Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Government The Internet United States News

New Bill Could Shift Federal Cybersecurity Work From DHS To White House 94

CNet reports on legislation currently being drafted that would transfer federal cybersecurity responsibilities away from the Department of Homeland Security. Instead, they would fall under the authority of the Executive Office of the President, creating an Office of the National Cybersecurity Advisor. A tech commission recommended relieving the DHS of cybersecurity responsibilities late last year, saying it simply wasn't prepared to deal with organized online threats. More recently, the director of the DHS's National Cybersecurity Center resigned, citing interference from the NSA. The new legislation would "put the White House National Cybersecurity Advisor in charge of coordinating cyber efforts within the intelligence community and within civilian agencies, as well as coordinating the public sector's cooperation with the private sector. The advisor would have the authority to disconnect from the Internet any federal infrastructure networks — or other networks deemed to be 'critical' — if found to be at risk of a cyberattack. The private sector will certainly speak out if this provision is included in the final draft of the bill, a representative of the technology industry who spoke on condition of anonymity said."
This discussion has been archived. No new comments can be posted.

New Bill Could Shift Federal Cybersecurity Work From DHS To White House

Comments Filter:
  • by Anonymous Coward

    "The adviser would have the authority to disconnect from the Internet any federal infrastructure networks -- or other networks deemed to be 'critical' -- if found to be at risk of a cyberattack."

    • Nor will anybody who offshores support, I wouldn't think. It hasn't been more than 72 hours since the last time I saw an on-line post from somebody far, far away from my dungeon asking for advice on how to deal with a particular type of data - using the real data as the example in his question.

      Data and networks supported from afar by people who only have a financial interest - and a weak one, at that - in their security are inherently insecure.

      • Support of offsite networks by people only motivated by money isn't the only problem. I recently flew on an airplane where the guy in front of me was working on a toughbook that clearly stated "do not connect to any network" had no visible usb ports and was being used to work on the design of what appeared to be a military helicopter.

        Security will always be a problem when people work on confidential/secure matters in public places.

  • by RagingFuryBlack ( 956453 ) <NjRef511@@@gmail...com> on Sunday March 22, 2009 @08:36AM (#27287555) Homepage
    Great, so instead of the DHS being the only great fear monger, we now are going to create a new office to replicate it? How is DHS not the most logical place for cybersecurity? Intelligence is there, let THEM act on it. No need to increase the size of the government and have some other moron (who probably didnt pay his taxes) waiving his arms around at a puff of smoke...

    -1: Obamahater
    • by AliasMarlowe ( 1042386 ) on Sunday March 22, 2009 @09:18AM (#27287699) Journal
      Something tells me that the DHS "Ministry of Love" will not lose all of its capability in cybersecurity scaremongering and related sabotage of citizen's rights. Instead, the White House will just have a "Ministry of Truth" spreading its own brand of FUD and fostering oppression of legitimate activities. Expect considerable inconsistency between the two, possibly including persecution competitions: "we're tougher than them" and suchlike.
      • Re: (Score:3, Insightful)

        by CAIMLAS ( 41445 )

        I'm not entirely sure if this will play out as you think it will, but I'm certain it's not good news for us "consumers" - previously known as citizens.

        DHS, at least, has bureaucracy to worry about and fight through. The Executive is, essentially, the President. Thats worrisome: the Presidency already has substantially more authority than the President did 4, 8, or 12 years ago. Bush drastically increased that authority, and Obama does not seem like the kind of person who wouldn't use it to its fullest exten

    • Re: (Score:2, Interesting)

      by BrokenHalo ( 565198 )
      I don't have any conviction one way or another, but saying that the DHS "isn't prepared to deal with organized online threats" doesn't provide a convincing rationale for having the similarly unqualified president's office take over the brief.
    • by volpe ( 58112 )

      and have some other moron (who probably didnt pay his taxes) waiving his arms [...]

      -1: Obamahater

      I see you're against gun control as well.

  • This whole exercise, and an entire swath of the federal Ministry of Freedom, could be eliminated if 95% of the computer-using population wasn't indoctrinated to use a shoddy, unsafe, and feeble operating system, Windows, which is insecure by design.

