Re: [iwar] Difference between IW and RA and Comp Sec etc

From: Ross Stapleton-Gray (
Date: 2001-04-10 20:03:59

Return-Path: <>
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 10 Apr 2001 20:06:10 -0700 (PDT)
Received: (qmail 24564 invoked by uid 510); 11 Apr 2001 02:05:38 -0000
Received: from ( by with SMTP; 11 Apr 2001 02:05:38 -0000
Received: from [] by with NNFMP; 11 Apr 2001 03:04:37 -0000
Received: (EGP: mail-7_1_1); 11 Apr 2001 03:04:36 -0000
Received: (qmail 49940 invoked from network); 11 Apr 2001 03:04:36 -0000
Received: from unknown ( by with QMQP; 11 Apr 2001 03:04:36 -0000
Received: from unknown (HELO ( by mta3 with SMTP; 11 Apr 2001 04:05:40 -0000
Received: from ( []) by (111000-jg) with ESMTP id XAA00705 for <>; Tue, 10 Apr 2001 23:04:34 -0400 (EDT)
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
In-Reply-To: <>
References: <>
From: Ross Stapleton-Gray <>
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Tue, 10 Apr 2001 23:03:59 -0400
Subject: Re: [iwar] Difference between IW and RA and Comp Sec etc
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

At 06:20 PM 4/10/01 -0700, Fred Cohen wrote:
>No.  I am saying that the term 'security' means the feeling of safety.
>The word 'protection' means keeping from harm.
>They are very different things.

Reminds me of that military service taxonomy joke...

When told to secure a building:
The Marines close assault;
The Army sandbags the entrances and establishes interlocking fields of fire;
The Navy turns out the lights and padlocks the doors;
The Air Force gets a 30-year lease with option to buy.

As a former CIA analyst, I'm a little less hung up on terminology, though 
there were always religious wars brewing among analysts there, e.g., on 
attaching numeric probability to words like "probable," "possible," and 

I'm more intrigued by what we're likely to see, if we *do* see more in the 
way of IT-related conflict.  Two thoughts:

Firstly, infrastructure in the U.S., while extensive, is quite accessible, 
and often brittle.  Every house on my street has got phone, cable, power 
and water, and, save for the last (which is buried under the street), all 
of that is hanging off the sides of houses, quite openly accessible.  For 
the price of a Phillips screwdriver and a handset, I could make phone calls 
from any of my neighbors' phones; patch my AC power into the cable, and 
might be able to fry TVs (and cable modems) all down the street.  This all 
works quite well, but only because there's only a tiny amount of 
terrorism/vandalism; in lesser-developed economies, there's a lot more 
resiliance to failures (e.g., loss of all hot water to a city block for a 
month, as I found in Moscow in 1986)... it'd be cheap and easy to wreck 
infrastructure in the U.S., and the economy (if only the local ones) would 
feel the effects far more.

Secondly, I expect we'll see, in an increasingly instrumented world, more 
opportunities for anti-sensor attacks.  For example, as a result of the TWA 
800 accident (presumed, initially, to be likely a terrorist attack), we're 
getting chemical sensors in all of the airports, to scan for bombs... 
problem is that it's quite cheap to cause a false positive, e.g., send a 
kid with a spray can of chemicals in to shpritz a terminal corridor.  And, 
as witnessed by the event at O'Hare in 1999 
even a false positive can be incredibly disruptive.


Ross Stapleton-Gray                     TeleDiplomacy, Inc.                    2503 Columbia Pike, Suite 118
                                         Arlington VA 22204            +1 703 685-5197 / 5257 fax

------------------------ Yahoo! Groups Sponsor ---------------------~-~>
Secure your servers with 128-bit SSL encryption!
Grab your copy of VeriSign's FREE Guide,
"Securing Your Web site for Business." Get it now!


Your use of Yahoo! Groups is subject to 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:08 PDT