An odd note
One oddity in the text prepared for President Obama is this:
The Federal government, with the participation of all departments and agencies, should expand support for key education programs and research and development to ensure the Nation’s continued ability to compete in the information age economy. Existing programs should be evaluated and possibly expanded, and other activities could serve as models for additional programs.
Now this was a text on information operations, whether conducted by civilians motivated by direct economic gain, aka "cybercrime", or conducted by military and/or security operatives motivated by a larger set of interests, the first one of this administration, and the first of any administration that envisioned public policy since the abandonment of the network infrastructure during the late-Bush-I, early Clinton-I "priviatization" period.
Is the problem that there aren't enough cisco and/or MicroSoft certified LAN security experts in the tech labor market? This really doesn't seem causal.
What are the big levers, which when pushed, move something? I'm want to use "primitives" but I'm not writing teh tech this morning.
BCP38 (Ingress filtering) is a biggie. The reason ISPs do not implement ingress filtering is not lack of clue, RFC 2827 Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, was written in 2000. It is mandatory-to-know in the operator community, and widely ignored as an operational requirement by ISP P&L managers.
More abstractly, admission control at the edge.
Another biggie is the shared fate cult. When the Federal Information Processing Standards (FIPS) was watered down to allow Microsoft's operating system products to be FIPS-151 compliant, the 1993-era model of a POSIX and secure government system was replaced in 2000 by Microsoft's operating system products. The Federal market is big enough to drive vendors and the non-federal government market. The industry I worked for (I wrote XPG/1 and XPG/4.2, now known as the Single Unix Standard) was wiped out of the desktop market by Microsoft, which then went on to attempt to wipe out POSIX operating systems products in the server market.
Bad addresses and bad hosts. These are effectively infinite resources for the designer of distributed systems for economic gain, or a larger set of interests.
Neither of these involve spending money on education, that is, some form of un- or under-employment compensation with the promise of future employment, and both would disturb the business models of local and national monopolists in the access business, and the business model of the global moopolist in the operating system market, but these are the fundamentals as to why the net sucks.
Would the problems caused by the criminals of the past (and still not prosecuted) regime in Iraq or Afghanistan be best cured by "key education programs"? How about banking? How about automobile manufacturing? And if so, if "key education programs" are the best means to a cure, when will the situation actually change? When will these more-meritorious-by-right-of-clue cadres displace, in this meritocracy-of-the-rhetorical-mind, their less perfect predecessors, and by displacing them, end their uneducated abuses?
Seriously, we're getting a fix for cyber-cooties scheduled for 2020s?