It is, but with a sufficiently large number of attempts you can account for jitter. A good summary (with links to existing research) can be found here:

http://blog.astrumfutura.com/2010/10/nanosecond-scale-remote...

Doesn't matter.

Network latency variance just means you need to sample more. It doesn't prevent the attack.

So what, you're going to take a large number of samples for each username attempt?