Re: If you thought Y2K was bad, wait until cyber-security hits
Probe Research has a very lucid take on this very topic at http://www.proberesearch.com/alerts/networksecurity.htm Their point is that, given the current climate, the RBOCs are likely to be setting the agenda for cyber security. To quote Probe's first two conclusions: "First, the RBOCs will be the focus of developing a telecom national security plan; Second, the RBOCs will use this position to force costs onto all players. For example, co-location will be viewed as increasing the risk to telecom, so carriers may be forced to abandon co-location in favor of smaller nodes and these nodes will have to have remote backup nodes." Cheers, Mathew At 08:22 PM 7/18/2002 -0400, Sean Donelan wrote:
http://www.eweek.com/article2/0,3959,387377,00.asp
"All the while maintaining that the government will not set IT security requirements for the private sector, top federal IT officials today said they expect such mandates will be imposed on federal agencies and that the same standards will also be used by industry."
While standards are great, one-size-fits-all standards aren't. When the government's cyber-security plan is released in September, will there be 500 requirements that Internet Service Providers must meet? Should ISPs be more secure than the post office or the telephone or the bike messenger? Must Bill's Bait & Sushi Shop ISP Service meet the same security requirements as the ISP for the White House?
ISPs come in all sorts of shapes and sizes. Consumers use cordless phones at home, but the NSA prohibits use of cordless phones in secure areas. Just because the government issues a security standard doesn't make it suitable for all purposes. Some people like paying $9.95 for Internet service from an ISP without a backup generator, and wouldn't want to pay $29.95 for a "certified" ISP with a backup generator. If the $9.95 ISP fails, heck they could almost afford two more for the same price as a single "certified" ISP. Sometimes a hammer is just a hammer, and you don't need a MIL-SPEC. If the Department of Homeland Security creates a new security standard for ISPs, what do you think will happen to any ISP which doesn't meet it?
The security "Gold Standard" for Microsoft 2000 was written by the Critical Infrastructure Protection Board, the Center for Internet Security, the National Security Agency, the General Services Administration, the National Institute of Standards and Technology, and the SANS Institute.
Do you know who is writing the security "Gold Standard" for Internet Service Providers?
It has taken me more than an hour to recover from reading that depressing Probe Research alert. OK I have a question. Can't the ISPs gather here regard this as an invitation to leave the PSTN? If this goes down as suggested it seems to me that if they don't leave the PSTN in SOME fashion they will be strangled by the big telco players in the Soviet style, homeland security, central planning bureaucracy. Will these regs apply to common carriers? But not to information service providers? Is the FCC direction on broadband therefore a good thing for ISPs? Should every ISP that wants to remain independent go wireless and look for a fiber connection to an inter exchange carrier network? As if these ISPs don't avoid the LECs already? What is the feasibility of separating an IP internet from the LEC networks? Is Cogent our friend? or anyone else who buys up IP assets at fire sale prices? Can the Bush Men really be against redundant networks?
Probe Research has a very lucid take on this very topic at
http://www.proberesearch.com/alerts/networksecurity.htm
Their point is that, given the current climate, the RBOCs are likely to be setting the agenda for cyber security. To quote Probe's first two conclusions:
"First, the RBOCs will be the focus of developing a telecom national security plan;
Second, the RBOCs will use this position to force costs onto all players. For example, co-location will be viewed as increasing the risk to telecom, so carriers may be forced to abandon co-location in favor of smaller nodes and these nodes will have to have remote backup nodes."
Cheers,
Mathew
-- ======================================================== The COOK Report on Internet, 431 Greenway Ave, Ewing, NJ 08618 USA (609) 882-2572 (phone & fax) cook@cookreport.com Subscription info & prices at http://cookreport.com/subscriptions.shtml Summary of content for 10 years at http://cookreport.com/past_issues.shtml Here Comes Asset Based Telecom A 120 page - Aug Sept issue available at http://cookreport.com/11.05-6.shtml ========================================================
participants (2)
-
Gordon Cook
-
Mathew Lodge