[AusNOG] NBN must avoid becoming 'failed state'

Dobbins, Roland rdobbins at arbor.net
Mon Sep 20 20:29:33 EST 2010 

On Sep 20, 2010, at 4:49 PM, Mark Newton wrote:

> Are you now walking-back the suggestion that death-by-DDoS is "more likely"?

At some point in the near future, it *will* become far more likely than death-by-disconnection, since DDoS, end-node malfunctions brought on by malware, et. al. are far more commonplace than disconnections.

Also, please see the bit in the preso about 'leaky' quarantine - whilst the example given was to ensure that VoIP users can still ring emergency services, this applies to other mission-critical applications, as well.

> Blame Jason Bailey for "starting it" if that's your schtick, but accept that you upped the ante and contributed to the meme every bit as much as he did.

I don't 'blame' anyone for anything - I'm merely noting that I didn't introduce this element into the conversation, and pointed out that there's more than one way to look at it through that particular lens, should one choose to do so.

And I don't think it's *necessary* to extrapolate in this fashion, as the current state of Internet security is already bad enough without worrying about extreme examples.

;>

> Only if the physical world is ruled by complete idiots.

The preponderance of the evidence seems to support the proposition that this has in fact been the case throughout most of human history, is the case at present, and is likely to be the case in future.

;>

> Which "entire hospital networks" go down for /any reason/, let alone patching, every day?

What was trying to get across is that pretty much every day, hospital systems and networks somewhere in the world go down or are otherwise impeded due to being compromised/abused.

> Can't find any.  Lots of stand-alone systems (running obsolete unpatched OS's, sure).  And lots of systems that network to each other but not to the outside world, so that they can be monitored from a nurse's station or similar.

<http://www.massdevice.com/blogs/massdevice/confickered-medical-devices-and-digital-medical-records-are-getting-hacked>

<http://www.medcitynews.com/2010/06/malware-infects-va-medical-devices/>

Unfortunately, these supposedly-isolated networks end up being either deliberately or inadvertently cross-connected to Internet-connected networks.   They will end up being cross-connected to the NBN, as well. 

The same set of issues applies to SCADA systems:

<http://www.langner.com/en/index.htm>

> But we're talking on an ISP operations list about ISPs, and if any hospital security manager is doing their job then I'll be able to count "vital functions" being performed by internet-connected systems in hospitals on the fingers of zero hands.

I just posted two examples above, the result of ~15s of searching via Google.  I'm sure one can find more quite easily, if one is so inclined.

> Perhaps you don't understand what a Government Business Enterprise is.

The US Postal Service and Amtrak are Government Business Enterprises in the USA, and have been for many years; a member of my immediate family spent about 40 years working for USPS, so I'm pretty familiar with the concept.

> Now, you can make an argument about that being a load of codswallop, and many of us might even believe it.

I believe that, at least on this particular subtopic, we understand one another.

;>

> And if you're intending to mount any arguments based on a different understanding of what it is, it might be useful for
> you to identify them as applying to a hypothetical imaginary NBN, rather than the actual NBN with which those of us in this country are presently confronted.

My argument is that NBNCo, accurately or not, are viewed by the general public as being an arm of government, and therefore that expectations/views of NBNCo on the part of both the public and politicians are colored by said perception (this was covered in the preso, as well).

One can test this proposition by asking non-technical/non-IT-involved relatives or acquaintances about NBN, who owns and operates it, does it mean 'government will be our ISP', et. al.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

 	       Sell your computer and buy a guitar.

More information about the AusNOG mailing list