Wednesday, September 5, 2012

Over Classification

In theory, as a large enterprise and/or critical infrastructure provider, building a working relationship with the US government can provide valuable intelligence (in both directions).  Where the theory often breaks down in practice, however, is that the government suffers from issues arising from severe over-classification of data.  I understand that there are certain sensitivities and secrets that must remain closely guarded, but lists of malicious domain names do not fall within that realm.  The attackers already know where they are attacking us from, so we are not keeping anything from them.  They also already know that we know about them (it is very difficult to truly disguise network defense measures).  Moreover, malicious domain names themselves are not really all that valuable anymore (reference earlier blog posts), and on top of that, are often re-purposed by multiple actors/groups.  I frequently see domain names that used to mean one thing, but today mean something else or multiple different things.

So, my question remains, why guard these so tightly?  Can't we all agree that withholding this intelligence hurts the overall security posture of the United States?  Seems like the opposite of what we were aiming for.

No comments:

Post a Comment