Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Federal Cyberspace Policy Draft Released 187

Posted by timothy from the left-hand-meet-right-hand dept.
mh_cryptonomicon writes "The initial public draft of the National Strategy for Securing Cyberspace was released today. This document outlines the Administration's plan for ensuring that the Net remains a 'good neighborhood.' Following the release of the plan, the Administration's Cybersecurity team will take it on the road for discussions with the people about what can and should be done to protect and defend the net. More information (and the 65 page draft) can be downloaded from the White House's Critical Infrastructure Protection site. This draft is considerably smaller than the 3300 page monster it was reported as being. Commentary is starting to pop up everywhere, including www.cryptonomicon.net/blog/."
This discussion has been archived. No new comments can be posted.

Federal Cyberspace Policy Draft Released More

Federal Cyberspace Policy Draft Released

Comments Filter:

  • Pretty Decent NY Times Article (Score:5, Informative)

    by Over_and_Done ( 536751 ) on Wednesday September 18, 2002 @04:54PM (#4284922)
    Good article about it here. [nytimes.com] Don't worry, this is the printer friendly version, so you don't have to register.
  • Shouldn't any draft conserning the Internet have been influenced by the people that created it and maintain it? Hackers (white hats ofcourse), Admins, Colleges, and who else have you. Ofcouse we all know thats never going to happen. Hopefully it doesn't get to the point were every nation or union has their own rules and starts extradighting people for something they did online.
  • This is how it works...

    Slashdot users DoS whitehouse.gov to see the plans thay MAY quash internet freedom - government uses this as evidence to carry out these anti-terrorists prototection plans for the internet. /. editor Timothy named terrorist #1. IT'S A SETUP!!!!

  • They're going to put this on a political road shw? (Score:5, Insightful)

    by tcd004 ( 134130 ) on Wednesday September 18, 2002 @04:59PM (#4284956) Homepage
    Come on. No true thourough review will come from having "town meetings." This is just a public stunt to make people feel like they have input in drafting the policy. My bet is that this thing is already signed-sealed and delivered.

    If they really wanted a quality review they'd submit it to 20-30 different universities, think tanks and businesses and individuals who are integral to studying the internet. By doing reviews in a "town meeting" format, they might as well just put it on a call in talk show and have the callers "draft" the policy.

    I don't mean to put down the quality of input that ordinary "citizens" can add to this policy, a town hall is just not the way to do it.

    hrumph.

    tcd004

    Read Richard Gere's Ass Zoo, really [lostbrain.com]

    • Re:They're going to put this on a political road s (Score:5, Informative)

      by Winged Cat ( 101773 ) <[atymes] [at] [gmail.com]> on Wednesday September 18, 2002 @05:10PM (#4285041)
      Yeah, that was my impression, too:

      "'Discussion'. Yeah. Right."

      Still, from what I've heard of the plan, it's not too bad. Main points seem to be primarily relying on increased security awareness (come on, sysadmins of the clueless newbies, admit it: you've wished, at least once, that all new users of the chunk of the 'Net you control would have to get some decent training about what a virus is and how not to get one - well, that's about what they're advocating) and reliability rather than monitoring (not "scan all the traffic looking for something nasty" but "lock down the ports so nasty things don't happen" - i.e., prevention).
      • > "lock down the ports so nasty things don't happen"

        Oh, I dunno about that. I've been getting email for the past 15 years or so on an mit.edu account where I get several virii each day, and so far none of them has done any harm at all. Of course, I use a plain-text mail reader on a FreeBSD system, so they can't do any damage. The messages that contain a virus are usually pretty obvious. If they grow to hundredss per day, it'll be a problem, but so far it's less of a bother than the Chinese "big5" spam messages.

        The real public education should include pointing out that the "virus" problem is 99% due to Microsoft's insistence on delivering software that is susceptible to such things, despite the fact that we unix geeks knew how to prevent the damage before there was even a Microsoft.

        Publicising the fact that viruses are almost entirely a Microsoft problem would go a long way toward getting the problem fixed. We should be asking the media and the National Strategy for Securing Cyberspace people why they aren't pointing this out.

      • I think that this is important because the problem areas I had with the previous proposals (national databases, etc.) and I think that although the federal government should be more incolved in CERT and other security organizations, I think the Administration is right that this is best accomplished by public-private partnerships.

        The initial idea if a national network operations center would have created an interesting target, which could have been compromised as well, and the appoitntment of a privacy czar might have added legitimacy to the dubious effort, so I am glad to see the whole thing dropped.

