I'm merely reporting what one international standard settled on. The point was
just to note that the term attack is in use.
I'll just note that what you use for threat is a threat actor in some usages,
but not ISO 27000's.
--
Christopher Dearlove
Senior Principal Engineer, Communications Group
Communications, Networks and Image Analysis Capability
BAE Systems Advanced Technology Centre
West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
Tel: +44 1245 242194 | Fax: +44 1245 242124
chris(_dot_)dearlove(_at_)baesystems(_dot_)com | http://www.baesystems.com
BAE Systems (Operations) Limited
Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre,
Farnborough, Hants, GU14 6YU, UK
Registered in England & Wales No: 1996687
-----Original Message-----
From: ietf [mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Stephen Kent
Sent: 16 December 2013 16:57
To: ietf(_at_)ietf(_dot_)org
Subject: Re: Editorial thoughts on draft-farrell-perpass-attack-02
----------------------! WARNING ! ---------------------- This message
originates from outside our organisation, either from an external partner or
from the internet.
Consider carefully whether you should click on any links, open any attachments
or reply.
Follow the 'Report Suspicious Emails' link on IT matters for instructions on
reporting suspicious email messages.
--------------------------------------------------------
Christopher,
ISO 27000 (Information technology - Security techniques - Information
security management systems - Overview and vocabulary) defiChristopher,nes
both terms, and differently:
2.4
attack
attempt to destroy, expose, alter, disable, steal or gain unauthorized
access to or make unauthorized use of an asset (2.3)
2.45
threat
potential cause of an unwanted incident, which may result in harm to a
system or organization
The definition for attack seems appropriate. The definition for threat is not
bad, but I prefer an older one, commonly used in the military context, and
which matches with a trio of definitions for understanding security contexts:
Vulnerability - a flaw in a design of implementation of a security-relevent
protocol or system
Attack - more of less as above
Adversary - an entity with a set of motivations and capabilities to effect an
attack
Threat - a motivated, capable adversary. An adversary who is capable, but not
motivated, is not a threat. An adversary who is motivated, but not capable, is
not a threat.
A threat model articulates adversaries and often enumerates classes of attacks,
and then discusses the perceived motivation and ability of adversaries to
effect attacks against a system of interest.
We lack a threat model for the Internet. Most of our security protocols do not
have published threat models (we didn't encourage this until recently) and what
is published typically is an attack model, not a threat model.
Most aspects of pervasive monitoring are indistinguishable from our traditional
attack model, since that model already assumes adversaries that can engage in
passive and active wiretapping. If we had a real threat model, either it would
have included a discussion of nation states as adversaries with the
capabilities to do what we have seen that they do, and a motivation to do so,
or not. I'd like to see this document explicitly discuss this.
Steve
********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************