Uh, none of that is relevant to the discussion. Call it pretty infrastructure
or tasty infrastructure or whatever pleases you.
The question is what types of private-sector infrastructure you most strongly
feel should not be subject to governmental cyber attacks.
-Bill
> On Nov 15, 2017, at 12:19, Nick Hilliard <[email protected]> wrote:
>
> Bill Woodcock wrote:
>> One of PCH’s long-term efforts has been to encourage governments to
>> restrict their use of offensive cyber attacks against civilian
>> networks. We've successfully gotten that effort out of the U.N.,
>> where it was floundering, and into a well-supported stand-alone
>> commission. It’s being taken seriously by governments, and will be
>> one of the main topics under discussion at the Global Conference on
>> Cyberspace in Delhi next week.
>
> couple of comments:
>
> - the term "critical infrastructure" has a specific legal meaning in the
> European Union, and may be a good idea to either change the terminology
> here or else make it clear that when the UN talks about "critical
> infrastructure", it will mean something different to what the European
> Union means.
>
> - regarding IXPs specifically, there is little to no basis for
> categorising them the vast majority of them as "critical" on the basis
> that if you turn an IXP off, or if it fails due to technical or
> administrative reasons, traffic will generally re-route somewhere else
> within BGP dead-time seconds and most people will probably not even
> notice. This isn't the case with some larger IXPs, but the vast
> majority of them can fail in service, you get a short blip, and life
> carries on.
>
>> But that’s a distraction from the issue: do we think
>> [hospitals|schools|the power grid|IXPs|root servers|whatever] should
>> not be cyber-attacked by governments, or are we just fine with them
>> being attacked?
>
> - once organisations gain political protection status of one form or
> another, they also attract legal / regulatory obligations. So the
> question for e.g. IXPs should be reframed as: given that most IXPs are
> not in fact critical to the operation of the Internet in any meaningful
> sense of the word (i.e. the world can continue on without them), is the
> attraction of gaining a mention on a UN declaration worth the cost of
> the regulatory obligations that will inevitably ensue?
>
> Nick