    Cyber-security my ass. It's just another gear in the machinery of government control now.

  • Finally! (Score:3, Funny)

    by DoofusOfDeath ( 636671 ) on Sunday March 22, 2009 @08:57AM (#27287621)

    Antivirus software I can believe in!

  • On one hand (Score:3, Insightful)

    by gravesb ( 967413 ) on Sunday March 22, 2009 @09:04AM (#27287639) Homepage
    It's good to see that the White House thinks cyber security is important enough to move it into the Whitehouse, where they will be closer to the President and better prepared for power struggles. On the other, wasn't DHS supposed to cut through all the bullshit of turf wars to make us secure, or at least more so? If they can't do so, what justifies the new cabinet position and the accompanying increase in government size?
    • by Quothz ( 683368 )

      It's good to see that the White House thinks cyber security is important enough to move it into the Whitehouse,

      The White House hasn't said anything about this proposed legislation.

  • by Wingsy ( 761354 ) on Sunday March 22, 2009 @09:10AM (#27287665)
    "The adviser would have the authority to disconnect from the Internet any federal infrastructure networks -- or other networks deemed to be 'critical' -- if found to be at risk of a cyberattack."

    Looks like the entire US government is going offline soon.
    • That sentence was poorly worded, I believe the intent is that the systems will be taken offline just before a cyberattack actually happens so that the government can continue to function, and then reconnected when the attack is over. At least, I hope that is what the intent was...
      • Maybe. A lot of government networks don't need to be connected to the Internet though. It is fairly common to have insecure and classified networks in places that have security concerns, where only the insecure network is connected to the Internet and the internal network has no physical connection to any other net. People often end up with two computers, one for classified and one for unrestricted material.
        • If your lan isn't connected to the internet there's zero possibility of intrusion - although I've heard stories about people manually copying classified data from secure systems. (Blocking a deliberate intrusion by a person using the actual machine is another problem entirely) . Still, this is only logical if your lan is contains sensitive material and doesn't need to be on the 'net. It's not clear how they could "disconnect" an entire agency from the internet unless the agency's computer network is purpo

        • by Wingsy ( 761354 )
          Hey, I have a network just like that, only my insecure network (Windows XP Pro under Fusion) is restricted to only one connection, to my secure network (OSX), which is free to roam the web with reckless abandon. :)
  • Abolish DHS (Score:5, Insightful)

    by Whammy666 ( 589169 ) on Sunday March 22, 2009 @09:16AM (#27287687) Homepage
    How about we abolish the DHS altogether? What an expensive boondoggle it turned out to be. The worst part is that it got formed because the various intelligence agencies were engaged in turf wars and refusing to share info on possible threats to the US. The solution? Create another monster agency. Sigh.
    • Re:Abolish DHS (Score:4, Interesting)

      by Antique Geekmeister ( 740220 ) on Sunday March 22, 2009 @10:42AM (#27288151)

      I'd support dropping DHS as a ludicrous "master agency" whose proposed components correctly ignored it. But who will handle cyber security, which is in fact a large and growing problem.

      FBI? Not competent, and can't deal with international issues.

      CIA? Also not competent, and can't legally deal with national issues.

      NSA? They have the technical expertise, but no political sense. They're far, far, far too criminal, and primarily takes in information: they seem congenitally handicapped from giving out necessary or truthful information. (See their Clipper Chip and Skipjack fiascos, that "so complicated no one can be bothered with it" nightmare known as SELinux, their warrent-free tapping of the AT&T backbones with fiber-optic splitters and secret rooms, and numerous misadventures for the last 30 years.)

      Secret Service? Less competent than the CIA, despite their existing role in handling wire fraud, which they do very badly.

      DIA? Apparently competent, but _not_ legally equipped to deal with civilians.

      The result is that there is no agency with the legal support and the technical capability to deal with this mess, especially since so much of it is the fault of the federal government for their history of insane policies on encryption and authentication technologies for public use. (Do you low-numbered Slashdot users remember Phil Zimmerman's PGP legal problemas, and having to sign multiple documents to get DES enabled versions of operating systems, and the craziness of 80-bit SSL keys?)

