[LINK] Australian CyberWarfare Battalion

Robert Brockway robert at timetraveller.org
Mon Aug 5 17:29:24 AEST 2013 

On Mon, 5 Aug 2013, Glen Turner wrote:

> My concern would be the sudden arrival of empowered but inexperienced "experts" with rather military security ideas of how things should be done into the core operations of Australia's telecommunications providers. That's not going to work as well as you might think.
>
> As for "computer security professionals", I wouldn't let most of them 
> near an item of infrastructure.

I'm quiet concerned about the narrow focus of some computer security 
professionals I've been encountering lately.  I hope they aren't 
indicative of a general trend.  In particular they seem to be confusing 
"security" with "confidentiality" and forgetting the other two principles 
of the modern security triad.

In particular, when you make a system harder to access you may be 
negatively impacting availability and _reducing_ the security of the 
system, rather than increasing it.  FWIW maintaining system 
confidentiality at the expense of availability is easy - cut all network 
connections (with scissors), power the systems down and encase them in 
concrete.  Great confidentiality (and integrity) but availability is zero. 
The challenge of security is to balance competing demands.  That's why it 
is hard.

It's worth noting that even outside of the computing arena the term 
security means more than just confidentiality.  Consider the term 'food 
security'.  This concept is about maintaining availability and integrity 
of food supplies.

FWIW I studied cryptography at Uni two decades ago and I've worked in the 
security arena for my entire professional life but have not made it a 
specific focus.  My view is that security should be part of any work done 
within IT/ICT or computer science.

To some extent I'm concerned that "security theatre" has got out of hand 
with a lot of half knowledgeable people over-selling simplistic 
solutions to the unknowning.  Oh dear that makes me sound jaded doesn't it 
:)

Cheers,

Rob

-- 
Email: robert at timetraveller.org		Linux counter ID #16440
IRC: Solver (OFTC & Freenode)
Web: http://www.pracops.com
Director, Software in the Public Interest (http://spi-inc.org/)
Information is a gas

More information about the Link mailing list