Peter Sevcik in the November BCR Magazine points out that it would be good to have more than one source, especially when the source sells devices to measure such numbers. Peter also calls for government oversight and record keeping, at least as much as the FCC already does for voice.
Me, I’d prefer multiple diverse measurements of what goes on between the user and the server. These need to be independent of the ISPs, because the ISPs have various competitive issues, and none of them sees the big picture between and through ISPs, which is what the users actually care about. Some collation and record-keeping organization is needed, but I’d be just as happy with a non-govermental organization doing that, maybe something analogous to CERT or SANS or APWG. I think various governments should be involved with this, and the FCC is the obvious U.S. government agency. But why should governments have all the fun? End users, ISPs, and businesses can all use various aspects of such information beyond what governments care about.
Of course, I would say that, since this stuff is what I do.
What does all this have to do with risk management? If you know what the risks are (types of traffic, nonredundant paths, trends, etc.) you can better deploy and prepare for problems when they occur.
-jsq