      • But who will handle cyber security, which is in fact a large and growing problem.

        Really? Maybe there should be a single agency to handle government cyber security problems on government networks, but why does the federal government need to handle cyber security for businesses and citizens?

        If someone breaks the law then the FBI can go after them, but no one should be in your computers from the feds telling you what or what you can do with your security setup.

    • Re: (Score:2, Interesting)

      by amck ( 34780 )

      Bad understanding of the purpose of creating the DHS.

      To the classic question "who watches the watchers" (and avoid your govt being overthrown and controlled by the intelligence agencies, pace Putin), the traditional answer is "each other". Create mutually antagonistic agencies, preferably in triplicate, fighting over turf, and reporting as high as possible up the chain of command. Eg. CIA, reporting to Defense, FBI reporting to Justice, Secret Service reporting to Treasury. All with overlapping responsibil

      • I don't know if antagonistic agencies is a good idea or a bad idea. On the plus side you have separate agencies looking at each other. In theory, no agency gets too powerful. On the negative side there are gaping holes where the responsibilities of the agencies meet.

        History has another example where it arguably did not work so well. Hitler organized the Nazi party and the German government in this way. There was a lot of turf wars in the Third Reich. Hitlers personal security was an example of this.

        • by amck ( 34780 )

          I'm not sure where the "gaping holes" come from: it's the other way round; there should be overlapping responsibilities, leading to turf wars (deliberately), with each agency looking for the flaws in the others.

          As for the German use of the method, I'd say it was very successful: the turf wars were deliberate. Perhaps including the Secret Service in the first example was misleading: the S.S. is responsible not just for presidential security but also wire fraud, etc. As such it is a treasury agency (and one o

      • Now consider what happens under Obama. The DHS will be quietly dismantled; every excuse to split power back up into different agencies will be taken.

        That's a nice rosy view of the future, but not one with much credibility. I don't see any move toward dismantling the DHS, quite the contrary. What I'm seeing are moves to consolidate power into the (politically controlled) White House.

        He is also planning on moving other traditionally non-partisan functions under control of the White House, Rahm Emanuel and other ideologues, such as The US Census [govexec.com], which controls representation in Congress.

        He's also busy building an army of activists [barackobama.com] that have pledged t

        • by amck ( 34780 )

          I disagree that this is about political control of cybersecurity. Rather there are two goals: (1) cybersecurity vs the NSA, and (2) Dismantling the DHS as an institution over time.

          I take the former Directors resignation at face value: the Center say very badly within the NSA. The NSA has / had conflicting roles here:
          (1) Find weaknesses in "enemy" firewalls, etc. Use them to gain intelligence.
          (2) Fix weaknesses in "our" tech.

          When it was set up, the Enemy was the Soviet Union, the technology their ciphers. To

      • I'll believe it when I see it. Dismantling government agency power has most certainly not been Obama's agenda in the scant months he's been President. In fact, it's quite the opposite.

        What are the notable things Obama has done in his Presidency so far? He's substantially increased government control of the private sector, ensuring private industry and banking will be beholden to government for a good time to come. He's increased the power and responsibility of various agencies (by unconstitutional fiat) sub

        • by amck ( 34780 )

          This is not about dismantling government power: its about the organization of that power.
          Don't confuse this with the usual republican/ democrat small government debate.

          Its about the reins of executive power meeting at the president, and not below. The point is how dangerous the DHS is/was:
          traditionally the FBI reported through Justice to the President, CIA through DOD to the President, etc. Now they report through
          the DHS to the president. Whoever controls the DHS can feed the President bullshit and subvert

    • so some bad happens. Who do you report it to? Local police?
      State police?
      Federal police? And if so, do you mean:
      FBI?
      CIA?
      Department of Homeland Security?
      National Security Agency?
      Peace Corps?
      Coast Guard?
      National Guard?

      We don't need another agency. We need about half of these dissolved / merged so it's understandable who's in charge of what!

