[ICANN representatives are welcome to reply, of course. --DBM] ******** Date: Fri, 28 Sep 2001 13:46:18 -0400 Subject: Re: FC: ICANN tries to preserve Net-stability against terrorist attacks/RFF Reply From: Richard Forno <rfornoat_private> To: <declanat_private>, <politechat_private> Organization: WWW.INFOWARRIOR.ORG I was NSI's Chief Security Officer 1998-2001, and had a ringside seat to the evolution from the InterNIC to the Shared Registry System and the rise of ICANN. I can safely say that the only security most of ICANN's Board is interested (or qualified) to address is job security. The same could be said for many of the commercial root operators, too. This domain name / Internet governance circus is a leftover Clintonian powderkeg waiting to ignite, and I seriously fear for the world if ICANN in its present form gets involved with "internet security" matters like this. ICANN is using the events of 09-11 as yet another excuse to slow their already glacial (and some would say corrupt) pace of operations while their supporters (e.g., big business) jockey for position on how to best exploit the future. Regarding the CERT/CC quote: > "Additional government support for research, development, and education in > computer and network security would have a positive effect on the overall > security of the Internet," he concluded. We certainly always need research, but sooner or later we need operational results, not calls for more analysis, committes, and blue-ribbon panels from the White House. This week it was made known once again that USG computers don't make their mark for IT security......six years ago when I was on the Hill, the exact same claims were made. You could take hearing transcripts from 1996 and they'd be nearly identical to what we saw this past week. (http://www.washingtonpost.com/wp-dyn/articles/A32105-2001Sep26.html). How many more years of analysis, studies, and research before we see operational results and increased security on such systems? If you want to protect the rootservers in times of war, declare them part of the National Communications System (NCS), federalize the US ones, and give them to DISA, the military agency charged with operating and protecting the NCS. This would be a great way to secure the US-based roots in time of war and cut the clueless (eg, ICANN) or the greedy (commercial root ops) out of the equation, where their loony-land mentality regarding internet and infrastructure security - and kooky governance policies - is more of a hindrence than a help. In war, that would be disasterous. Decentralizing the roots would be a good start, too. :) Cheers, Richard Forno infowarrior.org ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 11:35:35 PDT