On May 29, 2009, at 1:33 PM, Andrew Euell wrote:
"The Nation’s approach to cybersecurity over the past 15 years has
failed to
keep pace with the threat."
I think that they may be getting it...
From my experience, people get it, but security is always a balance
between making something usable and how-high to build the fence. I
know how to keep important data secure, but making it accessible and
secure always exposes it to some level of risk. The question is where
does that risk meter get set.
It's not obvious to me if this is a direct result of the 60-day cyber
review (but I presume it is) that Melissa Hathaway completed. I need
some more time to read this entire thing. The ISP community has
provided input to this and various security efforts that the US
Government has done. There is actually an entire (non-trade-
association driven, non-lobbist, etc..) community that does get
reached out to.
http://www.commscc.org/
http://www.it-scc.org/
I know that membership is FREE for the IT-SCC. This means that *YOU*
(yes, You!) can be at the table and provide this feedback. This is in
addition to you reading the notices in the Federal Register too ;)
There are good people involved in these activities, but always room
for more. Take a look at the charters for the it-scc & commscc and
see if one (or both) is a fit for your org. Worst case scenario you
get a few more emails. (The volume is way lower than NANOG).
- Jared