      • Local Police - Most Criminal Matters
        State Police - If you're out on the highway or something
        FBI - If the crime breaks state lines
        CIA - If it's more to do with espionage and spy stuff overseas
        DHS - 'Helpdesk', supposed to have contacts with the rest
        NSA - Why are you considering calling these guys? They're the security guards of the government.
        Peace Corps - ???
        Coast Guard - You're lost on around the coast?
        National Guard - It's a natural disaster, but you should probably get ahold of FEMA first.

        Each of these

      • by CAIMLAS ( 41445 )

        You're right, it would be better to increase the ranks of the National Guard and, when they're not on active duty, they can just take over the role of police officers! After all, most cops are ex-military anyway, right?

        Or, I know! Let the CIA take over the role of the FBI. Because they both do the basic same thing, right?

        Or the Coast Guard can take over the State Police jobs. Because they've got similar mobility and response requirements.

        (That was sarcasm.)

        You're either a troll or lacking knowledge about th

  • by quibbler ( 175041 ) on Sunday March 22, 2009 @09:16AM (#27287689)

    You know, the framers of the constitution wanted inefficiency to be built into the government, it prevented it from being 'too good' at robbing citizens of our rights before we knew it was happening.

    This whole administration is dangerous.

    • Re: (Score:3, Insightful)

      I'm no constitutional scholar, but I suspect that inefficiency was meant to be applied to Congress, not to the Executive Branch (which DHS, CIA, NSA and other TLAs are part of). The inefficiency was meant to prevent bogus laws from making it on the books. (you can argue that the inefficiency fails at this, but that was its purpose), not to prevent gov't from enforcing the laws it does have.

      • Actually, the inefficency was supposed to apply to all three branches. They called it 'checks and balances'. The intention was, in theory, (and you can read up on that in 'The Federalist Papers'), keep the Federal government small, weak, and inoffensive. Let the States handle local stuff, the Feds handle national defense, and leave the citizens the hell alone to pursue life, liberty and happiness.

        Didn't last a generation, [wikipedia.org] of course.

    • Re: (Score:3, Informative)

      by Quothz ( 683368 )

      This whole administration is dangerous.

      I was not aware that the administration was responsible for Congress' proposed legislation or a commission's report. Let's at least wait until the White House has issued some sort of statement before condemning Obama over this.

    • by maxume ( 22995 )

      DHS is already under the purview of the Whitehouse. The article doesn't discuss if the director of Office of the National Cybersecurity Advisor would be subject to congressional confirmation (DHS is), but they could be.

      If they are mostly advising the president on what other agencies should be doing (rather than implementing things), the change doesn't hurt anything at all (and not running everything through DHS is probably better).

      • DHS is already under the purview of the Whitehouse. The article doesn't discuss if the director of Office of the National Cybersecurity Advisor would be subject to congressional confirmation (DHS is), but they could be.

        If they are mostly advising the president on what other agencies should be doing (rather than implementing things), the change doesn't hurt anything at all (and not running everything through DHS is probably better).

        All these appointments of any people to a offices and consul positions, reporting directly to the President, must by law be approved by the Congress (typically the Senate). That's right in the Constitution:

        and he shall nominate, and by and with the advice and consent of the Senate, shall appoint ambassadors, other public ministers and consuls, judges of the Supreme Court, and all other officers of the United States, whose appointments are not herein otherwise provided for, and which shall be established by

        • by maxume ( 22995 )

          Read what you quoted:

          "but the Congress may by law vest the appointment of such inferior officers, as they think proper, in the President alone, in the courts of law, or in the heads of departments."

          When Congress establishes a position, they can forgo having to confirm it.

          • So when did they establish the "Energy Czar"? How about the "Drug Czar"?

            Note also that it says "may by law vest the appointment", meaning that unless a law specifically states that the appointments may be made without their approval, then they have to confirm it.

            That's a far cry from what has been happening since the Clinton administration (or was there precedent before that), where the president just decides he needs a new adviser, creates the position out of thin air, and sticks somebody in it.

            • by maxume ( 22995 )

              http://en.wikipedia.org/wiki/Drug_Czar [wikipedia.org]

              Nice that you ragged on Clinton (that link doesn't demonstrate that every person working for the president is doing so with congressional approval, it just demonstrates that you are making an awful lot of assumptions...).

