Pandemic Reporting Like Digital Security Incident Reporting

The 12 August 2006 issue of the Economist featured the story Global Health: A Shot of Transparency (subscription required). It reminded me of the state of reporting digital security incidents.

At the moment, the world's pandemic-alert system is distressingly secretive. Some countries, such as Vietnam, have been fairly open about new outbreaks of the sorts of infectious disease that might lead to pandemics, and have even invited foreigners in to help diagnose the problem. Most, however, have not been so forthright. Public-health experts point to China and Thailand, both of which suffered outbreaks of potential pandemic illnesses in the past few years (SARS in China and avian influenza in Thailand) as examples of places that do not fully disclose the relevant details...

The reasons for countries' reluctance to share information are understandable, though hardly defensible. Some believe that full disclosure could cause locals to panic and foreign tourists to stay away...

Larry Brilliant, a former WHO official who helped to eradicate smallpox in India, dreams of an open-source, non-governmental, public-access network that would help the world move quickly whenever potential pandemics start brewing. He looks for inspiration to the Global Public Health Intelligence Network (GPHIN), an obscure programme run by the Canadian government that searches public databases in seven languages looking for early signs of disease outbreak...

His proposed open network could well spot the next, as yet undiscovered, threat.

I don't want to stretch the analogy too far, but some interesting ideas are here. I wonder what the effect of publishing the IP addresses of botnet hosts would be? Not the controllers, but the hosts themselves. That would reveal (at least in the narrow botnet case) how widespread certain compromises might be (ignoring the NAT effect).

I was hoping to hear other ways of encouraging reporting, but no others appeared in the article.


Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4