“60 Minutes” Video: Sabotaging the System

Several people have mentioned the 60 Minutes episode that aired last Sunday night.  I watched it and was fascinated by a lot of it.

First, it’s very rare that the government will talk about possible threats against its infrastructure.  To hear people talking about how you could manipulate the programming of a power generator to get it to self destruct was much more information than I’m used to seeing on tv – especially prime-time.

Second, the discussion about how other governments have very likely already infiltrated our government’s systems was amazing.

I agree that all of this has very likely already happened, but I was surprised to see it discussed so openly.  I’m torn – is it a good thing to raise awareness about these types of issues?  Maybe.  I suppose it might help increase the funding around protection mechanisms, etc.  Is it better to not talk about it?  Maybe.  That means the attackers don’t know what we know and it also makes it more difficult for new attackers to identify these vulnerabilities.

My opinion is that these vulnerabilities and potential exploits need to be kept somewhat secret.  There are a select set of people who could help defuse the problem if they are “in the know”, but making it public is very risky.  I look at what happened around the Kaminsky vulnerability and, more recently, the SSL MitM hole.  For a while, these issues were kept very secret while a select set of organizations and individuals labored to resolve them. Obviously, they didn’t stay totally secret.  But I think something along those lines is the better way to handle these threats than to expose them on tv.

In case you want to see what the government is talking about on tv, you can watch the 60 Minutes video here.

November 15, 2009 - Posted by Laura Mather | Detection, Fraud, Investigation, information security | attack, Fraud, government | No Comments Yet