[iwar] Historical posting
From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com
Mon, Jan 1, 1999
fc Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Mon, Jan 1, 1999
From: Fred Cohen
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting
Tony poses a great question.
I believe that history shows that intentional de-stabilisation of one's
adversary tends to increase their willingness to take sterner measures to
bolster themselves, and in so doing become more unpredictable. I think I
recall a story regarding Hitler's willingness to nuke the Soviets (and
others) in the event he could not beat them on the ground (and possibly
regardless of whether he could or not). Had our Allies not gotten wind of
Telemark, we might have found out for certain.
In the final analysis, we in the Information Security profession are in the
business of risk measurement, mitigation, and management. We can only do
that well if we have a reasonably predictable and finite set of potential
outcomes or consequences. When one de-stabilises one's adversary, the
aspects of "reasonably predictable" and "finite" are quite likely to
disappear along with the possible mitigation options.
Given the choice, however, I prefer the option that enables some measure of
control over the impact and the outcome. At the very worst, we can still
replace the computers and so forth. Anthrax or excessive doses of neutrons
are still pretty tough things to come back from.
[Non-text portions of this message have been removed]