        All and all, I like this draft.
  • Does this hurt or improve our chances of living in a technological anarchy manipulated by television stations?
  • As said in the article "...what can and should be done to protect and defend the net. "

    Does this mean they will protect our free nudie sites better?

    Karma: Pimp (mostly affected by your pimphood and your bitchin comments)
  • I realize that many, myself included believes the net should be completely free from censorship. After growing up a little and having children and responsibilities I think that this may not be the case. I personally advocate different levels of the net. Much like AOL vs the net. Where AOL is a very sheltered censored version of the net and the web being everything. There has to be some way to filter out the massive amounts of porn kiddie porn, and illegals. I admin a two offices and periodically check outgoing connection just to keep a tab on things and it amazes me how much people look at porn, and waste time lots of it. I know it's your right but damn. I would love to see the net segregated into tared domains. the first being child and educational environment friendly, the second enveloping commercial work, then the last tared no holds bard. This way parents employers have more control on content.
    • exctly why they need a tightly controlled .kids domain witht strict set of requirements.

      that wouldmake it darn easy for the average person to set up a filter.

    • And spammers are restricted to just the 3rd section.

    • Security suggestions are fine, content control (other then legally persued methods) arn't.

      As far as I know the article doesn't deal with censorship or porn or anything like that.

      And as far as that is concerned, I think censorship is dangerous. Putting one group in control of deciding what is and what is-not appropriate is just a Bad Idea. Tools are already available for you (as an admin, and a parent) to censor, watch, control, and report those areas. A requirement for that to be freely available (from the ISP?) is one thing, but requiring all content providers to be policed by one central group is another IMHO.
    • And who regulates the sites from North Korea who get a BeanieBabies.kids domain, goes through the whole review process, and then later change its contents to porn? Who cuts off BeanieBabies.kids?

      And who makes the decision about swimsuit models and child models? Selling bathing suits and lingerie, or pornography? Selling diapers, or kiddie porn?

      That's the main problem. There is, and can be, no one controlling entity with real enforcement rights.

      And yes, I do have kids. AOL, for all its many faults, IS not too bad at regulating and allowing parents to lock down kids accounts.


    • I realize that many, myself included believes the net should be completely free from censorship. After growing up a little and having children and responsibilities I think that this may not be the case.

      I've always believed in personal freedom and an Internet free of censorship too. I grew up. I started a family. I served in my country's military. I traveled a few areas of the world. And I saw what it is like when a culture embraces censorship.

      And I can't disagree with you more. Your tiered system begins falls clearly in to the classic problem of censorship - who decides what goes where. By who's authority? By who's standards? And then... at what cost?

      Worried about what your kids are doing? Be involved in their activities. Worried about what your employees are doing? Why? Are they failing to meet their expected performance? And if their performance is suffering - does it really matter if its because they spend all morning reading a newspaper, chatting with coworkers, or browsing the web?

      If you want AOL - subscribe to AOL. Leave the Internet alone.

      Oh. And nice troll.

      • There would be no censorship, just classification. Lets take the three tiered approach. .kids, .com, .foo these are just three examples the .kids is regulated by some UN council which determins content based on worldwide suggestion. leaving further filtering up to each country. Then the .com which woudl be deteremined by some commerce group, so strickly companies sellign product or related. then .foo for everyone else. then perhaps a .edu .med etc. for educational matter. So everyone would have access to all three groups, but this would allow easier filtering for companies, schools homes. you see my point.


        • There would be no censorship, just classification.

          Yes, yes. But the whole idea of this "classification" is to censor traffic. Who says what belongs to what group? Take a look at the net filter software being sold "to protect the children". The scandal with these products is that the block list is often hidden and when they come to light, they are full of some very questionable classifications.

          Classification is the first step to censorship.

          .kids, .com, .foo these are just three examples the .kids is regulated by some UN council which determins content based on worldwide suggestion.

          The UN has that kind of authority? How about the EU? How about the US Government? What happens when local ideals conflict? Say... publishing the text of Hitler's Mein Kampf which is legal in the US but very illegal in Germany?

          I see your point. And I find it flawed.
  • ... of the Internet.

