New Legislation Would Federalize Cybersecurity 194
Hugh Pickens writes "Senators Jay Rockefeller and Olympia J. Snowe are pushing to dramatically escalate US defenses against cyberattacks, crafting proposals in Senate legislation that could be introduced as early as today, that would empower the government to set and enforce security standards for private industry for the first time. The legislation would broaden the focus of the government's cybersecurity efforts to include not only military networks but also private systems that control essentials such as electricity and water distribution. 'People say this is a military or intelligence concern, but it's a lot more than that,' says Rockefeller, a former intelligence committee chairman. 'It suddenly gets into the realm of traffic lights and rail networks and water and electricity.' The bill, containing many of the recommendations of the landmark study 'Securing Cyberspace for the 44th Presidency' (PDF) by the Center for Strategic and International Studies, would create the Office of the National Cybersecurity Adviser, whose leader would report directly to the president and would coordinate defense efforts across government agencies. The legislation calls for the appointment of a White House cybersecurity 'czar' with unprecedented authority to shut down computer networks, including private ones, if a cyberattack is underway. It would require the National Institute of Standards and Technology to establish 'measurable and auditable cybersecurity standards' that would apply to private companies as well as the government. The legislation also would require licensing and certification of cybersecurity professionals."
It will be named.... (Score:2, Funny)
Re: (Score:2)
Re: (Score:2)
It is deliberate by /., allegedly designed to cut down on inane first posts just trying to be first posts...or something.
It has backfired, though. Since all first posts are automagically down-modded, then what do you have to lose by inane first posts for the sake of first post?
From the /. FAQ(note the date-this is not new by any means):
Not such a good idea (Score:5, Interesting)
I side with Vinge in believing that segmentation of the network is a sure indicator of a government going feral.
Bruce
Re:Not such a good idea (Score:5, Insightful)
Yeah but what can we do? We're just a bunch of people that bitch and moan on slashdot.
If only there was some respected, well known figures in the tech world that could try and get the ear of people that mattered.
If only there was someone that already had advised the Obama administration, other national governments and even spoke at the UN that could raise the concerns with people that matter. :)
Re: (Score:3, Insightful)
Worse yet... (Score:2)
Controlling potable water is critical. There needs to be similar security on flood control systems. The Army Corps of Engineers, Civil Works side
OT sig comment (Score:2)
Your sig is dumb. You can buy 1U dual opteron systems for like $150. I have one I'll sell you for that price, in fact. It's an IBM with IPMI and 2GB, expandable to 12GB.
Re: (Score:2)
But are the parts new and under warranty?
Re: (Score:2)
Yeah but what can we do?
A lot of election races are dead-heat races. Imagine if you organized a grass-roots program to vote for the guy you wanted who supported your viewpoints? You would be surprised how powerful a large, organized, voting block can be when it wants to influence an elected official (or a potential one).
You could run for office - start small and work your way up. Eventually make the correct changes
You could create websites, or write well-written articles to get them published in general newspapers (not special
Re: (Score:2)
We all could have not voted for Obama, as I know many of us did. If we would have made better choices (and I'
Re: (Score:3, Interesting)
Bruce
Re: (Score:2)
* Appoint people who know how to do all of the above, or who will listen to people who would give them good advice.
SB
Re: (Score:2)
Do NOT hand cyber-security over to the military. Gods, I've never work with people so capable of coming with pointless security regulations, excess paperwork, and generally over the top requirements while still not managing to really secure anything. It's amazing.
Re:Not such a good idea (Score:5, Insightful)
Personally I don't trust government to:
In choosing democracy we've (wisely) given up some effectiveness in government in order to avoid having dictators. However this current government seems to have gone off the deep end, insanely grabbing power, and then not knowing what to do with it once they have it.
On the bright side, after the coming mass-inflation, they essentially won't have any power due to the fact that they'll have no money (at least, no money that's worth anything). On the depressed realistic side, how can we reasonably expect our representative government to manage money/things when half the population is incapable?
Re: (Score:2)
How so? Attaching some strings to the tax money they pump into failed businesses? We certainly seem headed for a bad economy, but allowing it to implode unimpeded may well have been even worse. There are no good options.
