On Monday 23 April 2007 14:40, J. Oquendo wrote:
Marcus H. Sachs wrote:
If we had "clean" registries and signed/verifiable advertisements this would not be an issue. Most of you know that DHS was pushing the Secure Protocols for the Routing Infrastructure initiative (http://www.cyber.st.dhs.gov/spri.html). Due to budget cuts this program is on the shelf for now. However, we are still interested in making it happen.
I think that the discussion about 7.0.0.0/24 several days ago could also have been avoided if we had already implemented some of the SPRI ideas.
Marc
Out of utter curiousness (not arrogance)... Why in the world should the DHS be given control to the routing infrastructure when they can't even secure their own networks.
That is rediculous... The DHS should have no juristictional power over an international and collective entity (The Internet), Why? Because the USA does not own the internet, no country does. it's just as I posted in the former: an international and collective entity. All of this "let's monitor traffic for terrorists" is a case where the USA clearly has overstepped their bounds. The USA government wants to remove the "collective" factor of the internet and place an absolute authority (themselves) in charge of the internet.
//QUOTE//
“They will exploit anything and everything,” an official with the Naval Network Warfare Command told Federal Computer Week (FCW) on condition of anonymity.
More recently, Major General William Lord told Government Computer News in August 2006 that China has downloaded 10 to 20 terabytes of data from DoD’s main network, NIPRNet. //END QUOTE//
http://www.scmagazine.com/uk/news/article/634401/chinese-hackers-waging-cyb erwar-us/
I could instantly slap together about 10 links within the past 2 weeks of these same things occurring over and over within the government...
I fail to see how/why DHS being in the middle of this would have helped. I can't count how many times I've attempted to contact someone in the DoD in referenced to compromised hosts and it seems one hand didn't know what the other hand was doing and in almost 80% of my contact attempts, no response was ever given...
The DHS is a single point of failiure, as they fail to ensure their own security, how can they ensure the security of internet communications?
So as a network operator who needs something done now, you expect someone to go through the bureaucracy of the US government to get something resolved? I think one could watch watch 5 coats of paint dry faster.
If you want stuff done like yesterday, any government will never satisfy your requirement, it's amazing they don't make you fill out paperwork to file a report then mail it in. :P
Not only that, all you need is just that ONE instance where "hackers owned our infrastructure" and we'll be in a much worse place then we are in now. That is of course someone is fibbing in attempts to get more money... "Hackers owned NIPR we need a new strategic plan to get back at them. Send us $30 million"... No thanks keep these keys away from ANY government body.
Once again, having someone parked in the middle results in a single point of failiure, and in this case, a rather volitile one.