    WTF is this a picture of anyway? There seem to be a lot of spooks like this in here.
    • personally I love the DNS name registration graph on the page before it, can you believe that "cyberspace" has grown almost 100% since 1991! What a load! Here is my question where would you register your IPv4 FQDN for the internet while on a dial-up BB with your c64? I'll give them one thing they are awefully SCARY looking graphs! Just the kind of thing you would need to create an emergency requiring new and drastic legislation!

  • Perhaps he meant "do his part" (Score:3, Funny)

    by sam_handelman ( 519767 ) <samuel.handelmanNO@SPAMgmail.com> on Wednesday September 18, 2002 @05:03PM (#4284985) Journal
    "Everybody has to do his own thing to protect cyberspace," he said.

    Excellent, a government guideline I can get behind!

    I'll take my laptop down to the beach, get stoned out of my mind, and watch this high quality version of Attack of the Clones I finally downloaded, then take a nap.

    Wake me up when I've made the net secure - and try and explain it slowly, this south american shit I got utterly destroys you. I'll be laughing at stains on the ceiling 'til new years, no lie.
  • somebody wake up Gore!
    • Actually, that brings up a good point. Suppose Gore were President in the post-9/11 age. It seems pretty likely to me that he wouldn't have chosen a bunch of techno-illiterates and Microsoft lackeys to design a security plan. ("Strategy." Whatever.) You can argue about what he did or didn't say about "creating the Internet" until you're blue in the face, but that fact is that the people who built the modern Internet agree that Gore is a hell of a lot more knowledgeable about it than the average politician. (To say nothing about the below-average ones like our alleged President.) I don't know what we'd get from a Gore administration on this subject, but I'll bet it would be a lot better than this empty tripe.
      • Actually I am with you 100% (and thanks for not blasting at my spelling error) I wouldn't have feared Gore being "guided" into doing the best thing for "Americans" by the people I don't trust. Since its Bush's show I am going to go buy MS stock in a hurry, who else was on that technology panel?
      • I don't know what we'd get from a Gore administration on this subject, but I'll bet it would be a lot better than this empty tripe.

        Actually the document is not half bad, the problem is not in the document, it is in the follow through.

        Since the document proposes neither a tax cut nor a politically opportune war I don't expect it to get a great deal of follow through from the Whitehouse.

        I certainly don't expect the proposals to be made mandatory in any sense by this administration in this term, but then that was never going to happen whoever was in office. This is the 'cooperation phase' of regulation where self-governance is attempted.

        The real decision will be taken in 2004/5 by which time the areas where self governance has failled will be apparent and the question of coercion will appear again.

  • Is it just me? (Score:1, Offtopic)

    by Hayzeus ( 596826 )
    Or is anyone else sick of the term "Cyberspace"? Frankly, I'm pretty tired of the prefix "Cyber" when used just about anywhere.

    It's just so 1995.

  • I did a search through the document and I don't see any provisions for eliminating trolls.
  • Bah! This is just FUD, same as the old story that NATs and Firewalls will make P2P unusable, because incoming TCP connections don't work (handshake blocked)

    Simple Solution: Use UDP and an application-level error correction algorithm, plus maybe packet sequence numbers.

  • ...ensuring that the Net remains a 'good neighborhood.'

    Yeah, they'd better hurry up before we're inundated with spam, worms, trojans, and other unimaginable horrors. Oh, wait...

  • Heh (Score:3, Insightful)

    by dwaggie ( 106338 ) on Wednesday September 18, 2002 @05:13PM (#4285067)
    Gee, how are we going to police something that large? Are we only applying these rules to USA-borne servers and networks? What about networks that span international waters? I mean, there is only so much they can do. The government should worry about -its- network. If the government is that worried about there being instructions for mass terrorism or conversations between terrorists, then they should try and keep it at just an information level.. Secure the places where they can attack, and don't impinge on international, and almost other-worldly, rights.

    I say other-worldly because the Internet is not bound by the traditional geographic laws. This nation may /seem/ omnipresent in the net, but there are quite a bit of Canadians, Europeans.. you name it, they're all coming online, and they're all going to be out of the jurisdiction of this here United States of 'Merka. (that's Texan for 'America'. Look! I speak George Bush!).

    Trying to regulate the internet is like trying to catch a fish with a bubble wand.

    Yeah. It's not going to work.

    • Re:Heh (Score:2, Funny)

      by Locke!Erasmus ( 588304 )
      scp great.firewall.of.china cybersecurity@us.gov:
    • Quite right about that, but when considering other nation's rights at play in regulating the internet, a frightening idea comes to my mind (along the US' history of foreign policy and their no intervention phylosophy) where embargos, and some more subtle ways of convinving "allied" nations to enforce equivalent regulations all over the "free world" could be our every day's bread.....yuck!

