If you thought Y2K was bad, wait until cyber-security hits

Mathew Lodge mathew at cplane.com
Fri Jul 19 01:27:44 UTC 2002


Probe Research has a very lucid take on this very topic at

http://www.proberesearch.com/alerts/networksecurity.htm

Their point is that, given the current climate, the RBOCs are likely to be 
setting the agenda for cyber security. To quote Probe's first two conclusions:

"First, the RBOCs will be the focus of developing a telecom national 
security plan;

Second, the RBOCs will use this position to force costs onto all players. 
For example, co-location will be viewed as increasing the risk to telecom, 
so carriers may be forced to abandon co-location in favor of smaller nodes 
and these nodes will have to have remote backup nodes."

Cheers,

Mathew



At 08:22 PM 7/18/2002 -0400, Sean Donelan wrote:


>http://www.eweek.com/article2/0,3959,387377,00.asp
>
>"All the while maintaining that the government will not set IT security
>requirements for the private sector, top federal IT officials today said
>they expect such mandates will be imposed on federal agencies and that the
>same standards will also be used by industry."
>
>While standards are great, one-size-fits-all standards aren't. When the
>government's cyber-security plan is released in September, will
>there be 500 requirements that Internet Service Providers must meet?
>Should ISPs be more secure than the post office or the telephone or the
>bike messenger?  Must Bill's Bait & Sushi Shop ISP Service meet the same
>security requirements as the ISP for the White House?
>
>ISPs come in all sorts of shapes and sizes.  Consumers use cordless
>phones at home, but the NSA prohibits use of cordless phones in secure
>areas. Just because the government issues a security standard doesn't make
>it suitable for all purposes.  Some people like paying $9.95 for Internet
>service from an ISP without a backup generator, and wouldn't want to pay
>$29.95 for a "certified" ISP with a backup generator.  If the $9.95 ISP
>fails, heck they could almost afford two more for the same price as a
>single "certified" ISP.  Sometimes a hammer is just a hammer, and you
>don't need a MIL-SPEC.  If the Department of Homeland Security creates a
>new security standard for ISPs, what do you think will happen to  any ISP
>which doesn't meet it?
>
>The security "Gold Standard" for Microsoft 2000 was written by the
>Critical Infrastructure Protection Board, the Center for Internet
>Security, the National Security Agency, the General Services
>Administration, the National Institute of Standards and Technology, and
>the SANS Institute.
>
>Do you know who is writing the security "Gold Standard" for Internet
>Service Providers?




More information about the NANOG mailing list