FC: Richard Forno on ICANN and Net-stability against terrorists

[Declan McCullagh <declan () well com>]

[ICANN representatives are welcome to reply, of course. --DBM]

********

Date: Fri, 28 Sep 2001 13:46:18 -0400
Subject: Re: FC: ICANN tries to preserve Net-stability against terrorist
        attacks/RFF Reply
From: Richard Forno <rforno () infowarrior org>
To: <declan () well com>, <politech () politechbot com>
Organization: WWW.INFOWARRIOR.ORG

I was NSI's Chief Security Officer 1998-2001, and had a ringside seat to the
evolution from the InterNIC to the Shared Registry System and the rise of
ICANN. I can safely say that the only security most of ICANN's Board is
interested (or qualified) to address is job security. The same could be said
for many of the commercial root operators, too. This domain name / Internet
governance circus is a leftover Clintonian powderkeg waiting to ignite, and
I seriously fear for the world if ICANN in its present form gets involved
with "internet security" matters like this.

ICANN is using the events of 09-11 as yet another excuse to slow their
already glacial (and some would say corrupt) pace of operations while their
supporters (e.g., big business) jockey for position on how to best exploit
the future.

Regarding the CERT/CC quote:

> "Additional government support for research, development, and education in
> computer and network security would have a positive effect on the overall
> security of the Internet," he concluded.

We certainly always need research, but sooner or later we need operational
results, not calls for more analysis, committes, and blue-ribbon panels from
the White House. This week it was made known once again that USG computers
don't make their mark for IT security......six years ago when I was on the
Hill, the exact same claims were made. You could take hearing transcripts
from 1996 and they'd be nearly identical to what we saw this past week.
(http://www.washingtonpost.com/wp-dyn/articles/A32105-2001Sep26.html). How
many more years of analysis, studies, and research before we see operational
results and increased security on such systems?

If you want to protect the rootservers in times of war, declare them part of
the National Communications System (NCS), federalize the US ones, and give
them to DISA, the military agency charged with operating and protecting the
NCS. This would be a great way to secure the US-based roots in time of war
and cut the clueless (eg, ICANN) or the greedy (commercial root ops) out of
the equation, where their loony-land mentality regarding internet and
infrastructure security  - and kooky governance policies - is more of a
hindrence than a help. In war, that would be disasterous.

Decentralizing the roots would be a good start, too.  :)

Cheers,

Richard Forno
infowarrior.org 




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------