Forwarded from: Ralph Forsythe <rf-listat_private> Oh I just can't resist commenting on this one... Text inserted below at various points. At 03:00 AM 11/8/2002 -0600, you wrote: > "What if we take existing networks at all levels of government and > the private sector as appropriate and integrate them? The challenges > are true standards and interoperability. We can solve those > problems," Cooper said at the Federal CTO Forum 2002 here. I'm actually having difficulty finding the words on this one. I thought the whole point of establishing new security guidelines among other things was because the existing networks were not cutting it! Obviously the challenges are true standards and interoperability - so instead of working towards a new technology standards-based methodology, let's just hook it all up together and hope it works? <hysterical laughter here> I'm just imagining the finger pointing that happens when a problem arises inside a single company with lots of departments and network devices, and trying to put it into perspective on this scale. > The day after the Republicans captured a mid-term majority in the > House and Congress, Cooper stated that he is confident a Department > of Homeland Security bill will be passed and that a national > enterprise architecture could be a reality in two to three years. <More hysterical laughter> "A national enterprise architecture could be a reality in two to three years"... Ahem, ok sure. It takes some corporate projects that long just by themselves, let alone connecting all aspects of government and corporate networks into one big conglomerate that's supposed to allow for efficient and accurate exchange of data... > "The priorities that we have set are focused on the information > sharing and systems arena. ... We need to get the right information > to the right people all the time. This is what we're about in > Homeland Security," he said. I just bet they are. He needs to try putting down the Jack Handy self motivational books for a few minutes and step back to look at the reality of the magnitude of this project he has taken on, which is probably historical in terms of size; If they even come up with a plan for it in two to three years time that is complete and accurate, I will be impressed. It has taken that long for some government organizations just to audit their own security, let alone map everything out well enough to include it in the largest private WAN in the world. > Citing the info sharing and systems integration models among various > federal and local law enforcement bodies, Cooper called for the help > of state and local governments and those companies that comprise the > critical infrastructure, including utilities and transportation > companies. How many years has it taken just these organizations to adopt these models? And how many have still yet to do so? Please. And the utilities and transportation will now be dependent on this network? <snip!> > "What if the right parties that have a vested interest all sat down > and agreed on some shared objectives? And agreed upon a fair amount > of work and how to divvy it up? Rather than everyone trying to do > similar [functions] with the best of intentions and often > inadvertently." I agree that this is a good way to go. However taking it from this level, to an actual plan that will interconnect all of these networks (a number of which are probably running systems that predate IP) without introducing huge problems, and then building it right will IMO take a lot more than two to three years time. I'm not trying to slam the overall idea (yet), or government in general, I just think this concept is overly optimistic having seen firsthand how many corporations and some government bodies handle change and interoperability. Not to mention that this network would at some point connect competing companies together I assume. Would you trust your local feds to protect your network from them? What about when these networks are connected up - someplace, somewhere, there will be an Internet link on a LAN that has potential to tie into this. If that company is lax in security, they will have exposed the entire infrastructure to a potential breach. Perhaps I'm just being paranoid, but this isn't just giving everyone a shiny new email address and some message forums, he wants to bridge thousands of things together. I just don't trust the government to get it right, which is unfortunate but experience and observation has caused this viewpoint. More power to them if they think they can pull it off, I will be eagerly waiting to see how that's going to happen. However my skepticism far outweighs my confidence... If I'm off-base on this though, someone can email me by all means. - rf - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Nov 11 2002 - 04:44:30 PST