      So it may prove wise to consider further on the consecuences of this on other countries than the US.

  • What the government can do (Score:5, Insightful)

    by xlation ( 228159 ) on Wednesday September 18, 2002 @05:13PM (#4285069)
    The document says in part tha the Federal government can help to "empower Americans" to protect cyberspace by:
    1. raising awareness
    2. sharing information about vulnerabilities and solutions
    3. fostering partnerships with and among private sector groups, and others
    4. stimulating improvements in technology
    5. increasing the number of skilled personnel investigating and prosecuting cybercrime
    6. protecting Federal computers
    7. promoting increased security for the networks upon which the economy and national security depend.

    It seems that for cyberspace, as for species, the best protection is in diversity. The email worms thrive not only because Outlook is flawed, but because outlook is everywhere. The same concept applies to hardware from chips to the backbone as well.

    If anything, the Gov't should play a roll as a supporter of open standards, limited patent abuse and, for starters, fixing or flushing the DMCA

  • Good neighborhood = net CC&R's? (Score:5, Insightful)

    by gentlewizard ( 300741 ) on Wednesday September 18, 2002 @05:15PM (#4285079)
    I read the words "good neighborhood" and started to seriously worry. All the "good neighborhood" attempts I've seen in the past were implemented by ruthless Neighborhood Associations, complete with Codes, Covenants and Restrictions (CC&R's) attached to the land. Buy a lot in the "neighborhood," you're legally obligated to follow the CC&R's. Most of which seem to have something to do with what color paint you can paint your house, whether you're allowed to have a basketball hoop out front, or whether the garage door can be open at times other than when you're actually moving a car in or out.

    Do we really want the whole Internet to be one big anal-retentive "good neigborhood" controlled by an equally anal-retentive Neighborhood Association?

    The reason for this approach is not only obvious, but it's the same reason CC&R's are created. Property values. CC&R's protect the property value, not the human values of living there. They elevate the property above the people. This sounds like the same thing to me, elevating the property values of commercial entities over the human values of the average person who is using the 'net.
    • As I once remarked to a friend during a discussion of the merits of zoning, the primary 'value' of your house is that it *houses* you. A simple fact that seems to have been lost somewhere along the way. What do you expect from a culture where 'value' and *price* have become virtually synonomous?

      KFG

    • Re:Good neighborhood = net CC&R's? (Score:4, Insightful)

      by Matey-O ( 518004 ) <michaeljohnmiller@mSPAMsSPAMnSPAM.com> on Wednesday September 18, 2002 @06:03PM (#4285324) Homepage Journal
      The reason for this approach is not only obvious, but it's the same reason CC&R's are created. Property values.
      I've got a different, less pessimistic, view of HOAs, It might even extend to the 'good neighborhood' that's being proposed by this draft.

      Perhaps I'm a happy sheeple, but I don't find my CC&R's particularly draconian, nor do I find them elevating $tuff over people. The homebuilder offered one of 7 floor plans with one of 12 color schemes. If I didn't like that, I didn't have to buy the product. If there are restrictions in place to prevent my NEIGHBOR from affecting the value of my property, that's good too.

      My CC&R's, loosely paraphrased, state that I need to keep the property up and maintained. I don't see a problem with that as I have a vested interest in keeping that property in good shape.

      Now flip a coin and talk about the Internet(tm). I have NO qualms with maintaining a good network infrastructure (Firewall, Virus scanning) because if I and my neighbors are compelled to do so, the Network (neighborhood) as a whole benefits from it.

      That doesn't sound like such a bad idea to me.
      • My CC&R's, loosely paraphrased, state that I need to keep the property up and maintained. I don't see a problem with that as I have a vested interest in keeping that property in good shape.

        Well if you and 99% of the world know they have a vested interest, a CC&R is not needed.

    • I'll admit that HOAs and NAs can seem like a pain in the ass, but I've seen both sides - that is, what a good (probably not well-liked) association can do, and one that is totally incompetent. It has been two years, we're still recovering from the neglect by the incompetent board, and we still have a ways to go. We have two courtyards, at least one of them (thanks to one homeowner who proclaims a special gift at xeriscaping) looks much more like a junkyard. We have two enclosures for our dumpsters, both of which recently had their gates rebuilt so that they cover the entire opening (they used to go up only halfway), except that they look as though they were put together by jr. high school shop class. We had a maintenance project that was pitched to us at one price, and three months later (after it's done, mind you), we're told that it will cost us three times the initial bid. The list goes on...and I will tell you that NONE of this would have been allowed to happen under the HOA board that we had three years ago. It was strict, but it knew what it was doing.

