Probe Research has a very lucid take on this very topic at
http://www.proberesearch.com/alerts/networksecurity.htm Their point is that, given the current climate, the RBOCs are likely to be setting the agenda for cyber security. To quote Probe's first two conclusions: "First, the RBOCs will be the focus of developing a telecom national security plan; Second, the RBOCs will use this position to force costs onto all players. For example, co-location will be viewed as increasing the risk to telecom, so carriers may be forced to abandon co-location in favor of smaller nodes and these nodes will have to have remote backup nodes." Cheers, Mathew At 08:22 PM 7/18/2002 -0400, Sean Donelan wrote: >http://www.eweek.com/article2/0,3959,387377,00.asp > >"All the while maintaining that the government will not set IT security >requirements for the private sector, top federal IT officials today said >they expect such mandates will be imposed on federal agencies and that the >same standards will also be used by industry." > >While standards are great, one-size-fits-all standards aren't. When the >government's cyber-security plan is released in September, will >there be 500 requirements that Internet Service Providers must meet? >Should ISPs be more secure than the post office or the telephone or the >bike messenger? Must Bill's Bait & Sushi Shop ISP Service meet the same >security requirements as the ISP for the White House? > >ISPs come in all sorts of shapes and sizes. Consumers use cordless >phones at home, but the NSA prohibits use of cordless phones in secure >areas. Just because the government issues a security standard doesn't make >it suitable for all purposes. Some people like paying $9.95 for Internet >service from an ISP without a backup generator, and wouldn't want to pay >$29.95 for a "certified" ISP with a backup generator. If the $9.95 ISP >fails, heck they could almost afford two more for the same price as a >single "certified" ISP. Sometimes a hammer is just a hammer, and you >don't need a MIL-SPEC. If the Department of Homeland Security creates a >new security standard for ISPs, what do you think will happen to any ISP >which doesn't meet it? > >The security "Gold Standard" for Microsoft 2000 was written by the >Critical Infrastructure Protection Board, the Center for Internet >Security, the National Security Agency, the General Services >Administration, the National Institute of Standards and Technology, and >the SANS Institute. > >Do you know who is writing the security "Gold Standard" for Internet >Service Providers?