As for the new cyber-security initiative being flawed, compared to what? The baseline is: nothing. Assuming the govt. will fail at policing
Re:Not such a good idea (Score:5, Insightful)
How so? Attaching some strings to the tax money they pump into failed businesses?
You clearly haven't been paying attention. Apart from trying to tax bonuses with unconstitutional laws, they've bailed out some companies while letting others fail with no clear motive, they've bailed out companies when letting them fall into bankruptcy would likely be a better option, they've spent a lot of money on projects that won't particularly help the economy all that much, they've spent so much money that inflation will be hard to avoid in the near future (and you REALLY don't want inflation during a recession), they've sent unclear messages about what they are trying to accomplish (some have speculated that Bernanke's ultimate goal is to never be accused of not spending enough), and on top of it they've proposed a budget that will triple the national debt in 10 years, and double it in five. If you want to go back a little farther, we can talk about starting two wars, not a great idea to begin with, but more importantly they were waged with clear incompetence from the beginning.
As for the new cyber-security initiative being flawed, compared to what? The baseline is: nothing.
I don't know if you are trolling here, or if you just haven't read the article, but they want the power to shut down any network they want. This is significantly worse than nothing, for reasons pointed out by Bruce above.
Sometimes it is better to do nothing. As the saying goes, "Don't just do something, stand there!"
Re: (Score:3, Insightful)
they've bailed out some companies while letting others fail with no clear motive
Actually, the motive is very clear, at least in the case of General Motors. It's spelled "Labor Unions".
Pretty simplistic view of a complex situation. It might also be spelled "saving one of the last major US owned industrial companies". Or maybe it's spelled "preventing the uncontrolled and disastrous collapse of economies of Michigan and Ohio." What's it spelled when both the UAW and bond holders of GM are told by the Obama administration they both need to make major concessions or GM will go bankrupt? Or what's the spelling of the cost of sorting out the pension mess would exceed the amount we've loane
Re: (Score:2)
every sentence in the main paragraph of your post could be appended with "in my opinion". you present all of these thing like facts to support your earlier statement, but they are all opinions
This is not a valid argument of anything, and adds nothing to the conversation. The things I asserted are true. If you believe they are not, show me why they are not instead of your empty, meaningless accusation. I can easily make the same assertion with regards to any topic, for example, "You say evolution is science, but that is clearly just your opinion." Looks pretty silly, doesn't it?
Re:Not such a good idea (Score:4, Insightful)
I know it is a national pastime in America to be as negative about government and politicians as possible, and unfortunately it isn't all unjustified. But if you can't see anything good or positive even in your worst enemy, you are seriously blinkered; and what is worse, you cut yourself off from the possibility to communicate from a common basis and thus from any chance of exerting any influence. Isn't this what keeps all the stupid regional wars going for generations? The Middle East, Sri Lanka, Northern Ireland until recently, much of Africa etc etc.
Your all-out, negative attitude actually plays into the hands of lousy politicians - they want you to think it is hopeless to try to change things, so they can't go on and line their own pockets they way they know best.
Re: (Score:2)
Re: (Score:2)
...the truth of the matter is, there is a high level of incompetence in the US government right now. The infrastructure is falling apart (we literally had a bridge fall down while people were driving over it), the social security has needed some fixes for a while now that were obvious, and yet no one has fixed them; the list goes on. If you can't take care of the basics, if you can't even maintain a balanced budget (which is where California especially is), then you fall into the category of incompetent. I stand by the four points I made in my previous post.
Oh, come on, be reasonable. The current administration is not responsible for the mechanical failings of infrastructure that is - what, several years old? And the same goes for social security etc - and they are desperately trying to fix things. And apart from that, if you want to achieve anything in the way of changing the way things are, being contrary and unreasonable is not the way forward; that only tells that you have given up and gone into sulking mode. The system is a huge and unwieldy juggernaut,
Re: (Score:2)
Also, I challenge your sweeping claim that "Government Is Incompetent" - as if everybody in all of every government is a moron, more or less.
I didn't say that. I'm sure there are plenty of individual competent people in government, but the combined whole of government has shown itself to be incompetent. This is true of the current government.
