Re: [iwar] Difference between IW and RA and Comp Sec etc

From: Fred Cohen (
Date: 2001-04-10 21:06:47

Return-Path: <>
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 10 Apr 2001 21:08:13 -0700 (PDT)
Received: (qmail 29184 invoked by uid 510); 11 Apr 2001 03:07:58 -0000
Received: from ( by with SMTP; 11 Apr 2001 03:07:58 -0000
Received: from [] by with NNFMP; 11 Apr 2001 04:06:54 -0000
Received: (EGP: mail-7_1_1); 11 Apr 2001 04:06:53 -0000
Received: (qmail 97002 invoked from network); 11 Apr 2001 04:06:52 -0000
Received: from unknown ( by with QMQP; 11 Apr 2001 04:06:52 -0000
Received: from unknown (HELO ( by mta3 with SMTP; 11 Apr 2001 05:07:55 -0000
Received: (from fc@localhost) by (8.9.3/8.7.3) id VAA28269 for; Tue, 10 Apr 2001 21:06:47 -0700
Message-Id: <>
In-Reply-To: <> from "Ross Stapleton-Gray" at Apr 10, 2001 11:03:59 PM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <>
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Tue, 10 Apr 2001 21:06:47 -0700 (PDT)
Subject: Re: [iwar] Difference between IW and RA and Comp Sec etc
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Per the message sent by Ross Stapleton-Gray:

> Reminds me of that military service taxonomy joke...

> When told to secure a building:
> The Marines close assault;
> The Army sandbags the entrances and establishes interlocking fields of fire;
> The Navy turns out the lights and padlocks the doors;
> The Air Force gets a 30-year lease with option to buy.

I love it...

> Firstly, infrastructure in the U.S., while extensive, is quite accessible, 
> and often brittle.  Every house on my street has got phone, cable, power 

It is brittle on a house by house basis, but on the whole it seems to do
very well.  It regularly survives massive storms, foolishness, fires,
floods, explosions, infestations, and so forth.  No offense intended,
but, while taking down my Internet connection would be a disaster (for
me), taking down most of the Internet connections on my block would be
mere inconvenience for my neighbors and a boost to my available
bandwidth, and I certainly would not feel much effect if yours were
taken down.  I APPOLOGIZE for the personalized humor (word chosen
carefully...  it is regrettable that I choose my humor in this

> and water, and, save for the last (which is buried under the street), all 
> of that is hanging off the sides of houses, quite openly accessible.  For 
> the price of a Phillips screwdriver and a handset, I could make phone calls 
> from any of my neighbors' phones; patch my AC power into the cable, and 
> might be able to fry TVs (and cable modems) all down the street.  This all 
> works quite well, but only because there's only a tiny amount of 
> terrorism/vandalism; in lesser-developed economies, there's a lot more 
> resiliance to failures (e.g., loss of all hot water to a city block for a 
> month, as I found in Moscow in 1986)... it'd be cheap and easy to wreck 
> infrastructure in the U.S., and the economy (if only the local ones) would 
> feel the effects far more.

A reasonable question might be, how many people with screw drivers will
it take to cause serious harm to the US? I suspect that doing it the way
you are talking about will be infeasible for almost any adversary.

I think that the real threat lies elsewhere - in people that can come to
understand the way infrastructure works and place their screw drivers in
the right set of places to do large-scale harm at small-scale cost.  This
is a far more complex issue.

> Secondly, I expect we'll see, in an increasingly instrumented world, more 
> opportunities for anti-sensor attacks.  For example, as a result of the TWA 
> 800 accident (presumed, initially, to be likely a terrorist attack), we're 
> getting chemical sensors in all of the airports, to scan for bombs... 
> problem is that it's quite cheap to cause a false positive, e.g., send a 
> kid with a spray can of chemicals in to shpritz a terminal corridor.  And, 
> as witnessed by the event at O'Hare in 1999 
> ('haresecurity990826.html), 
> even a false positive can be incredibly disruptive.

Perhaps even more dangerous would be the creation of a series of false
positives to increase the detection thresholds so that the real attack
is not adequately reacted to.  Like I say, it's a complex issue. 
Chemical sensors are getting much better very quickly, and airport
systems are moving toward schemes that are less inconvenient while being
more effective.  It will not happen instantly, but it will happen, if we
continue to follow it up as a national priority. 

Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
  Fred Cohen & Associates: - - tel/fax:925-454-0171
      Fred Cohen - Practitioner in Residence - The University of New Haven
   This communication is confidential to the parties it is intended to serve.
	PGP keys: - Have a great day!!!

------------------------ Yahoo! Groups Sponsor ---------------------~-~>
Secure your servers with 128-bit SSL encryption!
Grab your copy of VeriSign's FREE Guide,
"Securing Your Web site for Business." Get it now!


Your use of Yahoo! Groups is subject to 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:08 PDT