Although I agree with almost every part of the paper, I disagree
with the paper.
I think the threats, risks and recommendations in the paper apply
regardless of the country or local ordinances. If you eliminate all
the parts of the paper discussing the Protect America Act, it doesn't
change the technical parts of the paper very much.
<http://www.washingtonpost.com/wp-dyn/content/story/2008/01/27/ST2008012702568.html>
Keeping public networks secure is an interesting problem for every network
operator world-wide. By its nature, no public network can really be
highly secure. If your vendor claims it is, grab your wallet and run.
Its probably a waste of resources to attempt to build the network to
protect the user against everything or even a lot of threats. Yet the
public network relies on user trust in its operation.
I think it would be interesting to watch a debate between a intelligence
tech and a repair tech about whose tools need to be more robust and
reliable. I suspect they would both be very vocal about their needs.
The public network handled the Y2K rollover, you can't say the same thing
about some of the intelligence systems :-)
So if you are a network operator, what can you do technically (since this
is not a law list)?
I think the paper suffers a bit from "CSI" or "24" dazzle, everyone
expects a DNA printout in the last 2 minutes of the show will find the bad
guy, Intelligence Support tradeshows are filled with overpriced pieces of
gear. Its usually the simple stuff that gets you. Most networks are
filled with so many diagnostic features, buying a second set of gear is
usually for administrative not functional reasons.
