Firewall Wizards mailing list archives
Re: Re: Flawed Surveys [was: VPN endpoints]
From: "Stephen P. Berry" <spb () meshuggeneh net>
Date: Fri, 03 Sep 2004 17:44:00 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul D. Robertson writes:
Isnt' it bad though, that these regulations are coming from outside of our field? Shouldn't we be the ones lobbying and drafting and providing guidance?
I strongly agree, for a few reasons: -It makes sense/appeals to my sense of technical aethetics. I.e., the people who know most about the subject matter ought to be the ones developing standards -It's almost certainly a prerequisite for the recognition/practice of IT in general (and information security in particular) as a profession rather than merely a skilled trade. I.e., something more like a medical doctor or lawyer than a transmission repairman (who, incidentally, is guided by more narrowly enunciated standards and regulations than IT on the whole is) -It is probably inevitable These, incidentally, are the reasons why I was on the SAGE Certification Committee when it was first getting started. I don't have any particular love for certification or regluation for their own sakes, but I can see two main possible scenarios: -The Mom 'n apple pie scenario, in which motivated folks in the industry formulate standards and best practices, and use sufficient leverage to see them actually make an impact on the overall level of security -The Apocalypse Now scenario, where the industry(-ies) continue to blunder along the way they currently are, until some catastrophe or combination of circumstances result in regulation by some outside entity (i.e., the gummint) Without attempting to characterise the reasons (or rationality) behind this, it appears as if 9/11 and the collapse of Enron have started the ball rolling in the apocalyptic direction. Part of the problem---perhaps the largest part---is the balkanisation of the IT/IS population. There are no natural lines of power leading up to a small number of high-level entities whose decisions carry meaningful weight within in industry (compare this to telcos, for example). There aren't any `structural' (for want of a better word) features driving the players to have coincident goals (e.g., an online store will almost certainly have very different priorities and resources than a university will, and a biotech will be different from both of them). And, for that matter, there are a lot of cliqueish factions within the industry---Windows versus linux, debian versus fedora, on down to emacs versus vi. As near as I can tell, the only way to overcome this is to discover some way of providing incentive for cooperation before governments are given sufficient incentive to regulate. Things which provide the government with incentive to regulate are easy enough to come up with: broadly, failures of sufficient scope as to have an political impact (via an effect on national security, an effect on the economy, an effect on public opinion, or whatever). The problem is that I can't think of anything (or even the general character of a thing) that would provide incentive for IT/IS entities to cooperate. Or at least nothing that doesn't, in the end, look very much like government regulation. - -spb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (OpenBSD) iD8DBQFBOQ+zG3kIaxeRZl8RAnDWAKDbRZeHevxwmVcA6ibMD9olPEBmEgCgt11f 8XibfrDz6aZaeB8fRHjpXbk= =UHzw -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Re: Flawed Surveys [was: VPN endpoints] MHawkins (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Christopher Hicks (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Marcus J. Ranum (Sep 01)
- <Possible follow-ups>
- Re: Re: Flawed Surveys [was: VPN endpoints] lists (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Stailey, Mike (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Don Parker (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Paul D. Robertson (Sep 03)
- Re: Re: Flawed Surveys [was: VPN endpoints] Crispin Cowan (Sep 03)
- Re: Re: Flawed Surveys [was: VPN endpoints] Stephen P. Berry (Sep 04)
- RE: Re: Flawed Surveys [was: VPN endpoints] MHawkins (Sep 03)
- Re: Re: Flawed Surveys [was: VPN endpoints] Adam Shostack (Sep 03)
- RE: Re: Flawed Surveys [was: VPN endpoints] Stailey, Mike (Sep 03)
- RE: Re: Flawed Surveys [was: VPN endpoints] Paul D. Robertson (Sep 03)
- RE: Re: Flawed Surveys [was: VPN endpoints] Bill Royds (Sep 04)
- Re: Flawed Surveys [was: VPN endpoints] Abe Singer (Sep 04)
- RE: Re: Flawed Surveys [was: VPN endpoints] Christopher Hicks (Sep 01)