              • http://en.wikipedia.org/wiki/Drug_Czar [wikipedia.org]

                Nice that you ragged on Clinton (that link doesn't demonstrate that every person working for the president is doing so with congressional approval, it just demonstrates that you are making an awful lot of assumptions...).

                Should have known it was Ronald "Just Say No" Reagan that appointed a drug czar, but at least he got congress to approve it. I think I made it obvious that I didn't really know when these non-congress-approved positions started, only that it's illegal and should stop. It looks like it was Nixon that started it [crystalcle...vative.com].

                • by maxume ( 22995 )

                  Do you have a list of positions that you have good reason to believe are not approved by Congress? That's the assumption that I am talking about.

                  • Do you have a list of positions that you have good reason to believe are not approved by Congress? That's the assumption that I am talking about.

                    Seems I posted the wrong link. It should have been this one [latimes.com].

                    It talks about, among others:

                    • DeParle as healthcare policy coordinator
                    • Carol Browner as energy czar
                    • Adolfo Carrion Jr. as urban affairs czar
                    • Paul A. Volcker as economic czar

                    None of these people, as far as I can tell, have any authorization from Congress to do anything or even be part of the administration. Yet they act as "consuls" and report directly to the President.

                    • by maxume ( 22995 )

                      The water gets muddy (those folks can at least threaten to get El Presidente on the phone, whether they have real power or not), but should Bush II have gotten permission from Congress to talk to his daddy (ostensibly, Bush Sr. gave Jr. advice at least once...)?

    • Like the last 8, 16, 32 haven't been? Powerful groups, almost by definition, are dangerous.

  • Not really. (Score:3, Insightful)

    by lwap0 ( 866326 ) on Sunday March 22, 2009 @09:18AM (#27287701)
    I think the current cyber security guy quit for a number of reasons, not the least of which was the NSA - he also couldn't get much support from his own team in DHS. For those who actually swim in those waters, everyone major three letter government agency has their own 'cyber taskforce'. And they'll be dammned if they're going to share or collaborate any of their work with others - just mention the word 'cyber', and congress will start dumping a ton of funding on you. You start taking that away, and suddenly things get personal - now you're talking cash, and you always want more funding. It's also aggravated by mission creep - suddenly another three letter agency adopts a mission similar to yours, but this is YOUR mission, you're the experts, everyone else can go hang. Most agencies will not bow to another no matter how the executive office structures it, plain and simple. While I think that the executive office taking the lead role is probably a sound move, a part of me wonders if it's just more bureaucratic shuffling that achieves nothing.
    • Re: (Score:3, Interesting)

      everyone major three letter government agency has their own 'cyber taskforce

      This is first and foremost a turf war over a potentially huge budget. Broadly speaking the battles are between civilian and military agencies but an incredible amount of infighting is being waged within each group.

      It's not clear what the White House is thinking here. I rather doubt it is a naked power grab. More likely they are looking either to (a) park this in the White House until things shake out and calm down or (b) are lo

      • by Quothz ( 683368 )

        It's not clear what the White House is thinking here.

        Probably the White House is thinking, "Huh? Why is everyone screaming at us about proposed legislation in Congress?"

  • Good and Bad (Score:5, Insightful)

    by WindBourne ( 631190 ) on Sunday March 22, 2009 @09:38AM (#27287763) Journal
    First, DHS is staffed by total incompetents. I used to work with two of their original top ppl. They were a group that was loyal to W and the neo-cons first, then loyal to the corp, finally, loyal the nation. Total idiots.
    Second, NSA was suppose to have this. It is their job to protect our electronic frontier. They were doing a good job of it (QUIETLY), until DHS jumped in. And as to the interference, it was a good thing. DHS was back to trying to push America on one standard.
    Finally, I am not convinced that moving this into the white house is a good thing. For our operations to be protected, it is going to require a NONE POLITICAL GROUP. NSA is OVERALL A-political. The white house by definition is political. Even if Obama is moderate (not sure that he is), and tries to be none political, it is certain that everyone around him IS political.
  • Executive branch (Score:3, Interesting)

    by eples ( 239989 ) on Sunday March 22, 2009 @09:48AM (#27287811)
    Isn't the DHS within the Executive branch anyway? They do what the President tells them. What difference does it make if it's physically there inside the white house.
    • by bobcote ( 304341 )

      The difference is that the White House has problems distinguishing between what is politically expedient and what is illegal.