      I personally feel that the laws governing planned development associations need an overhaul, but at least in my case, it was one of those things where you don't realize the overall benefit until it no longer exists.

      This in NO WAY implies that I think the government ought to be assuming the role of 'neighborhood association' with respect to the internet.

    • Freaking busybodies... (Score:5, Funny)

      by tlambert ( 566799 ) on Wednesday September 18, 2002 @07:07PM (#4285625)
      Freaking busybodies...

      I will put my router up on cinderblocks in my front yard if I damn well want to...

      -- Terry
    • And in the real world, if you don't like it, you have the freedom to move. Or better yet, get a bunch of like-minded people together in your neighborhood council, and change it to what you want it to be.

      We have our opinion that we don't want larger powers looking over our shoulders, telling us what we can and cannot see or do. That's our community here on SlashDot. But on the flip-side, you have to honor those, like my parents, that just want to get on the internet to check their stocks & read the sports, without running into a dozen pop-under ads & crap in the email.

      The world does not have to have a mutually exclusive, singular solution. It would be silly of us to give up all controls to the government without a fight; and if it comes to that, we vote the bums out. I'm putting my faith in the good ol' capitalist methods... Maybe ISP#1 only has sports, and ISP#2 only does electronics, but somewhere there will be an entrepreneur that will make a mix that we like. Like residents on a property, we can pick yourself up and go...
    • Something I noticed:
      "Neighborhood Association" = N/A

  • Cyberwar: How Terrorists Could Defeat the U.S. (Score:3, Interesting)

    by irishkev ( 457679 ) on Wednesday September 18, 2002 @05:17PM (#4285093) Homepage
    A few days ago, I wrote an essay called, "Cyberwar: How Terrorists Could Defeat the U.S., and Why They Won't."

    www.cryptogon.com/docs/cryptogon_cyberwar.pdf

    It discusses physical threats to information infrastructures that are almost never mentioned publicly.

    NOTE: Acrobat 5 is required to view the document.

    WARNING: The information contained in this document is intended for educational purposes only. Anyone who attempts to undertake what is described in the "Possible Terrorist Scenario" section will be committing an act of war against the states involved. I am NOT encouraging anyone to carry out what is described in that section. I am exercising my First Amendment right to free speech to make people aware of the dangers posed to the global information infrastructure. Our society relies on these technologies, and an open discussion of the threats to these technologies is necessary in order to defend them.

  • How to tell if it's serious, or just more wonkage (Score:5, Insightful)

    by ethereal ( 13958 ) on Wednesday September 18, 2002 @05:18PM (#4285101) Journal
    • Do they take software makers to task for poor quality software and/or insecure software which create the majority of security expenses for industry and the government?
    • Do they demand more accountability from software vendors for these flaws, including potentially requiring opening specs or even source code up for inspection before using the software in mission-critical systems?

    A news report that I saw yesterday, prior to the final document release, seemed to indicate that this report does not take insecure software makers to task for their role in the security crisis. If the final draft of the document keeps the kid gloves on like that, then I don't think this is going to be a very useful starting point for the government.

    Probably the single best thing the government could do would be to set up strong security requirements for software used by any federal government branch, and enforce those requirements. Setting a high standard would force vendors to get a clue if they want to sell to the federal market, and as a by-product consumer and business software would get some help as well.

    • "* Do they take software makers to task for poor quality software and/or insecure software which create the majority of security expenses for industry and the government?
      * Do they demand more accountability from software vendors for these flaws, including potentially requiring opening specs or even source code up for inspection before using the software in mission-critical systems?"

      Feds: "Well, gee. Doesn't the DMCA do that already? What more do you want us to do?"
      • Do they take software makers to task for poor quality software and/or insecure software which create the majority of security expenses for industry and the government?
      • Do they demand more accountability from software vendors for these flaws, including potentially requiring opening specs or even source code up for inspection before using the software in mission-critical systems?

      The open source community is no better than Microsoft and other closed source vendors when it comes to releasing insecure software. The open source community needs to get its act together and use type-safe languages. Continuing to use C and C++ for security-critical software is just plain irresponsible.

