[Am-info] Internet Content Advisory: Considering The Unintended Audience

[Fred A. Miller]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>National Infrastructure Protection Center
>Internet Content Advisory: Considering The Unintended Audience
>Advisory 02-001
>17 January 2002
>
>As worldwide usage of the Internet has increased, so too have the vast
>resources available to anyone online.  Among the information available 
to
>Internet users are details on critical infrastructures, emergency 
response
>plans and other data of potential use to persons with criminal intent.
>Search engines and similar technologies have made arcane and seemingly
>isolated information quickly and easily retrievable to anyone with 
access to
>the Internet.  The National Infrastructure Protection Center (NIPC) has
>received reporting that infrastructure related information, available 
on the
>Internet, is being accessed from sites around the world.  While in and 
of
>itself this information is not significant, it highlights a potential
>vulnerability.
>
>The NIPC is issuing this advisory to heighten community awareness of 
this
>potential problem and to encourage Internet content providers to 
review the
>data they make available online. A related information piece on 
"Terrorists
>and the Internet: Publicly Available Data should be Carefully 
Reviewed" was
>published in the NIPC's HIGHLIGHTS 11-01 on December 7, 2001 and is
>available at the NIPC Web site www.nipc.gov. Of course, the NIPC 
remains
>mindful that, when viewing information access from a security point of 
view,
>the advantages of posting certain information could outweigh the risks 
of
>doing so. For safety and security information that requires
>wide-dissemination and for which the Internet remains the preferred 
means,
>security officers are encouraged to include in corporate security plans
>mechanisms for risk management and crisis response that pertain to 
malicious
>use of open source information.
>
>When evaluating Internet content from a security perspective, some 
points to
>consider include:
>
>1. Has the information been cleared and authorized for public release?
>2. Does the information provide details concerning enterprise safety 
and
>security? Are there alternative means of delivering sensitive security
>information to the intended audience?
>3. Is any personal data posted (such as biographical data, addresses, 
etc.)?
>4. How could someone intent on causing harm misuse this information?
>5. Could this information be dangerous if it were used in conjunction 
with
>other publicly available data?
>6. Could someone use the information to target your personnel or 
resources?
>7. Many archival sites exist on the Internet, and that information 
removed
>from an official site might nevertheless remain publicly available
>elsewhere.
>
>The NIPC encourages the Internet community to apply common sense in 
deciding
>what to publish on the Internet.  This advisory serves as a reminder 
to the
>community of how the events of 9/11/2001 have shed new light on our 
security
>considerations.
>
>The NIPC encourages recipients of this advisory to report information
>concerning criminal activity to their local FBI office
>http://www.fbi.gov/contact/fo/fo.htm or the NIPC, and to other 
appropriate
>authorities.  Recipients may report incidents online at
>http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and
>Warning Unit at (202) 323?3205, 18885859078 or nipc.watch@fbi.gov.
>
>
>
>_______________________________________________
>Infragard_secured mailing list
>Infragard_secured@listserv.leo.gov
>http://listserv.leo.gov/mailman/listinfo/infragard_secured

- -- 
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8THOrIhTtc6nTZIIRAgd1AJ98KO+oZhb8PmjN10O8ZYsZ+Lf8QwCfeVZW
P92/4OUnrZVcz4NgcX02osU=
=HJsI
-----END PGP SIGNATURE-----