Comment from amino world
Time: April 29, 2009, 11:31 am

terrific podcast, dale — the ‘ambling’, recursive discussion format (intentional or not ) worked great for these topics!

Comment from meh
Time: April 30, 2009, 9:02 pm

Will release of exploits for software used in “critical infrastructures” be considered ‘cyber weapons’? Will there be legal penalties for releasing them? What better way to push this information further underground, into fewer, dirtier hands.

Comment from Éireann Leverett
Time: May 5, 2009, 10:36 am

During your discussions of other countries, I felt you touched on, but moved too rapidly past an important aspect. You noted that it was not a case of comparing apples to apples, but left out a little depth I think of as valuable.

Remember that in some countries the control systems are under nationalised control, or indeed have switched from nationalised to privatised models within the last 30 years. That different business model can produce different approaches. Also, the regulation of the actual network (regardless of security) can be different, and thus (again) produce different approaches.

For example France’s network has a lot of inbuilt redundancy, so that if a generator is offline a particular region can be backfed. That can mean that the cyber threat is at least harder since multiple targets needs to be hit simultaneously. Summing up my point, don’t forget that the engineering itself changes the threat landscape and attack surface.

Lastly, some countries (for example: the UK, Spain, Sri Lanka, and Venezuala) have been dealing with terrorism for quite a long time. This operational knowledge of how to continue functioning in the face of sabotage can make many aspects of awareness raising or infrastructure hardening much much easier.