      Don't give me any of that bologna about good programmers never leaving holes in their software. OpenSSL was audited and still had an exploitable buffer overflow bug. Apache has had a number of security holes. Virtually every major open source program has had multiple security holes.

      So what if the open source community patches their software quickly? A patch doesn't negate the fact that a buffer overflow bug never should have happened in the first place. Besides, some of those buggy programs will continue to be in use years from now.

  • Amusing quote from the Cryptonomicon Blog (Score:5, Funny)

    by caferace ( 442 ) on Wednesday September 18, 2002 @05:19PM (#4285105) Homepage
    "One of the most annoying features of Outlook Express is that it's default settings make it disgustingly easy for email to travel via email messages."

    Well, despite all it's security holes, I'd gather this was pretty important from a design standpoint. :)

  • I wondered when (Score:3, Insightful)

    by _ganja_ ( 179968 ) on Wednesday September 18, 2002 @05:19PM (#4285107) Homepage
    I wondered when this would finally start to kick off. There are many things that I have doubt about with this government and their obvious manipulations but due to lack of knowledge there is an element of doubt who is telling the truth. As a CCIE, networks are something I consider I know a bit about and this rings alarm bells.

    There have been a few articles now in the press that state there could easily be a terrorist attack on the internet which I merly laughted at but it seems that average joe in the street thinks that a bunch of Afganistan cavemen could seriously achive this.

    To me, this is an obvious attempt to censor the internet by using fear tactics which work due to peoples ignorance. I'm tired of this annoying propaganda and manipulation by what is meant to be a government of the people and for the people.

    This site is very interesting and certainly worth seeing the other side of the story, maybe this is why censorship is so important?

    Regardless, the net doesn't need this "protection" and I wonder if this "protection" is for my benifit in any case.

    • "There have been a few articles now in the press that state there could easily be a terrorist attack on the internet which I merly laughted at but it seems that average joe in the street thinks that a bunch of Afganistan cavemen could seriously achive this."

      With comments like this it's no wonder why we underestimated the capabilities of Al Queda. And to think /. moderators could mod up such vitrol and bigotry. Not to mention your rather self-centered wrap-up comment. Since when did the internet exist for your own personal pleasure? While you might pleasure yourself while on the internet, this is not the same thing as the internet existing to pleasure you personally. I think it's time to change the tin-foil on your head. The mind-beams are starting to seep in.

      • Re:I wondered when (Score:3, Insightful)

        by _ganja_ ( 179968 )
        A classic case of logical fallacy :argumentum ad hominem (attack the arguer and not the argument), which highlights your ignorance, furthermore, you even makeup the traits you attack; not so smart as one thinketh eh?

        But I wonder why this brought on such a vicious personal attack? History shows that censorship is only in the best interests of the censor; hence I am not in favour of net censorship by any government. As for "vitrol [sic] and bigotry", I merely state that I find it hard to believe that people living in caves in Afghanistan could launch a serious cyber attack to bring down the entire Internet, of course this only based on a professional judgement but I'll remind you of this quote from one of your earlier Slashdot comments [slashdot.org] "How do I know all this? I'm currently a freelance graphic designer and you better believe I know my shit when it comes to copyright."

        As for bigoted, this is an odd context to use of the word, the only meaning here being that I am bigoted towards terrorists, well hey if I'm going to be bigoted maybe terrorists are a better choice than just because of someone's hair colour eh? See another one of your comments. [slashdot.org] Sigh. Initially I thought this was a troll but after looking at your older posts, you seem to have some egotistical need to tell people how incredibly smart you are and how remarkably wrong they are. Congratulations on being the first in my foes list

        Earlier post missing this link [whatreallyhappened.com]

    • Not to be politically incorrect, but the US has probably made some enemies who have a bit more backing (for example PRC, North Korea, organized crime, etc) and a lot more technical savvy. If you think that the only threats are from grass-eating starving cavemen too embroiled in their own local fights, then you're underrating the other players in the the game of global realpolitik.

      Maybe most of these aren't directly terrorists (only supporting of same), but they certainly have intelligence aims and wouldn't mind causing the US economy some dislocations. Continuance of Foreign Policy or War by other means and all that jazz.

      And organized crime might love to have access to a lot of wonderful law enforcement data, and lord knows they have the money to hire a few good (well, maybe not good but competent) hackers.

