North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Lessons, does anyone ever learn?
As a footnote referencing the budget request Sean lists below, take a look at http://www.ciao.gov/roadmap-c.pdf for specific information and http://www.ciao.gov/roadmap-main.pdf (table 2.3) for a general summary. These references are from the July 1998 Critical Infrastructure Assurance Office's summary of "Information and Communications Infrastructure."
It's old data for some of you, but still worthwhile as a refresher since the gummin't takes a while to throw some money and monkey wrenches at these reports...
So: Regardless of how often they regurgitate the same discoveries, we know that the government doesn't trust current development and risk assessment of "the network" (be that network the current Internet or some IP based network of the not-so-distant past.) For those of us in the US that have to contend with the results any US-based legislation, what does it mean? Will we have to build our IP networks according to a certain planbook? Will we be required to allow inspections to confirm compliance? Will international providers of traffic need to comply with US-specific guidelines before being allowed to "import" their packets?
I'll throw my opinion of "No" on the table and see if anyone disagrees. I really see no way to implement meaningful risk assessment and coordinated security controls across such an already huge number and variety of private networks. These risk assessment studies that CIAO is doing are interesting, but what can be the end result of so much expense and examination? Not a lot that will directly change the higher-layer protocols (eg: layer 2/3 and up) that are currently being used, at least not without a lot of burdensome legislation that might stifle the industry. I think such a burden will be enough to scare legislators away from passage of such laws.
Should this discussion really go on com-priv? (or as the case may be in this throwback to governmental control of the network: "priv-com" ;)
At 2:26 PM -0600 2/17/99, Sean Donelan wrote: