On Jul 16, 2010, at 9:42 PM, Lamar Owen wrote:

> I'm sure the collective wisdom here is capable of pulling the task off at 
> least in theory;

The thorniest issues aren't technology-related, per se; they're legal exposure 
(both real and imagined), regulatory concerns (both real and imagined), 
antitrust concerns (both real and imagined), management/marketing/PR concerns 
(largely imagined), skillset shortages/concerns (very real), customer 
perception concerns (both real and imagined), and so forth.

The second tier of barriers are those surrounding trust.  It's basically a 
sociological analogue of 'the PKI problem'.

Technology issues form the third set of barriers.  Yes, they're real and 
they're important, but if we could wiggle our noses a la Elizabeth Montgomery 
and make all the technology issues go away, the other sets of issues would 
still preclude any kind of universal solution, for some value of 'solution'.

There's a great deal of opsec coordination and work which takes place in a sub 
rosa fashion, via individual actions, closed, vetted mitigation communities, ad 
hoc personal relationships, etc.  In actuality, a very great deal of the useful 
opsec work that gets done is accomplished by folks who in some cases are going 
beyond their portfolios to do so, as their management, legal teams, 
PR/marketing teams, et. al. would actively forbid them to do this work, were 
they to know about it.

That's one of the reasons why a lot of people who make sweeping generalizations 
and recommendations about 'cyber-this' and 'cyber-that' tend not to have a good 
grasp of even the fundamentals - they aren't the folks who do the actual work, 
they don't know who does the actual work, and they often don't know anybody who 
knows somebody who actually does the actual work.  They often don't even know 
that actual work is taking place, or what it entails, in the first place, 
because the actual work takes place out of the limelight.

> the hard part would be deciding whether to do it in hardware or software....


;>

-----------------------------------------------------------------------
Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken




Reply via email to