Another Take on Network Security
I just Googled the term “beating a dead horse.” That’s how I had intended to open this commentary article, but then I thought “gee, that’s an awfully crass phrase when you think about it. I wonder where it came from.”
And of course, the Internet delivered. Wikipedia says:
According to the Oxford English Dictionary, the first recorded use of the expression in its modern sense was by the English politician and orator John Bright in reference to the Reform Act of 1867, which called for more democratic representation in Parliament. Trying to rouse Parliament from its apathy on the issue, he said in a speech, would be like trying to "flog a dead horse" to make it pull a load. The Oxford English Dictionary cites usage in The Globe in 1872 as the earliest verifiable use of "flogging a dead horse", where someone is said to have "rehearsed that [...] lively operation known as flogging a dead horse".
So now I know, and you do too.
A couple of observations about my Friday afternoon Googling. (Yikes, that sounds kind of crass on its own, if I think about it. MOVING ON.) First, my intent was to open by saying that I don’t think there’s really anything more that can be said about the need for network security services in our nation’s schools and libraries. Second, I was able to read up on ol’ John Bright because our internet here at FFL World Headquarters is working properly.
See, there has been a lot of talk about network security and E-rate lately, and for good reason since the FCC asked us all what we thought about the future of Category Two funding, including what types of products and services should be funded. There was overwhelming support from the community about adding advanced network security services to the program’s Eligible Services List, and although the comment period has closed, there continue to be discussions with the Commission as evidenced by numerous ex parte submissions1 .
The ex parte comments make thoughtful and well-reasoned arguments. Protecting student data and preventing ransomware attacks are significant challenges. The stakes are high, the threat is real, and the time to take strong action is now.
At some level, though, I’m not so sure that protecting student data or saving districts from ransomware attacks are necessarily the E-rate program’s job. I mean, the E-rate program doesn’t make policy decisions about safety standards for school buses or set speed limits in school zones, but I think everyone would agree that those are laudable and necessary pursuits.
But the E-rate program does concern itself with ensuring that students and library patrons have reliable and consistent access to the Internet. And from that perspective, the program must consider funding any type of product or service which is necessary to achieve that objective. We have a mountain of data which tells us that: 1) attacks on school and library networks are occurring; 2) they are increasing in frequency; and, 3) they account for a significant amount of network downtime each year.
Which brings me back to John Bright. I would not be as informed as to the origin of seemingly crass phrases had FFL’s network been down due to a DDOS attack. We have a network security solution which takes care of that for us. That solution is every bit as essential to ensuring that my workstation has reliable Internet access as the switch it is connected to or the router that physical terminates our fiber connection. It is, in short, network infrastructure.
The beautiful thing about that is that the E-rate program already supports network infrastructure. Funding network security, then, doesn’t require reworking the entire eligible services framework, nor does it represent some sort of tangential move outside its stated purpose or the FCC’s scope of authority. Put simply, the 2019 definition of critical network infrastructure includes security, and an infrastructure support program of any kind is incomplete when security is excluded.
There’s no need to beat a dead horse. The horse is alive and well, and it’s already in the stable. We just have to take it out and put it to work.
 Ex Parte