This is yet another Federal example of “Do as I say…not as I do.” There is no excuse for the Federal government not following and meeting or exceeding the standards it sets for websites and website security.
This is an important process to monitor in Washington. I am concerned that Federal IT modernization continues to be pushed to the back burner. There are real issues with Federal IT infrastructure that must be addressed sooner rather than later.
Several components of this Rule concern me, not the least of which is the potential for abuse. I hope that this delaying strategy works and it can be reconsidered under the new administration.
This is an intriguing step by Senator Warner, and it poses several follow up questions. I am personally unsure how an ISP can govern the devices on the inside of any user’s home router or firewall. Obviously, from a technical perspective, certain outbound traffic from a home can be filtered, but it would be very difficult to determine the configuration or firmware version of the source device.
ISP’s, however, are capable of assisting in the fight against DOS and DDOS attacks, depending on the architecture of their infrastructure and the investments they are willing to make to build dynamic solutions for routing and “blackholing” malicious traffic.
I am glad to see this debate coming to the forefront and receiving some well-deserved attention. The answers, however, are not quite as clear as we would like them to be.
It is about darn time. Considering the effort and burden that federal regulations and compliance requirements have generated for the private sector, it is certainly time for our government to look inward. The mantra of “do as I say, not as I do” does not work for IT security.