I wasn't thinking in terms of automatic monitoring, that would open up
a can of worms security wise.
Just looking at some way of getting the manual reporting (that is still
taking place to the FCC) back in the (semi?)public domain. Due to
terrorism concerns, that information is no longer available online. I'm
pretty sure the LEC's and IXC's like it that way also, as they no longer
have to air their dirty laundry. I was able to get some information
under the Freedom of Information act for an outage that affected me
directly , but that takes days or weeks. As close to real-time
information as possible is what's needed to assess and respond to a
major outage, i.e. routing voice/data via different carriers, being able
to explain to end users why their email or phone calls didn't go through
, etc. and eliminating the need to open tons of trouble tickets during a
major event. One master ticket - such as fiber cut affect xxx OC48's
would suffice.
Not sure how this can be balanced against DHS perceived needs
though...any suggestions?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thinking out loud.
I guess some sort of trust model would help similar to what nsp-sec has
in place (not sure its current state).
It could be nice if there was some sort of a consensus among this
consortium to distribute executive health metrics with the help of some
secure trusted monitoring mechanism or maybe push model to a central
database of some sort.
Like to hear more thoughts as well.
regards,
/virendra
Wallace Keith wrote:
Vicky Rode wrote:
Thinking out loud.
I guess some sort of trust model would help similar to what nsp-sec has
in place (not sure its current state).It could be nice if there was some sort of a consensus among this
consortium to distribute executive health metrics with the help of some
secure trusted monitoring mechanism or maybe push model to a central
database of some sort.Like to hear more thoughts as well.
Here we see again that the secrecy ("to prevent terrorism") of this
information costs more than having it in the open as the FCC did in
the past. The whole terrorism sham was just a convenient excuse to
prevent outsiders from assessing the quality of the carriers network.
Even if, which it does not, secrecy of this information would prevent
any kind of external force terrorism we now have to suffer the terrorism
from dishonest carriers and intransparent phone and bandwidth markets.
One can only guess the cost shouldered by carriers customers because of
unknown or deliberately wrong information. Guess how many procurements
would have been made differently if true reliability and physical route
information were available.
Do I feel better that neither me nor the terrorist know that my "redundant"
fiber routes are in the same dig? Or in the same cable even? We all know
how reliable the carriers bonus driven sales droid promises are...
Here we see again that the secrecy ("to prevent terrorism") of this
information costs more than having it in the open as the FCC did in
the past. The whole terrorism sham was just a convenient excuse to
prevent outsiders from assessing the quality of the carriers network.
In the field of security engineering, this is something called security through obscurity. Terrorists are well funded, and they, no doubt, can get hold on those 'secret' fiber maps if they have interest in them.
Do I feel better that neither me nor the terrorist know that my "redundant"
fiber routes are in the same dig? Or in the same cable even? We all know
how reliable the carriers bonus driven sales droid promises are...
Only ones suffering are us...