On 28/07/2008, at 11:28 PM, Paul McKitrick wrote:
Good Evening Everyone,
I have to agree with Joe's post and I have also had a number of other off post emails reiterating the same message.
Once this had gone public CCIP should have engaged this forum. CCIP has well defined procedures and processes in place when sharing information with the National and International security communities and the "traditional" critical infrastructure community. Outside of those communities the process is not as well defined and this event has highlighted this. What this event has also demonstrated is that the NZNOG community is dedicated to protecting New Zealand's networks and we just need to figure out how we can do that together, and part of that is ensuring the right information gets to the right people.
One of the recent suggestions CCIP has received is the concept of establishing an NSP-SEC group for New Zealand. Another suggestion is the need for a closed mailing list for the NZ ISP community. The intention would not be to replace the NZNOG mailing list but to have an alternative for when the community needed a closed and trusted mode of communication. CCIP would like to work with this community to investigate establishing something along these lines in New Zealand and to listen to your thoughts and suggestions on this topic as a number of you have been thinking about this for some time as well.
I'm not sure I understand what benefit a closed list would have in this sort of scenario, to be honest. I can't imagine that CCIP, or anyone else, are going to have information about security problems like this before they are in the wild - there's just too many people involved globally for closed distribution to be truly closed. The NZ ISP community (or at least those who I imagine you'd put on such a closed list) is small enough that all those people have everyone else's contact details already, and any incident really only needs calls or emails to two or three other providers. A large benefit for most people who attend the NZNOG conferences is the ability to have a beer with their industry peers and set up those contacts[1]. The only thing I could imagine a list would be used for is discussion about technical issues where media, end users, and other generally non- technical people cannot read[2] - but that's not really a security list. -- Nathan Ward [1] This sentence doesn't really add much, but I'm bringing my post on topic :-) [2] Some have suggested that the presence of media, end users, etc. on NZNOG is a large factor in the lack of pure technical content. Some people talked about setting up an invite only list a few years ago, but it never got off the ground (or at least, if I did I wasn't invited ;-), largely because it was assumed that legal departments would have a problem with open technical discussion - even without media, end users, etc. listening in. -- Nathan Ward