Tag Archive for Feds

RB | September 7, 2009
No comments

Feds Still Aim to Federalize Net

securitySenator Jay Rockefeller (D-WV) has released a revised version of his bill that would federalize the Internet (I covered this topic earlier here ). The current draft would allow the president to “declare a cyber security emergency” relating to “non-governmental” computer networks and do what’s necessary to respond to the threat. Section 3 (2) (B) Defines “Cyber” as any matter relating to, or involving the use of, computers or computer networks. Section 201 (2) (B), permits the president to “direct the national response to the cyber threat” if necessary for “the national defense and security.”

“I think the redraft, while improved, remains troubling due to its vagueness,” Larry Clinton told CNET “It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill.” said Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board.

Senator Rockefeller

A Senate source familiar with the bill told CNET that the president’s power to take control of portions of the Internet is comparable to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.

Section 201 (5) the bill requires the White House to engage in “periodic mapping” of private networks deemed to be critical, and those companies “shall share” requested information with the federal government. The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco told CNET . “As soon as you’re saying that the federal government is going to be exercising this kind of power over private networks, it’s going to be a really big issue,” he says.

“The language has changed but it doesn’t contain any real additional limits,” EFF’s Tien says. “It simply switches the more direct and obvious language they had originally to the more ambiguous (version)…The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There’s no provision for any administrative process or review. That’s where the problems seem to start. And then you have the amorphous powers that go along with it.”

Rb-

If your network is determined to be “critical” by the Feds, there is likely a new set of regulations coming from the same people who are giving themselves failing grades for their own cyber-security. These new rules could impact staffing decisions, disclosure policies and open the door to a government can take over your IT systems. This bill requires watching by anybody that uses or manages computers, a private network or the Internet. It is likely they will sweep it in as pork on sort other unrelated bill, to limit public discussion.

Contact your representatives in DC.

Category: Networking | Tags: , ,
RB | July 28, 2009
No comments

Feds to Test IPv6

ipv6NetworkWord is reporting that the U.S. government has reportedly launch a comprehensive product testing program for IPv6. The new program, USGv6 Test Program , will be run by the National Institute of Standards and Technology (NIST) will require all network hardware and software vendors to pass IPv6 compliance and interoperability tests before they can sell their products to the U.S. federal government market. The NIST IPv6 test plan covers basic IPv6 functionality as well as related standards such as: IP Security (IPsec), Internet Key Exchange (IKEv2 ), Dynamic Host Configuration Protocol (DHCPv6), Open Shortest Path First (OSPFv3), Border Gateway Protocol (BGP4+) and multicast requirements in MLDv2 .

nistThe USGv6 program will allow vendors to run IPv6 compliance tests in their own labs as long as the labs are accredited by NIST, but they must run IPv6 interoperability testing in someone else’s lab. Erica Johnson, Director of the University of New Hampshire InterOperability Laboratory told NetworkWorld, “The way that the NIST profile is going to work is that conformance testing can be done in an accredited first-party [vendor], second-party [buyer] or third-party [independent] lab…But the interoperability testing must be done in a second-party or third-party lab.”

The time-frame for the USGv6 Test Program is tight. NIST is expected to publish this week [July 31] the final version of its IPv6 test specifications  aka Special Publication 500-273 and to finalize its test plan in November 2009. Testing labs are to be accredited before the end of the calendar year. Network vendors will have six months to get their routers, operating systems, firewalls and other security systems through IPv6 testing prior to the federal government’s July 2010 acquisition deadline.

By July 2010, federal agencies will be required to purchase only hosts, routers and network security systems that have been tested for IPv6 compliance. Vendors must issue a “Suppliers’ Declaration of Conformity” that states host and router products have been tested for IPv6 compliance and interoperability, while security products must undergo functional IPv6 testing. All of the testing must be done in NIST-accredited labs.

rb-

It’s about time – I have been including IPv6 requirements in RFP’s for over 6 years. It is amazing to watch the vendors tap-dance arounf what IPv6 compatibility means. Only some of these products from Cisco or Foundry Brocade are IPv6 compatible depending on the image you buy. I guess the real trick will be to get a”Suppliers’ Declaration of Conformity” if you are not a Fed.

Category: IPv6, Networking | Tags: , ,
 

Switch to our mobile site