[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [emergency] Identity and Authority ( was RE: CAPVisualization...)
At 12:17 PM -0700 5/20/04, Kon Wilms wrote: >Do we really want the hackers and script kiddies sending biological >alerts, or the old lady sending a 'cat stuck in my tree' CAP alert? :) My practical concern isn't whether a message comes from a hacker or a bureaucrat or Homer Simpson... what I really care about is whether it's accurate. We tend to draw an inference from source to accuracy... and usually it's right but sometimes it turns out to be sadly mistaken. Besides, while a hacker might be a dubious source for a bio-terror alert, she might be a first-rate source for a cyber-attack warning. The cat in the tree illustrates another dimension to the problem. It probably wouldn't be appropriate for city-wide or nation-wide broadcast, but it might be perfectly appropriate to a residential community-watch network. (Plus the SPCA might like to know about it, even all the way across town.) So again... being able to tell where the message comes from, reliably, is necessary but not sufficient. We also need to be able to assess the credibility of reports, based partly (but perhaps not solely) on the reputation and standing of the source... while understanding that we may not always know a-priori who every source is. We also need to be able to filter message flows (or provide enough bandwidth) so that low-level cat-sightings don't become problematic... while remembering that necessity is ultimately in the eyes of the recipient. I guess what I'm saying boils down to the old Internet dictum: "We should resist the temptation to standardize what we don't yet understand." CAP can be used in a lot of contexts and a lot of ways; we can certainly devise systems that use it effectively, but we should beware of trying to impose one application's requirements on other implementations. >There at least has to be one level of human filtering of the alert if it >comes from a source other than the defined 'chain of command'. Again, that depends on the particular system we're talking about. In most cases, I'm afraid that the closer you come to that "chain of command" the more you'll realize that it's not all that well defined after all... especially for unusual events that tend to fall between the chairs of routine jurisdiction. There's a strong and understandable desire among vendors to use government as a sort of "liability circuit-breaker" but... especially in a time of shrinking government budgets... we may want to be careful about turning officialdom into a single point of failure for alerting. - Art
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]