That is a situation I believe a lot of people in America are in now, so they will understand how it works: you still have to pay your bills and you also have to pay off your new debt - and it is very difficult to balance the budget in that situation.
If you are in this situation, the solution is to reduce your spending, consolidate your debt, and begin to pay it off. Our current government has gone the opposite way, by spending significantly more than has ever been spent before. Under Obama's plan, the national debt will grow more in three years than
Re: (Score:2)
" . . . unfortunately it isn't all unjustified."
I don't hear too many gripes that I think are "unjustified", especially in this forum.
"if you can't see anything good or positive even in your worst enemy, you are seriously blinkered;"
Glad that you've accepted the fact that our government is our worst enemy. Oh btw, they do a pretty good job with the national parks system and postal service, so they aren't 100% bad. However, if you base your expectations for any new Federal government initiative on your obs
Speciation Of The Internet (Score:2)
"a government gone feral"
I argue that it's an inevitable outcome of ecological diversification of information and the Internet. It's not just occurring in the United States. The internet is "speciating", evolving differentiation in order to limit infectious memes.
http://www.realmeme.com/roller/page/realmeme?entry=global_differentiation [realmeme.com]
Is our government nuts?
Well, yes.
But that's a separate issue.
Re:Not such a good idea (Score:5, Informative)
- Not abuse access to data held by said companies
Let me get this straight, NSA (the agency recommended for the job according to tfa) will conduct "ongoing audits" of private networks owned by the utilities (telecoms too?) and nowhere does it say that this does not include access mountains of data held by those utilities on just about every person in the US
Re: (Score:2, Interesting)
I think that this is a great idea.
I think that the government needs to have a hand in every industry that profits off of people's misfortunes.
Medical companies have no financial incentive to keep people healthy the same way that infosec companies have no financial incentive to secure the nation's infrastructure. Instead of research scientists working for cures we have greedy corporations that have risen up, trying to sell the antidote of the day.
What if, instead of hoarding 0day and designing proprietary c
Re: (Score:3, Insightful)
Re:Not such a good idea (Score:4, Insightful)
I think that the government needs to have a hand in every industry that profits off of people's misfortunes.
Wow. I mean, just mega-wow. Are you serious?
The government is already involved in every industry that profits off of people's misfortunes. The automotive insurance industry exists in its current form because it was able to purchase legislation which mandates its use. The medical insurance agency, big pharma, the banks that mushroomed all these mortgages all out of proportion to what they should have been (besides which, while I do believe in caveat emptor I also believe that of all things you should be able to trust that a bank will act conservatively most of the time) and the RIAA all function under bought-and-paid-for legislation.
If you think more government intervention in these things is going to improve them, think again.
Re: (Score:2)
All of the cases you cited are instances where corrupt government officials sold power to the corporations, which is the opposite of government control.
What I am suggesting is sending more tax dollars towards research and development that helps all the people in the united states. This research should be run by people that are answerable to voters, not shareholders. There are industries out there (infosec included) that would make the people safer and more secure if the goal was more about helping people
Re: (Score:2)
Blah for pessimism.
Yes, OF COURSE corruption will always damage any system, and no system is free from corruption.
In general, the government answers to the voters, and corporations answer to their shareholders. In service based industries, pure capitalism works fine, but when it comes to my health and my security I would rather have an elected entity in place rather than a corporation looking to maximise their profit margins.
Of course government should not expand where it is not needed, and I would never d
Re: (Score:2)
Why does one word seem to come to mind with all four of those points......that word being "Microsoft?"
* Think Senators Rockefeller or Snowe have ever knowingly used Linux, much less heard of NetBSD?
* Platform standardization! TCO! Integration!
* It only works with Windows.
* Hi, there, DRM!
But, you know, you have to give it a chance. Enough hopeychange, plus a new federal center for cybersecurity in West Virginia, and we'll be _great_.
Re: (Score:2)
Think Senators Rockefeller or Snowe have ever knowingly used Linux, much less heard of NetBSD?
Primarily developed by the US National Security Agency, [SELinux [wikipedia.org]] was released to the open source development community under the GPL on December 22, 2000 and merged into the mainline kernel 2.6.0-test3, released on 8 August 2003.
