Re: [iwar] Difference between IW and RA and Comp Sec etc

From: Fred Cohen (
Date: 2001-04-06 06:51:48

Return-Path: <>
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 06 Apr 2001 06:52:07 -0700 (PDT)
Received: (qmail 26243 invoked by uid 510); 6 Apr 2001 12:52:57 -0000
Received: from ( by with SMTP; 6 Apr 2001 12:52:57 -0000
Received: from [] by with NNFMP; 06 Apr 2001 13:51:51 -0000
Received: (EGP: mail-7_1_1); 6 Apr 2001 13:51:48 -0000
Received: (qmail 78120 invoked from network); 6 Apr 2001 13:51:48 -0000
Received: from unknown ( by with QMQP; 6 Apr 2001 13:51:48 -0000
Received: from unknown (HELO ( by mta2 with SMTP; 6 Apr 2001 13:51:48 -0000
Received: (from fc@localhost) by (8.9.3/8.7.3) id GAA15392 for; Fri, 6 Apr 2001 06:51:48 -0700
Message-Id: <>
In-Reply-To: <006601c0be7d$95bec1f0$> from "Vernon Stagg" at Apr 06, 2001 07:40:15 PM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <>
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Fri, 6 Apr 2001 06:51:48 -0700 (PDT)
Subject: Re: [iwar] Difference between IW and RA and Comp Sec etc
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Per the message sent by Vernon Stagg:

> Hi all,

> One of the problems I am facing during my research is a lot of the traditional comp sci
> people dont understand or disregard the issue of Information Warfare. There also tends to be
> similar apathy in the commercial arena with managers, execs, etc.
> Most consider it another form of computer security or that a Risk Analysis will fix
> everything up.

That matches my experience and expectations.

> I was interested what some of the views from people here think to this - agree/disagree?

I agree that this is the way it is.  I even agree that proper risk
management should be able to deal effectively with this.  The problem is
that risks from war are different from 'business' risks.  The concept of
the nation state was, in some sense, created to 'provide for the common
defense'.  It's not my corner drugstore's job to protect the nation from
military attack, but rather to pay the taxes to support that effort by
the organzations that are able to do so.

> I personally disagree, and consider IW at a higher level where computer security and RA
> can be incorporated into the concept but are certainly very different methods. I also
> think that computer security and RA these days have simply been tweaked to include a lot
> of elements that fall outside their traditional scope, often with unwanted or unexpected
> results.

I think it is more complex than that.


> Just interested in a few opinions and maybe a little healthy debate.

> Vernon

Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
  Fred Cohen & Associates: - - tel/fax:925-454-0171
      Fred Cohen - Practitioner in Residence - The University of New Haven
   This communication is confidential to the parties it is intended to serve.
	PGP keys: - Have a great day!!!

------------------------ Yahoo! Groups Sponsor ---------------------~-~>
Find software faster. Search more than 20,000
software solutions on KnowledgeStorm. Register
now and get started.


Your use of Yahoo! Groups is subject to 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:06 PDT