On Fri, 21 Feb 2003, Martin Hannigan wrote:
>       But what would you do with the information?
>
> Let the noc know what's up so they can be more vigilant based on the the
> threat level.

I'm not trying to be sarcastic, because lots of people have been going
through these same conversations.

"Threat level" is different from an attack.

Isn't your NOC normally vigilant?  If the DHS lowered the threat level to
"Green" would you stop monitoring your network just because the government
says there is no more threat?  Do you have more or fewer people on duty in
your NOC as the government threat level goes up or down watching the big
TV screens?

> Perhaps even use different sets of ACL's on the edge, etc. It could also
> be used
> to explain an unexpected surge in traffic, calls, or other things. Ever
> look at some traffic stats and see a major surge and want to make sure
> you understand why?

Again wouldn't you also do all of these things "normally?"  If an ACL is a
good idea at "Orange" wouldn't you protect your network with those ACL's
when the level is "Yellow."  Or would you remove those ACL's when the
threat level is reduced.  How do would you explain to your management when
you are hacked at level "Yellow" you had better ACL's, but you only used
the good ACL's at level "Orange."

> I'd take it serious and consider NBC as well as "cyberAttacks".

Secretary Ridge has said to keep the plastic sheets and duct tape in
storage.  Don't start sealing your house (or NOC) yet.  The FEMA/Red Cross
prepardness recommendations are a good idea irregardless of the alert
level.


Reply via email to