New Information Source

Readers of this blog might remember that on a few occasions I have mentioned one of emails from Infracritical.com as the source for the information that I was writing about. Actually these emails came from one of the three List Serves run by that site; The CIPP List (Critical Infrastructure Protection and Preparedness), the TRANSEC List (Transportation Security), and the SCADASEC List (SCADA Security). Today Bob Radvanovsky announced that Infracritical.com was adding a fourth list to their lineup; the WATERSEC List (Water Security). List Serves Those of you who were not around in the days before high-speed modems, web pages and Google might not be familiar with List Serves. These were started in back the days of 4K (not a typo) Baud modems as a means of facilitating communications via computers. Users would send an email to the List Serve which would resend the email to all of those signed up on the list server. Typically the List Serve would send out a compilation of emails every day; a digest. Replies would be addressed to the List Serve and that was how high-speed communications worked back in the day. List Serves obviously still exist as they allow for a fairly rapid exchange of ideas among a relatively controlled group of individuals. The use of the central server for the receipt and sending of consolidated messages reduces the volume of email received by each individual. It also allows for moderation of the conversation since the owner of the list serve is the ultimate arbiter of who can send messages to the group and who receives the group communications. Most of the people participating in the discussions on the Infracritical.com lists are people that work in the field associated with the list and bring a wide variety of expertise to the exchange of ideas. Some of the comments fly well above my level of expertise since I am more of a generalist, but I find a great deal of valuable information on these lists on a regular basis. WATERSEC List The new list being offered by Infracritical.com is a recognition that while there are many areas of water system security that are addressed on the other three lists, the industry has so many unique security concerns that it deserves its own discussion group. I signed up as soon as I read the announcement in the Saturday digests from the other lists. I look for to following the discussions and mining the information for my discussions here on this blog. Discussing Security Issues One interesting item has already come out of signing up for the list; it arrived in the email confirming my successful joining of the list. There is a security issue warning that I had forgotten about in my previous sign-up confirmations:

“WARNING: Due to several legislative laws and regulations, PLEASE EXERCISE care/caution when discussing certain topics on this list. Infracritical DOES NOT condone the discussion of the destruction, dismantlement, disablement, rendering useless of any known critical infrastructure in specifics or details whatsoever, nor will Infracritical be held liable for such discussions, and is left solely to the discretion of the individual posting to this discussion forum mailing list. Reading this welcome/warning, and acknowledging it condones your act of acceptance to these terms.”

Now part of this is legal boilerplate for the self-protection of Infracritical.com, but it is something that anyone that promotes a public discussion of security issues must remember. These four List Serves are not actively moderated the way I moderate comments to this blog. The owner there can censure inappropriate comments, but they don’t review the comments prior to their going out to the list members.