nanog mailing list archives
Re: If you thought Y2K was bad, wait until cyber-security hits
From: "Larry J. Blunk" <ljb () merit edu>
Date: Fri, 19 Jul 2002 11:21:47 -0400
http://www.eweek.com/article2/0,3959,387377,00.asp "All the while maintaining that the government will not set IT security requirements for the private sector, top federal IT officials today said they expect such mandates will be imposed on federal agencies and that the same standards will also be used by industry." While standards are great, one-size-fits-all standards aren't. When the government's cyber-security plan is released in September, will there be 500 requirements that Internet Service Providers must meet? Should ISPs be more secure than the post office or the telephone or the bike messenger? Must Bill's Bait & Sushi Shop ISP Service meet the same security requirements as the ISP for the White House? ISPs come in all sorts of shapes and sizes. Consumers use cordless phones at home, but the NSA prohibits use of cordless phones in secure areas. Just because the government issues a security standard doesn't make it suitable for all purposes. Some people like paying $9.95 for Internet service from an ISP without a backup generator, and wouldn't want to pay $29.95 for a "certified" ISP with a backup generator. If the $9.95 ISP fails, heck they could almost afford two more for the same price as a single "certified" ISP. Sometimes a hammer is just a hammer, and you don't need a MIL-SPEC. If the Department of Homeland Security creates a new security standard for ISPs, what do you think will happen to any ISP which doesn't meet it?
Backup generators? That's far too mundane. Check out this quote from Howard Schmidt in http://www.supercomputingonline.com/article.php?sid=2269 "The routing tables of the future will be unmanageable; there will slowdown and failures, and malicious and criminal activity between 2002 and 2009 all mean the Internet quits working," warned Schmidt. He even forecast a future in which "special aircraft will be flying the routing tables" physically to servers after periodic network brownouts. Perhap ISP's can differentiate themselves by whether their required "special aircraft" are super-sonic or sub-sonic. Do we need an update for RFC1149 (BGP over F-16's?).
Current thread:
- If you thought Y2K was bad, wait until cyber-security hits Sean Donelan (Jul 18)
- Re: If you thought Y2K was bad, wait until cyber-security hits Larry J. Blunk (Jul 19)
- Re: If you thought Y2K was bad, wait until cyber-security hits Jake Khuon (Jul 19)
- Re: If you thought Y2K was bad, wait until cyber-security hits Martin Hepworth (Jul 19)
- Re: If you thought Y2K was bad, wait until cyber-security hits up (Jul 19)
- Re: If you thought Y2K was bad, wait until cyber-security hits Jake Khuon (Jul 19)
- Re: If you thought Y2K was bad, wait until cyber-security hits Jake Khuon (Jul 19)
- Re: If you thought Y2K was bad, wait until cyber-security hits Scott Francis (Jul 20)
- Re: If you thought Y2K was bad, wait until cyber-security hits Valdis . Kletnieks (Jul 20)
- Re: If you thought Y2K was bad, wait until cyber-security hits Scott Francis (Jul 20)
- Re: If you thought Y2K was bad, wait until cyber-security hits Valdis . Kletnieks (Jul 20)
- Re: If you thought Y2K was bad, wait until cyber-security hits Sean Donelan (Jul 21)
- Re: If you thought Y2K was bad, wait until cyber-security hits Valdis . Kletnieks (Jul 20)
- Re: If you thought Y2K was bad, wait until cyber-security hits Larry J. Blunk (Jul 19)
- <Possible follow-ups>
- Re: If you thought Y2K was bad, wait until cyber-security hits Mathew Lodge (Jul 18)