cyber-"terrorism"?

[Alastair Scott]

--=-rPJjfEwTDDnfWTYdbuWG
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-09-18 at 10:22, John R T Brazier wrote:

> Completely agreed. A further disabling factor is the very immaturity of t=
he
> IT
> and comms systems. Whilst most of us would (I think) agree that general
> non-military
> IT security is 'fairly' lax, the sheer range of differing hadwares, OSs a=
nd
> communications systems, most of which are still rapidly evolving, makes a
> large
> attack extremely difficult: 'security by confusion'.

Or also the very maturity; many systems in air traffic management are 20
or 30 years old and use proprietary, elephantine protocols to connect
with one another (excruciatingly slowly in many instances :)

As has been pointed out elsewhere, there is acres of rubbish written on
this issue; to continue with my area of expertise, ATM systems usually
use proprietary protocols, always use dedicated networks physically
disjoint from public networks and even (for example) remove all the
TCP/IP code from operating environments although it would not be used
anyway. (Interestingly, they generally use off-the-shelf operating
systems, although those are usually customised to some extent).

There is also accidental 'security by obscurity' in that, through
retirement and similar, only a few people are left who fully understand
some of the older protocols ...

Alastair


--=-rPJjfEwTDDnfWTYdbuWG
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA9iEr2dasIDb/2nMwRAgneAJ9sV9DsL+GW2q41hFEhnRBWkqYZTACfVIi5
pmZT6wnuOHxmIprUR01jc/E=
=E8lK
-----END PGP SIGNATURE-----

--=-rPJjfEwTDDnfWTYdbuWG--