Why do you classify a railway website as Critical National Infrastructure? What effect would it have on India if this web infrastructure was disconnected completely? None? Hype about so-called cyberwar is one reason it is difficult to get hard-nosed business people trying to make a living on the thin margins of an ISP to listen and act.

The issues for police are similar to other crime and the criteria for providing international assistance are similar. How big a crime is it, how likely is a conviction and how does it affect our country. Should they prioritise a financial crime, paedophile investigation or a website defacement? I know where my tax Euros would go.

Computer Security Incident Response Teams have been wrestling with this issue for years. Some progress has been made but it is a long term project based on hard work and building trust. No matter how much you wish hard or say that it is a good thing, in the end it comes down to people wanting to do the work and spending the time to do it. It is usually a bottom up effort starting with voluntary assistance provided outside of budgets and time tracking systems. Eventually management catch up and it starts to gain momentum. The European Network and Information Security Agency (ENISA) is a good example built on years of grass-roots CSIRT work.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/496/35423#35423