Voluntary cooperation (Re: Inter-provider communications )

[Sean Donelan <sean () donelan com>]

On Sun, 21 January 2001, Steve Sobol wrote:
> Another thought - I don't advocate lots of government involvement in the
> Internet arena, but perhaps it's time that our Congresscritters demanded
> that these big companies talk to each other. Those big guys want us to think
> that Internet transit is as reliable as dialtone.[0] It won't be as long as
> they continue to make it difficult to stop attacks...

Strangely, one of the reasons given why providers do not talk to each other
is the government is *NOT* involved.  Without a mandate from the government,
some folks feel it would be improper for any of the providers to exchange
information.

If you look at the other utilities, the inter-provider communication occurs
via either government mandated, or "voluntary cooperation" with government
supervised systems.

The former RBOCs and major IXCs communicate via a network established by
the NTA and NCA.  This was set up at the insistance of the US Military when
AT&T was broken up, and was part of the consent decree.  This usually connects
to an entirely different part of a company than their Internet operations
center.  Frequently the "phone NOC" and the "internet NOC" are in different
states, and don't share the information either.

The electric companies communicate via a network established by NERC.  This
was set up after the Northeast blackout in 1965, and under intense government
interest, the industry established a "voluntary" system.  There are strict
rules about segregating information needed for the operation of the grid,
and so-called market information used by sales, brokers, and even management.

There is also a communication network used by about a dozen major international
carriers.  I've never found much information about it, but it seems related
to NATO.  Or there is very strong overlap between NATO countries, and the
national carriers on the network.

The Consolidated Tape System, which reports the "official" prices for all
the stock exchanges, is jointly owned by the exchanges and supervised by
the SEC.

Even in the Internet security area, it seems like the only long-lasting
programs are those funded by the government.  CERT/CC has been around
over a decade, but still has trouble sharing information.  Last week
a group of companies announced yet another attempt, IT-ISAC as part
of the Department of Commerce's critical infrastructure protection
efforts.  The FBI has a similar program called InfraGuard.

Richard Clarke called it a "patriotic move" by the participating companies.

Paying $5,000 and issuing a press release is the easy part.  The hard
part is if any of the companies will actually contribute hard data.

However, there is another way.

There is one information sharing network connecting every major NOC.  If
you want to reach them all, CNN is the way to do it.  I think of it as a
last resort, but a couple of large providers have shown on more than one
occasion, it is the only communication channel that gets a response.  I
wish there was a better way, and I'm more than willing to work with anyone
on alternatives which will have "buy in" from all the major providers.
My goal is to solve the problem, not issue yet another happy days press
release.  But in the mean time, use the channels proven to work.

I'm begging, please give me an alternative that works.