This may be of interst: AP: Bush Expected to Sign Scaled Back Internet Security Plan Washington, DC -- A new Bush administration plan aimed at improving the security of key U.S. computer networks will not be as ambitious as previously indicated, the Associated Press reported on Tuesday. The plan is being closely watched by network security firms in the DC area. A draft of the proposal, called the National Strategy to Secure Cyberspace, obtained by the AP contains only 49 of the 86 initiatives of an earlier version, eliminating such mandates as regular consultations with privacy experts about civil liberties and a call for corporations to improve cybersecurity. Instead, it focuses on the security of federal agencies; it also makes clear that the Defense Department can engage in "cyber warfare" should the U.S. be attacked. The job of improving Internet security, however, would be handled by the new Homeland Security Department, which would launch test attacks against various agencies and seek to improve automated systems that operate water, chemical and electrical networks. Bush is expected to sign the plan in the coming weeks. http://www.washingtonpost.com/wp-dyn/articles/A18662-2003Jan6.html
On Tue, 7 Jan 2003 sgorman1@gmu.edu wrote:
This may be of interst:
AP: Bush Expected to Sign Scaled Back Internet Security Plan
One of the criticisms of the change relative to this group is that the previous stronger wording for the network operator industry was watered down. Instead of expecting/demanding/mandating that the industry collaborate on network security (creating an ISAC and other measures), the latest draft simply recommends that the industry consider these measures. Is there anything happening with collaborative security policy and remediation in the industry? Has any effort showed progress towards an effective ISAC or similar? Can networks realistically collaborate on security, or do the political and operational barriers not justify the effort? Pete.
pete@kruckenberg.com (Pete Kruckenberg) writes:
Is there anything happening with collaborative security policy and remediation in the industry? Has any effort showed progress towards an effective ISAC or similar? Can networks realistically collaborate on security, or do the political and operational barriers not justify the effort?
i think that kelly cooper's ISP ISAC was doomed in spite of kelly's excellent efforts, simply because the ISP community is too large. an IP Broadband ISAC, and an IP Longhaul ISAC, and an IP Hosting ISAC, and other small/focused isacs, could yet fly. to that end :-), something is happening with a DNS ISAC. (more later.) -- Paul Vixie
Sorry this was delayed... had some problems with being subscribed to nanog-post under genuity.com vs. genuity.net. Hopefully, this'll go through. -kjc On 9 Jan 2003, Paul Vixie wrote:
pete@kruckenberg.com (Pete Kruckenberg) writes:
Is there anything happening with collaborative security policy and remediation in the industry? Has any effort showed progress towards an effective ISAC or similar? Can networks realistically collaborate on security, or do the political and operational barriers not justify the effort?
i think that kelly cooper's ISP ISAC was doomed in spite of kelly's excellent efforts, simply because the ISP community is too large. an IP Broadband ISAC, and an IP Longhaul ISAC, and an IP Hosting ISAC, and other small/focused isacs, could yet fly.
Thank you for the props Paul, but I think it was more an issue of money. Just for the record (because I've gotten several private emails on this) there is no ISP-ISAC. It is not an entity, a company, or even an organized group of like-minded ISPs. The project to create the ISP-ISAC is currently on hold. Funding has been the main issue, so [ BIG HINT ] if anyone wants to jump up and offer to fund it, I've got the entire proposed infrastructure documented and ready for non-profit incorporation, plus several ISPs willing to be founding members. (You maybe be asking yourself, what's the funding for? I've said this before, but it bears repeating. Having worked on ISP-to-ISP cooperation both formally and informally for 7 years now, I can say that the main lesson I've learned is that the coordination needs to be someone's job. Not something they do when they have time, as a subset of their real job, that gets deprioritized when a local emergency comes up. A real job, full-time. And something I've noticed is that ISPs don't really trust one another, so the job has to be ISP-neutral. Those issues mean contracting the operational piece of an ISP-ISAC out to a third party. And that takes money.)
to that end :-), something is happening with a DNS ISAC. (more later.)
Good idea. Good luck. Kelly J. -- Kelly J. Cooper - Security Engineer, CISSP GENUITY - Main # - 800-632-7638 Woburn, MA 01801 - http://www.genuity.net
participants (4)
-
Kelly J. Cooper
-
Paul Vixie
-
Pete Kruckenberg
-
sgorman1@gmu.edu