New Legislation Would Federalize Cybersecurity 194
Hugh Pickens writes "Senators Jay Rockefeller and Olympia J. Snowe are pushing to dramatically escalate US defenses against cyberattacks, crafting proposals in Senate legislation that could be introduced as early as today, that would empower the government to set and enforce security standards for private industry for the first time. The legislation would broaden the focus of the government's cybersecurity efforts to include not only military networks but also private systems that control essentials such as electricity and water distribution. 'People say this is a military or intelligence concern, but it's a lot more than that,' says Rockefeller, a former intelligence committee chairman. 'It suddenly gets into the realm of traffic lights and rail networks and water and electricity.' The bill, containing many of the recommendations of the landmark study 'Securing Cyberspace for the 44th Presidency' (PDF) by the Center for Strategic and International Studies, would create the Office of the National Cybersecurity Adviser, whose leader would report directly to the president and would coordinate defense efforts across government agencies. The legislation calls for the appointment of a White House cybersecurity 'czar' with unprecedented authority to shut down computer networks, including private ones, if a cyberattack is underway. It would require the National Institute of Standards and Technology to establish 'measurable and auditable cybersecurity standards' that would apply to private companies as well as the government. The legislation also would require licensing and certification of cybersecurity professionals."
Sure, why not (Score:1, Insightful)
They already have arbitrary control over hiring, firing, and wages at private companies, why not authority over private networks too? If we're becoming neofascist, may as well go whole hog.
The current situation is living proof of the old saying, people get the government they deserve.
Cybersecurity 'Standards" (Score:5, Insightful)
Until your elected representatives fully understand that any public infrastructure networks should not be connected to the 'Internet' -for any reason- any discussion of 'cybersecurity' is simply wasted words. WTF does it take for these 'public officials' to realize that critical infrastructure networks need to be completely isolated and secured from the hostile environment that the 'Internet' has become?
Right! (Score:5, Insightful)
Maybe we could legislate some openness instead.
If this is not an Aprils Fools joke thats... (Score:2, Insightful)
Re:Cybersecurity 'Standards" (Score:5, Insightful)
Re:Not such a good idea (Score:5, Insightful)
Yeah but what can we do? We're just a bunch of people that bitch and moan on slashdot.
If only there was some respected, well known figures in the tech world that could try and get the ear of people that mattered.
If only there was someone that already had advised the Obama administration, other national governments and even spoke at the UN that could raise the concerns with people that matter. :)
Actually they do (Score:5, Insightful)
Comment removed (Score:3, Insightful)
Re:Not such a good idea (Score:5, Insightful)
Personally I don't trust government to:
In choosing democracy we've (wisely) given up some effectiveness in government in order to avoid having dictators. However this current government seems to have gone off the deep end, insanely grabbing power, and then not knowing what to do with it once they have it.
On the bright side, after the coming mass-inflation, they essentially won't have any power due to the fact that they'll have no money (at least, no money that's worth anything). On the depressed realistic side, how can we reasonably expect our representative government to manage money/things when half the population is incapable?
I think lobbying is afoot! (Score:4, Insightful)
It creates a czar, so I'm against it (Score:3, Insightful)
Re:It creates a czar, so I'm against it (Score:2, Insightful)
it sounds anti-democratic
What if it sounded pro-democratic? Would be better?
Imo, It does not matter how it sounds. It IS anti-democratic.
I mean that's against people.
Re:Capability based security (Score:3, Insightful)
+1. Problem is, current CPUs themselves are buggy and exploitable, so you still need a verifier, and if you need that you may as well have a VM and a JIT. Unfortunately the major VMs that have the building blocks to be capability-secure -- such as CLR and JVM -- threw it all away with their standard library designs.
There's also a hidden side of capability security: preventing data, or more generally causality, from leaking in or out of a given piece of code. If there's an API exposed to untrusted code that allows it to detect its environment -- even so simple as the default object hash code or a way to get the current time -- you have a covert channel waiting to bite you.
Re:Not such a good idea (Score:5, Insightful)
How so? Attaching some strings to the tax money they pump into failed businesses?
You clearly haven't been paying attention. Apart from trying to tax bonuses with unconstitutional laws, they've bailed out some companies while letting others fail with no clear motive, they've bailed out companies when letting them fall into bankruptcy would likely be a better option, they've spent a lot of money on projects that won't particularly help the economy all that much, they've spent so much money that inflation will be hard to avoid in the near future (and you REALLY don't want inflation during a recession), they've sent unclear messages about what they are trying to accomplish (some have speculated that Bernanke's ultimate goal is to never be accused of not spending enough), and on top of it they've proposed a budget that will triple the national debt in 10 years, and double it in five. If you want to go back a little farther, we can talk about starting two wars, not a great idea to begin with, but more importantly they were waged with clear incompetence from the beginning.
As for the new cyber-security initiative being flawed, compared to what? The baseline is: nothing.
I don't know if you are trolling here, or if you just haven't read the article, but they want the power to shut down any network they want. This is significantly worse than nothing, for reasons pointed out by Bruce above.
Sometimes it is better to do nothing. As the saying goes, "Don't just do something, stand there!"
Re:Not such a good idea (Score:3, Insightful)
Re:Not such a good idea (Score:4, Insightful)
I know it is a national pastime in America to be as negative about government and politicians as possible, and unfortunately it isn't all unjustified. But if you can't see anything good or positive even in your worst enemy, you are seriously blinkered; and what is worse, you cut yourself off from the possibility to communicate from a common basis and thus from any chance of exerting any influence. Isn't this what keeps all the stupid regional wars going for generations? The Middle East, Sri Lanka, Northern Ireland until recently, much of Africa etc etc.
Your all-out, negative attitude actually plays into the hands of lousy politicians - they want you to think it is hopeless to try to change things, so they can't go on and line their own pockets they way they know best.
Re:Not such a good idea (Score:3, Insightful)
Re:Not such a good idea (Score:4, Insightful)
I think that the government needs to have a hand in every industry that profits off of people's misfortunes.
Wow. I mean, just mega-wow. Are you serious?
The government is already involved in every industry that profits off of people's misfortunes. The automotive insurance industry exists in its current form because it was able to purchase legislation which mandates its use. The medical insurance agency, big pharma, the banks that mushroomed all these mortgages all out of proportion to what they should have been (besides which, while I do believe in caveat emptor I also believe that of all things you should be able to trust that a bank will act conservatively most of the time) and the RIAA all function under bought-and-paid-for legislation.
If you think more government intervention in these things is going to improve them, think again.
Re:Not such a good idea (Score:3, Insightful)
they've bailed out some companies while letting others fail with no clear motive
Actually, the motive is very clear, at least in the case of General Motors. It's spelled "Labor Unions".
Pretty simplistic view of a complex situation. It might also be spelled "saving one of the last major US owned industrial companies". Or maybe it's spelled "preventing the uncontrolled and disastrous collapse of economies of Michigan and Ohio." What's it spelled when both the UAW and bond holders of GM are told by the Obama administration they both need to make major concessions or GM will go bankrupt? Or what's the spelling of the cost of sorting out the pension mess would exceed the amount we've loaned to GM? The spelling of not wanting hundreds of thousands of additional long term unemployed during the worst recession in 75 years would be interesting, too.
Yeah, Obama has a political debt to the UAW, but the reason the administration is going to such extraordinary lengths for GM extend beyond just that debt. That you see the entire situation as boiling down to supporting unions says more about your ideology than what's actually at stake.