Of *COURSE* the reformers are going to go after the Feds
My reading of RSS feeds is helping me to free my mind (or at least expand it).

My feed from Security Focus included the following excerpt:

News: Feds urge secrecy over network outages
The Department of Homeland Security wants details of major service outages kept out of the public eye.


So, I went and got the article:

Feds urge secrecy over network outages

By Kevin Poulsen, SecurityFocus Jun 23 2004 5:34PM

Giving the public too many details about significant network service outages could present cyberterrorists with a "virtual road map" to targeting critical infrastructures, according to the U.S. Department of Homeland Security, which this month urged regulators to keep such information secret.

At issue is an FCC proposal that would require telecom companies to report significant outages of high-speed data lines or wireless networks to the commission. The plan would rewrite regulations that currently require phone companies to file a publicly-accessible service disruption report whenever they experience an outage that effects at least 30,000 telephone customers for 30 minutes or more. Enacted in the wake of the June 1991 AT&T long-distance crash, the FCC credits the rule with having reversed a trend of increased outages on the phone network....The commission is hoping for similar results on the wireless and data networks....The proposal would expand the landline reporting requirement to wireless services, and generally measure the impact of a telecom outage by the number of "user minutes" lost, instead of the number of customers affected....The reports would include details like the geographic area of the outage, the direct causes of the incident, the root cause, whether not there was malicious activity involved, the name and type of equipment that failed, and the steps taken to prevent a reoccurrence, among other things.

To the Department of Homeland Security, that's a recipe for disaster. "While this information is critical to identify and mitigate vulnerabilities in the system, it can equally be employed by hostile actors to identify vulnerabilities for the purpose of exploiting them," the DHS argued in an FCC filing this month. "Depending on the disruption in question, the errant disclosure to an adversary of this information concerning even a single event may present a grave risk to the infrastructure."

If the FCC is going to mandate reporting, the DHS argued, it should channel the data to a more circumspect group: the Telecom ISAC (Information Sharing and Analysis Center)....Data exchanged within the Telecom-ISAC is protected from public disclosure.


So, what was the first thought in my head? Was it "Doesn't this infringe on my rights as a consumer to ascertain the quality of a carrier?" Was it "Doesn't this offer a roadmap to terrorists that will infringe on my communications capabilities?"

Neither. My first thought was, "Where have I heard the name Kevin Poulsen before?" I can't keep track of all these guys, and only remember Mitnick, Pengo, and rtm because they were in Cyberpunk.

So, for others who can't keep track of the .Net celebrities, here's the answer:

Kevin Poulsen

Handle: Dark Dante

Claim to fame: In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM, assuring that he would be the 102nd caller. Poulsen won a Porsche 944 S2 for his efforts....

Current status: Thanks to an episode of Unsolved Mysteries, Kevin Poulsen was arrested and spent three years in prison. He was then forbidden to touch a computer for another three years. Poulsen is now a self-proclaimed "reformed and penitent" journalist, and serves as editorial director for Security Focus.

Comments

Popular posts from this blog