From: iw@all.net
Subject: IW Mailing List iw/960209
---------------------------------------------
From: fc (Fred Cohen)
Subject: Re: IW Mailing List iw/960208
Date: Thu, 8 Feb 1996 20:34:23 -0500 (EST)

...
> 	The Deputy Staff Director for the Commission on Protecting and
> Reducing Government Secrecy, Mr.  Jacques Rondeau, is interested in
...
fastermover@ichange is not a valid address ...

> 	--  To what extent is the private sector, e.g.  U.S.  business,
> aware of their vulnerability to industrial espionage by other companies,
> or economic espionage by government organizations?

Not very.  On average, they do little or nothing to protect themselves
and they are regularly being taken advantage of.  Furthermore, they
refuse to budget appropriate resources to the problem, and thus
consistently fail to meet the challenge.

> 	--  To what extent have corporations factored in this threat (if
> they know about it) and taken steps to detect electronic and physical
> intrusions?

In numerous and repeated studies over a period of many years, they have
failed to detect electronic intrusions.

> 	The above are simply to provide a flavor for the general line of
> inquiry--direct contact is recommended for a one to one exploration of
> the theme. 

Please feel free to directly contact me.

> 	As a personal comment by myself, and one reason why I feel he is
> asking an important question: I do not believe we will ever provide
> adequate security for our intellectual property until we
> 
> 	a) declassify the threat so corporate America will take it
> seriously (as a former NSA officer testified so well at the NII Security
> Committee hearings) and

Nothing has to be declassified in order to understand this issue, and
the DoD has already taken the decision to open much of this information
up.  That's why DISA went on national TV a few years ao with the story
about their internal tests and the number of intrusions they detect.

> 	b) define and require "due diligence" from the communications
> and computing industry with respect to provision of safe products and
> pathways (recall the major US government organization that found 500
> viruses in *shrink-wrapped* hardware and software received straight from
> the factory. 

Require is almost impossible.  There are standards in draft form (soon
to be accepted as I understand it), but only shareholder suits will ever
really change the situation.  These are essentially impossible today
because of the constant coverup (and lack of detection) of these
attacks.
---------------------------------------------
Date: Thu, 8 Feb 1996 20:18:57 -0500 (EST)
From: Robert Steele 
Subject: Hill Interest, Please Pass On (fwd)

Corrected cc for Mr. Rondeau: fastermover@ichange.com
---------------------------------------------
Date: Fri, 9 Feb 1996 11:05:36 -0500 (EST)
From: Robert Steele 
Subject: Great Article, Anyone Got the Phone Number? 

	"How We Lost the High-Tech War of 2007: A Warning from the
Future" by Colonel Charles J.  Dunlap, Jr.  (USAF) is phenomenal. 
Appeared in The Weekly Standard of 29 January 1996. 

	Has anyone got a phone number for Colonel Dunlap? There are two
conferences where I would like to suggest that he be invited to present
his views personally. 
---------------------------------------------