Re: White House net security paper

[Jared Mauch <jared () puck nether net>]

On May 29, 2009, at 1:33 PM, Andrew Euell wrote:

> "The Nation’s approach to cybersecurity over the past 15 years has  
> failed to
> keep pace with the threat."
>
> I think that they may be getting it...

From my experience, people get it, but security is always a balance  
between making something usable and how-high to build the fence.  I  
know how to keep important data secure, but making it accessible and  
secure always exposes it to some level of risk.  The question is where  
does that risk meter get set.

It's not obvious to me if this is a direct result of the 60-day cyber  
review (but I presume it is) that Melissa Hathaway completed.  I need  
some more time to read this entire thing.  The ISP community has  
provided input to this and various security efforts that the US  
Government has done.  There is actually an entire (non-trade- 
association driven, non-lobbist, etc..) community that does get  
reached out to.

http://www.commscc.org/
http://www.it-scc.org/

I know that membership is FREE for the IT-SCC.  This means that *YOU*  
(yes, You!) can be at the table and provide this feedback.  This is in  
addition to you reading the notices in the Federal Register too ;)

There are good people involved in these activities, but always room  
for more.  Take a look at the charters for the it-scc & commscc and  
see if one (or both) is a fit for your org.  Worst case scenario you  
get a few more emails.  (The volume is way lower than NANOG).

        - Jared