      Middle to lower level people at agencies outside of the White House may be staffed with career officials and not as many political hacks as the halls of the White House.

        (When the president does it, it's not illegal thinking)

  • You know what other society went down in flames after concentrating all the governmental activities under the Executive?

    • You know what other society went down in flames after concentrating all the governmental activities under the Executive?

      Are you referring to the Roman Empire having its power concentrated in the various Caesars?

      It's silly to say that we're in the same boat as them. What really killed the Roman Empire was trying to impose its political and military will far more broadly than it could manage. We should be fine!

      • by CAIMLAS ( 41445 )

        Saying there was a single cause to the Roman decline and falls is myopic. The causes are many and varied - endemic to the Roman culture and political system, just as our problems are. Sadly, many Roman societal faults are being mimicked by our country (USA) and our culture (Western society as a whole):

        - Currency devaluation
        - Loss of a societal will and identity
        - Increased 'multiculturalism' without assimilation followed by overwhelming foreigner immigration
        - Bread and circuses
        - Political power consolidation

  • Hey, guys, we support this. Why all the hate? An unnamed industry representative spoke to CNet and said "leadership is needed at the top" on this issue. He or she further went on to note that "we'll have views" on such an agency if it goes into legislation.

    Seriously, what's up with the anonymous coward "industry representative" in TFA? The only reason I can think of to remain anonymous on this issue would be if that person has an ulterior motive he or she would prefer not be visible. It's stupid, he or she

  • by RogueWarrior65 ( 678876 ) on Sunday March 22, 2009 @10:35AM (#27288107)

    Clearly this administration has no regard for the Constitution and the fact that this sort of power-grab is precisely why the branches of government where created the way they were. The fact that this cybersecurity department would report to the executive branch means that it doesn't report to Congress aka The People. Congress could demand transparency all they want and the Office of the President can tell them to go pound sand...once the department is created. Doing things under the guise of FUD and then absolving themselves of any responsibility is the hallmark of this administration. Notice I didn't say Obama. IMHO, he's not savvy enough to pull this stuff off on his own. IMHO, the real power lies behind the throne.

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Sunday March 22, 2009 @11:43AM (#27288511)
      Comment removed based on user account deletion
      • IMHO, the guy isn't too bright when he's speaking off-the-cuff i.e. no teleprompter or prepared speech. That's why I believe he's being fed talking points framed by others who were NOT elected. But beyond that, your second point suggests that he contradicts the 10th Amendment "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people." Which says that if it isn't written in the Constitution and the Amen

        • Actually, it seems most people don't even understand the first amendment. They think it only applies to speech they agree with.
    • by gclef ( 96311 )

      What the fuck are you talking about?

      For one thing, right there in the summary it says that this is being proposed in a bill in Congress, so the administration isn't doing this unilaterally, Congress is proposing it.

      Also, all of the groups involved are already reporting to the Executive, because they're SUPPOSED TO BE. Congress does not do the operational work of the government, they write the laws, and hold the purse strings. The Executive branch does the actual work of implementing the laws. That's what

  • great (Score:4, Insightful)

    by Lord Ender ( 156273 ) on Sunday March 22, 2009 @10:40AM (#27288137) Homepage

    Every four to eight years, we will be replacing all the networking equipment, even the cables, with parts from, coincidentally, the company that donated the most to the President's campaign.

  • Personally, I couldn't care less if certain government owned and operated resources are taken off line. However, start messing with the internet at large, and you've got some rather significant problems...many businesses, for example, have grown to rely very heavily on their internet presence - so much so that just a few hours offline could cost them millions. There is simply too much in the private sector that is dependent on the availability of that connection - it's not something you'd want to toy with t

  • It sounds like they're recommissioning the Black Chamber.

  • So now the Obama administration has moved both the census and Internet security under his watch. What is the President planning?

You are always doing something marginal when the boss drops by your desk.

Working...