      Now, I do agree that the US Gov't is taking advantage of the situation to clamp down on some other things - kinda like Canadian authorities using the invocation of the War Measures act at various times to deal with unrelated but annoying things like street-people, vagrants, etc.

      But there IS a threat. Just because you're not getting kicked in the groin every day doesn't mean someone doesn't have it on their list of things to do.

      • Well there is something here that doesn't make sense. Answer me this one question: If you do not have your own expensive TV station, radio station or newspaper, what medium would you use to get information to the world about your beliefs, goals?

        And the answer isn't John Edward.

        So, why would you want to attack that very same, very useful medium?

        Read 1984, Bush seems to be using it as a play book.
        • Did you read my comment? I do believe that the US is in fact engaged in some unfortunate self-inflicted curtailments of basic freedoms.

          That said, the threat from the bad guys isn't a fantasy. To treat it as such is foolish in the extreme. The enemy are not all grass-chewing cavemen.
  • Direct actions would be:
    - outlaw spam with serious penalties for offenders
    - make all internet relay operators and sys admins legally liable for keeping their systems up to date and locked down.
    - migrate AWAY from MS based systems. Security is an afterthought.

  • Al Gore had in creating this document.
  • Am I the only that found all that eye-candy and gee-whiz stuff in the PDF more than a little distracting? The government should concentrate more on publishing the information than on making a pretty wrapper for it.
  • Following the release of the plan, the Administration's Cybersecurity team will take it on the road for discussions with the people about what can and should be done to protect and defend the net.

    ...for values of "the people" that equal Sony, Microsoft, and the RIAA.

  • to protect and defend the net.

    Well, obviously the fist thing we need to do is get rid of that Megabyte character. Where are Bob, Dot, Matrix, AndrAia and Frisket (especially Firsket!), when you need them?

  • You're very brave, mh_cryptonomicon.

  • Rejected submission (Score:1, Informative)

    by Anonymous Coward
    The BBC [bbc.co.uk] and News.com [com.com] reports. News.com in depth multi page thang.

    This looks like it was compiled after extensive consultations with commercial inter^w^w leading experts. The
    recommendations appear to boil down to "1. Use Symantec [symantec.com][tm] and Network Associates [nai.com][tm] Products;
    2. Encourage commercial software more secure, then sell it to *everyone*;
    3. Train more experts". Am I too cynical, or are they missing
    "4. Profit!" ? (Symantec and NAI are apparently doing product
    releases to cash in?!) Where does Free software figure in these expert
    recommendations? Oh, and privacy concerns have been quietly shelved.

    Although... perhaps the news that BGP [techtarget.com] (the Internet's backbone routing
    protocol) has vulnerabilities is news outside NANOG-l?
  • Let's get this straight: here is one reason and actually one reason alone why the internet is as big a deal as it is. There is one thing that made it grow at the ridiculous rate it has. SEX. Period. Sure, it comes in handy for all kinds of things, (and yes I know it was ARPAnet and some guy in Bern ;) who made it happen) but the only reason the net has grown so fast and so large is pr0n. Only a couple of years back did regular businesses come into the picture. But only because the infrastructure was in place. And why is that? Because porn made it possible. Don't laugh, don't mod this 'funny'...it's true! So what is this 'good neighborhood' crap? Just because you might be a hypocritical puritan doesn't mean you can deny the past. BTW, I'm all for a better classification of the net; it's always baffled me that there isn't a TLD .sex or .xxx where all adult/erotic sites must reside by (inter)national law. That would have a direct impact, as censoring (by parents or employers) would be easier to implement...but something like that would be a too easy solution, wouldn't it. (yeah, I can see circumventions too, but that would be exceptions to the rule).
    • I agree completely. As Bob Cringely noted, the *second* thing that people used the Internet for was buying & selling goods, the first of course being looking for sex. The problems started to arise, IMHO, when people started poking around the Internet that really didn't understand exactly what they were getting into, then having massive heart failure because the Good Clean Internet Full Of The Total Sum Of Human Understanding turned out to be a lot of porn sites and humor columns. So it goes. Amusingly enough, having a .sex or .xxx TLD would be great; makes it easy to filter for your kids (NOT other people's kids, and NOT in public libraries) as well as easing your search time.
  • This document outlines the Administration's plan for ensuring that the Net remains a 'good neighborhood.' Translation: This document outlines the Administration's plan for ensuring that the Net is exactly what the Administration wants it to be.

