In case you missed the memo, Howard Schmidt acting chairman of the
President's Cybersecurity Board announced the National
Communications System is the place you are supposed to report
Internet infrastructure incidents.
http://www.fcw.com/fcw/articles/2003/0331/web-cyber-04-02-03.asp
"Many incidents can be handled by the private sector, but there is current
discussion about how to better define expectations on the government side
and to institutionalize what type of incidents will be automatically
reported to the government, Schmidt said."
"One step officials already have made is to establish the National
Communications System (NCS) as the key contact point for industry
representatives when reporting Internet infrastructure incidents, he
said."
This is assuming the US Government security authority over the Internet. Why
should the US Government get the appearance of special privileges where
other governments of the world do not? The vast majority of serious security
incidents I see all cross national jurisdictions. So you can label them
"international Internet security incidents."
As far as I see the Internet, the US Government is just another customer ...
not "the government" that exclusive access to the state of the Net's health.
My advice to the "Internet Industry" is to keep pressing forward with
Industry driven solutions. That way, governments around the world who wish
to be "plugged in" can join the industry's response to security incidents on
the Net.
http://www.govexec.com/dailyfed/0403/040103td1.htm
"The Homeland Security Department may take more of a direct role
coordinating the security of the Internet's infrastructure, a top
administration official said Tuesday."
"The Bush administration's acting cybersecurity adviser Howard Schmidt
said in an interview that homeland security and government agencies
officials are working to formalize a security apparatus for the global
Internet root servers, a series of computer systems that underpin the
Internet's address system."
Since US state and federal government affliated agencies already operate
5 out of 13 of the root servers, and 2(3) root server operators are
essentially under the contractual supervision of the US government, I'm
not sure how much more direct you can get.
3 root server operators are outside the US.
> This is assuming the US Government security authority over the
> Internet. Why should the US Government get the appearance of special
> privileges where other governments of the world do not? ...
http://www.govexec.com/dailyfed/0403/040103td1.htm
"The Homeland Security Department may take more of a direct role
coordinating the security of the Internet's infrastructure, ...
"The Bush administration's acting cybersecurity adviser Howard Schmidt
said in an interview that homeland security and government agencies
officials are working to formalize a security apparatus for the global
Internet root servers, a series of computer systems that underpin the
Internet's address system."
Since US state and federal government affliated agencies already operate
5 out of 13 of the root servers, and 2(3) root server operators are
essentially under the contractual supervision of the US government, I'm
not sure how much more direct you can get.
speaking for f-root, ISC reports attacks and outages to US-NCS and have since
long before the current executive order, and without reference to any order.
it's not an exclusive. any nation that the US state department tells ISC is
not an "enemy" is welcome to hear our attack and outage reports. generally
this means G8 but...
3 root server operators are outside the US.
...we've now got f-root mirrored in spain and china, with more on the way.