while the backup had not received a software
patch to deal with a clock synchronization bug; the bug caused the radar to
decide the incoming missile was an artifact and it was removed from the
target list.

Less seriously, my first reaction to Chertoff's statement is that the
antiaircraft barrage already exists, is called Windows XP Pro Service Pack
3, which is sufficiently fanatical on my machine that its uninstaller
committed suicide.

-----Original Message-----
From: Joel Jaeggli [mailto:[email protected]] 
Sent: Sunday, October 05, 2008 12:47 PM
To: Tony Patti
Cc: [email protected]
Subject: Re: cnn.com - Homeland Security seeks cyber counterattack
system(Einstein 3.0)

Tony Patti wrote:
> I presume this CNN article falls within the "Internet operational and
technical issues" (especially security) criteria of the NANOG AUP,
> in terms of "operat[ing] an Internet connected network",
> especially where Chertoff refers to " like an anti-aircraft weapon, shoot
down an [Internet] attack before it hits its target".

<snip>

> The system "would literally, like an anti-aircraft weapon, shoot down an
attack before it hits its target," he said. "And that's what we call
Einstein 3.0."

<snip>

http://en.wikipedia.org/wiki/Iran_Air_Flight_655

• References:
  • cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0) Tony Patti
  • Re: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0) Joel Jaeggli

• Prev by Date: Re: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0)
• Next by Date: Fwd: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0)
• Date Index
• Thread Index
• Author Index
• Historical