Re: (Score:2)
You had me at this point.
Rockefeller and Snowe? (Score:4, Interesting)
Cybersecurity 'Standards" (Score:5, Insightful)
Until your elected representatives fully understand that any public infrastructure networks should not be connected to the 'Internet' -for any reason- any discussion of 'cybersecurity' is simply wasted words. WTF does it take for these 'public officials' to realize that critical infrastructure networks need to be completely isolated and secured from the hostile environment that the 'Internet' has become?
Re:Cybersecurity 'Standards" (Score:5, Insightful)
Actually they do (Score:5, Insightful)
Re: (Score:2)
2. It would have been nice to never have connected these utilities to the in
You do realize (Score:2)
That the phone system is a network? That traffic lights are often networked, and have to be remotely accessible? Etc. etc. etc.
There's more to networking than "the internet".
Re: (Score:3, Informative)
I don't need no education (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Banking?
The same story applies. Your bank account details are so precious that they should never be exposed on the internet. And yet you do use online banking. The benefit in convenience outweighs the security risk.
The same convenience applies to water, electricity, traffic lights and other parts of the public infrastructure. If we can manage the risk through security protocols, then using the public internet for remote management makes for increased efficiency.
Increased efficiency is a good goal. If the on
Right! (Score:5, Insightful)
Maybe we could legislate some openness instead.
Re: (Score:2)
Neil Armstrong was a government official. Employed by government officials. In a government program.
Never was the "It's a Trap" Tag More Appropriate (Score:5, Interesting)
Large vendors are behind this. With all the extra security certifications and processes that small businesses (or independent/open source developers) will be required to apply because of "security" open source would be closed out of the market by this.
Please watch this very carefully. Red Hat and free software companies actually large enough to have lawyers, please, please, please sniff out the rats.
Re:Never was the "It's a Trap" Tag More Appropriat (Score:5, Informative)
What about SELinux?
Isn't it NSA sponsored?
Re: (Score:2)
Re: (Score:2)
Sooo... (Score:2)
The April Fools crap is over now? It's a silly day anyway.
If this is not an Aprils Fools joke thats... (Score:2, Insightful)
Re: (Score:2)
Bang!
Re: (Score:2)
Re: (Score:2)
The link is to WaPo. I think they're a bit stodgy to be playing April Fools jokes. And if they did, it would be geared toward a more general audience.
Enforcing compliance... (Score:5, Interesting)
If passed, this could have the effect of a de-facto outlawing of Linux. For example, consider the typical business small business owner's plight: he uses Windows mostly on the desktop, but has a few Linux servers handling things like mail and print services.
I understand the government wants to ensure "cyber security" - whatever that means - but they, of all organizations, are the least qualified to implement it. The conflict of interest between big business and government interests is just too great for this to be anything but a tremendous waste of time and money.
And this without even considering the larger question of why the government should have any control over the software private users run on their own computers.
Re: (Score:2)
The only possible path from:
1 Government forces all businesses to use standarized crap software.
is:
2 Standarized crap software is thoroughly raped and even infants can enter any complying business.
3 Businesses remove crap software.
Re:Enforcing compliance... (Score:4, Informative)
I'm pretty sure the government and military also runs Linux/BSD/Unix in certain applications, so it would be silly to assume that they wouldn't write legislation in such a way that such OSes would be included.
I imagine something of a "security certification requirements" that the ruling body of each OS would put forth (i.e., each Linux distro would put forward a list, as well as Microsoft for Windows, Apple for OS X, etc). This list would be submitted to the government/whatever authority, and they would use this list in testing whether or not individual IT installations are complicit. The list, if implemented, would also have to assure that the OS's operation would meet the government's "cyber-security requirements".
In other words, I don't imagine the government would completely ignore Linux to give a leg-up on Microsoft. Not only would that fall in the face of the whole anti-trust suit with MS, but also the government would have to shut down its own systems running non-MS operating systems. That approach doesn't appear to make any sense.
Re: (Score:2)
I'm pretty sure the government and military also runs Linux/BSD/Unix in certain applications...
