- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
Recently I had to write a chapter for a textbook when the original author forgot to write it. <smile> While I was researching the topic, I used some resources in infrastructure protection and information warfare that might interest some readers. This column will be a bit of a collage of neat stuff that you may have overlooked but that bears attention and even rereading.
The famous Marsh Report (“Critical Foundations: Protecting America’s Infrastructures”) is the Report of the President’s Commission on Critical Infrastructure Protection which met through part of 1996 and 1997 and led to Presidential Decision Directive 63 (PDD-63) on Critical Infrastructure Protection.
The 1999 RAND Corp. report entitled “Countering the New Terrorism” by Ian O. Lesser, Bruce Hoffman, John Arquilla, David Ronfeldt and Michele Zanini is a fascinating short (174-page) review of asymmetric warfare (the application of inexpensive, relatively easy tools and methods against sophisticated targets). Chapter Three on “Networks, Netwar, and Information-Age Terrorism” will be particularly interesting to readers of this column.
That same year, the General Accounting Office (now called the Government Accountability Office) issued its report GAO/T-AIMD-00-7, “Critical Infrastructure Protection: Fundamental Improvements Needed to Assure Security of Federal Operations”. This was the statement of Jack L. Brock, Jr., the Director of Governmentwide and Defense Information Systems Accounting and Information Management Division. He was testifying before the Subcommittee on Technology, Terrorism and Government Information of the Committee on the Judiciary of the U.S. Senate. His testimony began:
“GAO and IG reports issued over the last 5 years describe persistent computer security weaknesses that place federal operations such as national defense, law enforcement, air traffic control, and benefit payments at risk of disruption as well as fraud and inappropriate disclosures. Our most recent analysis, of reports issued during fiscal year 1999, identified significant computer security weaknesses in 22 of the largest federal agencies. These included weaknesses in (1) controls over access to sensitive systems and data, (2) controls over software development and changes, and (3) continuity of service plans. These types of weaknesses increase the risk that intruders or authorized users with malicious intentions could read, modify, delete, or otherwise damage information or disrupt operations for purposes, such as fraud, sabotage, or espionage. This body of audit evidence led us, in February 1997 and again in January 1999, to designate information security as a governmentwide high-risk area in reports to the Congress.”
M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (3)
A few more resourcesBy Anonymous on June 17, 2008, 11:05 amWhile it hasn't been updated for about a year, add C4I.org to that short list of information warfare resources - http://www.c4i.org/
Reply | Read entire comment
An interesting blog on this subjectBy gsmckee on June 17, 2008, 12:27 pmThis topic is of particular interest to me and I just ran across a blog that sheds more light on this topic. http://www.thedarkvisitor.com/
Reply | Read entire comment
That's it for page 3?By Anonymous on June 21, 2008, 5:06 pmSeriously? The content of page 3 is only, "I hope you enjoy the reading." WTF? *sigh*
Reply | Read entire comment
View all comments