[114915] in North American Network Operators' Group
Re: White House net security paper
daemon@ATHENA.MIT.EDU (Jared Mauch)
Fri May 29 14:17:51 2009
From: Jared Mauch <jared@puck.nether.net>
To: Andrew Euell <andyzweb@gmail.com>
In-Reply-To: <fe676c0d0905291033k5f901e71r43b3213637c57bb5@mail.gmail.com>
Date: Fri, 29 May 2009 14:13:55 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 29, 2009, at 1:33 PM, Andrew Euell wrote:
> "The Nation=92s approach to cybersecurity over the past 15 years has =20=
> failed to
> keep pace with the threat."
>
> I think that they may be getting it...
=46rom my experience, people get it, but security is always a balance =20=
between making something usable and how-high to build the fence. I =20
know how to keep important data secure, but making it accessible and =20
secure always exposes it to some level of risk. The question is where =20=
does that risk meter get set.
It's not obvious to me if this is a direct result of the 60-day cyber =20=
review (but I presume it is) that Melissa Hathaway completed. I need =20=
some more time to read this entire thing. The ISP community has =20
provided input to this and various security efforts that the US =20
Government has done. There is actually an entire (non-trade-=20
association driven, non-lobbist, etc..) community that does get =20
reached out to.
http://www.commscc.org/
http://www.it-scc.org/
I know that membership is FREE for the IT-SCC. This means that *YOU* =20=
(yes, You!) can be at the table and provide this feedback. This is in =20=
addition to you reading the notices in the Federal Register too ;)
There are good people involved in these activities, but always room =20
for more. Take a look at the charters for the it-scc & commscc and =20
see if one (or both) is a fit for your org. Worst case scenario you =20
get a few more emails. (The volume is way lower than NANOG).
- Jared