Absolutely (and not just in "certain applications"). Ask google about something called "Trusted Solaris". There's a DoD org that's responsible for producing "blessed" versions of all major (and many minor) OS and software packages called the DODIIS. (Yes, you pronounce it "dodus".)
Re: (Score:2)
I'm pretty sure the government and military also runs Linux/BSD/Unix in certain applications, so it would be silly to assume that they wouldn't write legislation in such a way that such OSes would be included.
By saying it would be silly to assume [...], you assume competence...
Re: (Score:2)
Wasn't TCP/IP suite made JUST for handling the Ultimate War?
I mean after all the greatest (and probably the only) strength of IP is automatic re-routing in case of disruptions.
So, an attack against even 80% of our TCP/IP-based internet would still result in the rest of 20% routers taking the traffic and still deliver...
This is a clear case of Government spying on us.
And i thought Obama was a nice man...
Re: (Score:2)
Which, if it isn't outright insecure in the first place (I'm looking at you Microsoft!) will provide a convenient avenue for the government to insert its own backdoors for spying on the public at large.
Be aware that any backdoors that are inserted by friendly forces can be used by the enem(y|ies) to compromise said weakened systems. If you know *anything* about security (or have been on /. sometime in the past five years) you already know that "security through obscurity" is no security at all. Despite what conventional wisdom tells you, the ignorant CEOs and CTOs of the government world are (almost always) advised by some very bright, clueful folks.
Re: (Score:2)
Indeed. My university has a deal with another university that allows us to use their classrooms on the other university's campus. That campus has wireless and it is protected by requiring the systems that connect to it to run a specific piece of software - which is supposed to ensure that your machine is virus free and all (yah,right). That software runs only on Windows (and recently on Macs), thus they have effectively precluded the use of Linux on their campus network. All, of course, in the name o
I hope you don't mind.. (Score:2)
Re: (Score:2)
3. Inspector then moves on to the server room, where Linux is installed. Inspector can't determine that "latest Microsoft patches are installed", so machines are marked as non-compliant.
The FederalGgovernment uses Linux as well and there are published security standards for it. The NSA and DISA both publish security guides and implementation guidelines for Linux. NSA Secure Configuration Guides [nsa.gov] DISA STIGS [disa.mil]. This will require training for your typical enforcement droid but is not out of reach. To say that regulation would require Microsoft only is ignoring the fact that *nix is very much in use in the Federal Government
Re: (Score:2)
A real American should have the following step between 3 and 4, possibly negating the rest:
3.5) Lock inspector in server room, turn off lights, announce over intercom into server room you are going to turn on the halon to demonstrate he is non-compliant with your halon-survival procedures.
I'm not comfortable with this (Score:2)
Haven't we already been under attack for a while? Granted, I'm no expert in this field but haven't foreign nations been attacking the US for a while? Wasn't there a story a couple of days ago about GhostNet?
I heard a lot of tin foil hat people talking about an "i-Patriot Act" but I thought it was a lot of nonsense. When the government tries things like this and says they will work in a way as to try and not infringe on privacy, how many actually believe them.
The biggest concern I have would be the power
Capability based security (Score:3, Interesting)
Until we get operating systems that can run code without having to trust it, we're going to keep getting the same crap, over and over.
Linux isn't the answer. Hell, even SElinux isn't the answer.
Start reading up on Eros, Keykos and Capros to see about systems that might actually solve the security issues once and for all.
Re: (Score:3, Insightful)
+1. Problem is, current CPUs themselves are buggy and exploitable, so you still need a verifier, and if you need that you may as well have a VM and a JIT. Unfortunately the major VMs that have the building blocks to be capability-secure -- such as CLR and JVM -- threw it all away with their standard library designs.
There's also a hidden side of capability security: preventing data, or more generally causality, from leaking in or out of a given piece of code. If there's an API exposed to untrusted code th
Re: (Score:2)
I haven't read the article yet, but... (Score:2)
I sure hope there is some mention of a court order before shutting down anything, whether public or private. Even if it is in such a way where they do it first, then get the court order within like 72 hours.
Re: (Score:2)
Court order???
What are you? A moron?
This is the new American man!
Where we free Senators who have been convicted of corruption, and refuse to prosecute presidents who broke laws.