  • This is kind of (Score:3, Funny)

    by SquadBoy ( 167263 ) on Wednesday September 18, 2002 @05:57PM (#4285288) Homepage Journal
    OT but I just wonder if everytime someone uses the term "cyberspace" like this if William Gibson just wants to kill himself?
  • Nothing, you have done more then enough already. . . . .

    (just get the heck off the net already and leave us alone!)
  • From cryptonomicon.org...

    One of the most annoying features of Outlook Express is that it's default settings make it disgustingly easy for email to travel via email messages.

    Well then...how the heck else is email supposed to travel :-p

  • /. spelling. (Score:3, Informative)

    by geekoid ( 135745 ) <dadinportland@y[ ]o.com ['aho' in gap]> on Wednesday September 18, 2002 @07:20PM (#4285674) Homepage Journal
    It's not spelled "DRAFT", it is spelled "DAFT"

    get it right. ;)

  • R4-2 A public-private partnership should perfect and accelerate the adoption of more secure router technology and management, including out-of-band management. R4-3 Internet service providers, beginning with Tier 1 companies or R4-10 The private sector should consider including in near-term research and development priorities, programs for highly secure and trustworthy operating systems. If such systems are developed and successfully evaluated, the Federal government should accelerate procurement of such systems. in software code development, including processes and procedures that diminish the possibilities of erroneous code, malicious code, or trap doors that could be introduced during development. R4-17 The PCIPB s Awareness Committee, in cooperation with lead agencies,

    They do realize that "trustworthy computing" name was originared by Microsoft, and has absolutely nothing to do with computer user's security and everything with software companies' "security" from the user, whoever he might be? Don't they?

  • 3300 pages? (Score:2, Interesting)

    by Dr. Blue ( 63477 )
    Who reported that it was 3300 pages???? I saw Richard Clarke about 2 months ago, and he had a draft with him at the time. Nobody got to see it, but it was in an envelope and couldn't have been more than 80 pages... I don't think it was ever envisioned as being more than that.

  • Don't take this lightly; my university will take a boltcutter to their network before they risk their NSF and NIH funding. The White House can make it stick too. "D3-7 Should consideration be given to tying State or Federal funding to IHEs to compliance with certain cybersecurity benchmarks?"
  • Although I'm sure every slashdotter is going to hate to hear it, there is an easy solution to stop the majority of the problems...

    To prevent half-assed administrators from being susceptible to worms passed over the network, all basic home internet services should be on private IP addresses, via NAT.

    No incomming connections so no worms canexploit services like IIS.
    There will be no spoofing of IP addresses, so DoS attacks can be tracked down easilly.
    ISPs could easilly monitor, trace down, and possibly block abusive machines/servers, so services like subseven would be detected, and can be blocked without stopping legitimate traffic.
    Service prices could drop, since fewer addresses are needed.

    Of course, there are many reasons that /.ers won't like that. No incomming connections means more problems trying to use Gnutella/Kazaa, no IPSec for you. You couldn't really connect to your home system from elsewhere, unless you can tunnel to a port on a system with a globally valid IP address.

    Yes, e-mail viruses are still a problem... but it wouldn't allow anyone to get remote access to your system.
  • i wonder if this will allow barking cyberdogs protecting your data(ala system shock). it would be really a bummer tho when guagers would be top haxors.

    how about black ice..implement into every computer along with drm a device to give electric shocks to the user.. orsomething. :)
  • What if the US Calvary charged in to save the besieged settlers and instead of breathless thanks, they were greeted by a veteran settlers who simply replied "Thanks. We've got it covered."

    In most of the traditional forms of security, the US Government tends to lead in expertise. The Government understands law. It understands espionage, counter-espionage and intelligence. It understands military issues. And it understands police forces. But information security is something new. It has lagged behind the civilian sector in this field. And no amount of wild hyperbole or cold-war era terminology will help.

    This new policy simply demonstrates the issue even more. There is nothing new here. It is all very standard concepts from an industry that has been on the "front lines" of infosec for decades before the US Government decided to take an interest. By now, they have things fairly well covered.

    That's not to say the US Government can't be of any help. They can add an air of legitimacy toward infosec issues for those who are foolish enough to ignore the current situation without a nod from the Government. They can support existing infosec infrastructure (and ensure that those programs they already run remain running). They can support further development of security applications and research.

    But they can't lead the charge.

Slashdot Top Deals

Know Thy User.

Close