[iwar] [fc:September-11th-Does-Not-Mean-Cyberwar-is-Coming.]

From: Fred Cohen (fc@all.net)
Date: 2001-09-13 18:57:06


Return-Path: <sentto-279987-1862-1000438704-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 13 Sep 2001 20:40:10 -0700 (PDT)
Received: (qmail 22239 invoked by uid 510); 14 Sep 2001 03:38:47 -0000
Received: from n8.groups.yahoo.com (216.115.96.58) by 204.181.12.215 with SMTP; 14 Sep 2001 03:38:47 -0000
X-eGroups-Return: sentto-279987-1862-1000438704-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by fk.egroups.com with NNFMP; 14 Sep 2001 03:38:25 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_1); 14 Sep 2001 03:38:24 -0000
Received: (qmail 87661 invoked from network); 14 Sep 2001 02:08:19 -0000
Received: from unknown (10.1.10.142) by l8.egroups.com with QMQP; 14 Sep 2001 02:08:19 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 14 Sep 2001 02:08:15 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id SAA20155 for iwar@onelist.com; Thu, 13 Sep 2001 18:57:06 -0700
Message-Id: <200109140157.SAA20155@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 13 Sep 2001 18:57:06 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:September-11th-Does-Not-Mean-Cyberwar-is-Coming.]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

September 11th Does Not Mean Cyberwar is Coming.
Richard Forno
<a href="mailto:rforno@infowarrior.org?Subject=Re:%20(ai)%20September%2011th%20Does%20Not%20Mean%20Cyberwar%20is%20Coming%2526In-Reply-To=%2526lt;B7C66ACA.14FD5%25rforno@infowarrior.org">rforno@infowarrior.org</a>
09-13-01

(c) 2001 by author.
Permission to reproduce in whole, or part, with appropriate credit.


September 11, 2001 is a date -- now seared into the memory of our
nation -- that was a brutal awakening for 21st century America.  It was also
a stark reminder that the method of attack for terrorists will be a
high-visibility, high-body-count target; not hacking, cracking, or
conducting a so-called "cyber war."

UBL , Saddam, Quasimodo, or any other terrorist is not going to snicker in
their cave or palace and proclaim that  "God is great, those Americans are
running scared because my forces have crashed the NASDAQ systems!" Nobody
ever died from a directed TCP/IP packet, nor are such IT-related incidents
akin to the fearful dinner-time discussions regarding the "Red Threat"
during the Cold War.

Seeing a smoking crater that was a world landmark makes an emotional impact
on everyone - adults and children - around the world. Thus, the graphic
impact of such physical strikes is much more appealing to the terrorist
since they elicit a far greater visceral emotional response from the victim
society left to cope with the aftermath.

In the aftermath of our national tragedy, there is an understandable
increase in emotional rhetoric in chat rooms and coffee bars across America
that the recent attacks will precipitate a so-called "cyber war."  This
"cyber war" will likely be no more than the run-of-the-mill nuisances and
mundane mischief that network and security administrators see on a daily
basis: web defacements, ping floods, virus attacks, and so on.  Sadly, there
are a growing number of security and "intelligence" vendors making claims
that the attacks of September 11 will culminate in or help launch a "cyber
war"; thus creating an unnecessary amount of Fear, Uncertainty and Doubt
(FUD) on a topic that is in no way as pressing a concern as the very real
emergencies that we are currently facing.

Of course, it goes without saying that during this time of concern, IT
administrators and security staff should be on heightened alert to monitor
for suspicious activities on their networks, and report any such activity to
the appropriate entities. This should be expected in any national crisis
situation.  However, any computer system considered "essential" and a
"critical element of the national infrastructure" should NOT have been
connected to a public network in the first place.  Proper security planning
on such systems before their deployment should always outweigh operator
convenience in such critical circumstances.

Granted, one cannot rule out an increase in computer security incidents
during this time. Certainly, the IT industry should exercise due diligence
in safeguarding their systems.  But everyone involved should make a
concerted effort to refrain from -- and resist -- any and all attempts to
capitalize on this real-world tragedy through fear-mongering statements and
marketing tactics implying that phantom packets are waiting to strike our
networks during this tragic period. September 11th's attack on Freedom
should not be perverted into an opportunity for free commercials for anyone.
Period. 

My thoughts and prayers to those responding to this incident, and to the
families and friends of those lost during this week's events.

Richard Forno
infowarrior.org

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Secure all your Web servers now: Get your FREE Guide and learn to: DEPLOY THE LATEST ENCRYPTION,
DELIVER TRANSPARENT PROTECTION, and More!
http://us.click.yahoo.com/k0k.gC/nT7CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:42 PDT