But damn it, we send kids to jail for 25 years for taking photos of themselves or stealing an apple...
The French should demand that USA return back the Statue of Liberty: after all when a cop could shoot you down like a dog and not face jail for the crime, this country does not have liberty...
Software Mono-Culture (Score:2)
Because the one thing we've learned from having software mono-culture is that its a Good Thing(tm).
Now we're attempting to fix the problem by having federally mandated mono-culture? Please!
And as someone who has worked for companies that have developed government specs, I can assure you that the process will be corrupted as to bias towards certain vendors. Any required feature that can be patented will be, and any open-source implementation will be sued out of existence.
I think lobbying is afoot! (Score:4, Insightful)
Re: (Score:2)
How about "Commissioner Gordon of the Internets"? Then vigilante justice on those spammer assholes would be only a phone call away. The Batcomputer could probably use an upgrade.
'Course, while fighting LOLCATwoman might be worthwhile, Batman's distrust of the Penguin might make him a bit biased...
It creates a czar, so I'm against it (Score:3, Insightful)
Re: (Score:2, Insightful)
it sounds anti-democratic
What if it sounded pro-democratic? Would be better?
Imo, It does not matter how it sounds. It IS anti-democratic.
I mean that's against people.
And then (Score:3, Funny)
the terrorists build a CIP device, and then storm the White House, and then they get bioweapons in DC.
april fools (Score:2)
as in, the legislators, not the day
Just to make you shut up (Score:2)
[The bill] would require the National Institute of Standards and Technology to establish "measurable and auditable cybersecurity standards" that would apply to private companies as well as the government. It also would require licensing and certification of cybersecurity professionals. "
And any of us who went public with information on illegal/un-ethical wiretapping or gross incompetence would lose their license.
That'll shut up those pesky security professional/privacy advocates.
FUCK THAT.....! (Score:2)
Federalizing cybersecurity?
FUCK THAT!
Big Brother already has a hell of a time keeping the US's *physical* borders secure, with all of the politically-correct bullshit that is allowing drug smugglers, human traffickers, illegal aliens, and other less-desirable what-not to cross the border illegally at will.
If you want an idea on how it will go, take all the political-correctness and bureaucratic hurdles that have prevented effective enforcement of physical borders. Then, substitue *your* computer for the con
Effective laws? (Score:2, Interesting)
While I applaud the Senators' efforts to assist in securing cyberspace, historical efforts to legislate cyber-security have not proven effective. (that was tough to say with a straight face) To wit, examine the Government's own record: Currently all federal agencies are required to follow strict guidelines/policy, yet the average info-security grade given by OMB, for FY2007 was a C-. How far would you get in life if your average grade was a C-? I'd guess the average Slashdotter had better than a 1.7 avera
I'd just like to point out... (Score:2)
Just calm down, wait until the bills are even introduced, read it, pick it apart, contact your Senator and express your dismay over the project.
Re: (Score:2)
I doubt special interest groups would let it rest.
Besides, we at /. know that Microsuck can't make a decent secure product. Why should using them even be an option? Let alone mandated by a team of techies that were probably cherry picked by MS friendlies in the first place?
This soulds like a disaster waiting to happen. (Score:2)
Sorry, but the States own the waterways.
My worry (Score:2)
My chief worry is actually not so much about "increased powers" - I suspect they can already do most of this in one way or another. But centralising things means that an attacker only needs to find one weakness, so to speak, and then they would be able to wreak havoc on a grand scale.
conficker anyone? (Score:2)
Right after the conficker worm hits everybody hard, we finally get someone with brains doling out a new regulation that makes companies responsible for their work environment, even on the PC.
Awesome, I hope they come out with proper fines and hierarchy of payment levels.
Now if they could do this with recycling, it would be really great.
Thoughts (Score:2)
Had a discussion with one of my security guys and he had a very insightful point. Security is the best when there is a disparate security apparatus, where I might use X, Y, and Z vendors for my security solution and my competitor uses A, B, and C. This creates complexity for malicious hackers due to complexity created by this disparity. By mandating standards, the Government creates a target that security vendors have to reach and have no incentive to go beyond that standard. This might create an unintende
It's what we need (Score:2)
Obviously, the "enlightened self-interest" of companies doesn't work, given the constant reports of breakins.
And for those who don't realize (like Jane Q. Public), utilities like the electric grid, and municipal water and gas supplies, are computer controlled (no! duh!), and in some cases, Dilbert managers have had the controls made accessible via the 'Net, rather than an air gap between their control systems and the 'Net.
A year or two ago, over in the UK, there was a train accident - don't remember if it w
Re: (Score:2)
So, yeah, it *is* what we need.
"It" is the problem. The federal government is not qualified to set the standards or manage them. For example, look at FISMA - an unmitigated FAILURE in security. Its an excercise in building paper forts around computers and networks - and this is the BEST the federal government can do.
The federal government can not provide IT, the problem is one of design. Systems are not designed for the threats they face, and the federal government is worse than ill-equiped to lead that effort - its not only part o
Re: (Score:2)
The benefits don't outweigh the negatives, and the potential for abuse is too high. You seem to think a system needs to work 100% or it's not working. Nonsense, we can certainly tolerate the odd incident here and there, like we do with everything else in life. The idea of Windows computers controlling things like the electricity grid and nuclear power stations sounds scary to me too, but if it was really such a problem as to warrant this kind of intervention, there would be incidents all the time. Things ar
Standards - blech (Score:2)
In finance, companies routinely send questionnaires to each other to ascertain whether security standards are being enforced. The problem is, the questions are often disconnected from the actual tasks and practices - one-size-fits all queries. Since the questions are generally more-than-half bullshit, you can imagine how the answers come out. The buzzword compliance ratio runs high. Measures that promote or enforce actual security - not so much.
Having more law from the government for this will accomplish on
Re: (Score:2)
I think it's "+1 Underrated"
To smite the mod, be a metamod.
Re: (Score:2)
Underrated? A whole five words, that nonetheless manages to be inane and pointless? I disagree vehemently.
Your comment about smiting mods is rather non sequitur; as of now there has not been any moderation on that comment. Also, there's nothing 'meta' about the moderation these days: a lamentable change in policy.
Re: (Score:3, Insightful)
Re: (Score:2)
If you want to live in a dog eat dog world go and do it. See how long you last. I don't believe communism is responsible for the recent financial meltdown, throwing people out of work and their homes.
Idiot.
At the rate the world population is growing, you will either get along with others peacefully or you will engage in constant war. No one group or person has any more
Re:Last one out.... (Score:5, Interesting)
This may be a late April fools joke by government standard, but it sure contains plausible concerns.
Concerning the document, I would say that it isn't a joke, but you may have to express some concerns about if the proposed methods are causing more problems than they are solving.
If you shut down a whole network, then you also cut off the owners of possible infected computers from the services that may help them to clean them up. This has been tried before within larger companies which just ended in a deadlock, nothing was done at all until the network was up again. In effect - you got an ultimate D.o.S attack!
If anything - put more effort into hunting down and apprehending the perpetrators. This will give a much better result in the long term. In effect - follow the money.
Another approach would be to put more effort into hardening of operating systems and tools for operating system management. SELinux is one good example, but unfortunately this only works to some extent and it only covers one area of security measures.
One detail that also is cause for concern is ISP:s that migrates from several routed segments to a large segment where switches are used instead. It makes sense from an economic perspective, but it's not making sense from a security perspective. This means that more computers can be joined into dark nets using private IP addresses for internal communication, which in turn can make attacks even better coordinated.
Large switched segments where private IP addresses propagates can also result in new intriguing ways of obscuring file sharing traffic and other traffic that is to be masked. This can result in the funny effect of making a whole town suspected of possession of child pornography.
Re: (Score:2)
Concerning the document, I would say that it isn't a joke, but you may have to express some concerns about if the proposed methods are causing more problems than they are solving.
Wait, the government is displaying (potential) ham-fisted incompetence, and you think "ah! That must be a joke!".
You're not cynical enough to be on /.
China also has the max of the death penalty for ha (Score:3, Interesting)
China also has the max of the death penalty for hacking. Russia does not care about hackers going after the us and taking our money Likely a kick back kind of thing in Russia.
Re: (Score:2)
Has anyone else noticed this?