Ed Felten: California Must Lead On Cybersecurity 80
An anonymous reader writes In a Sacramento Bee op-ed, (in)famous computer security researcher Ed Felten responds to the State of the Union cybersecurity proposal. He doesn't mince words: "The odds of clearing Congress: low. The odds of materially improving security: even lower. "What he suggests as an alternative, though, is a surprise. "California," he writes, "could blaze a trail for effective cybersecurity policy." He calls for the state government to protect critical infrastructure and sensitive data, relying on outside auditors and experts. It's an interesting idea. Even if it doesn't go anywhere, at least it's some fresh thinking in this area of backward policy.
From Felten's essay: Critical infrastructure increasingly relies on industrial automation systems. And those systems are often vulnerable – they keep a default password, for instance, or are accessible from the public Internet. These are not subtle or sophisticated errors. Fixing them requires basic due diligence, not rocket science. Requiring the state’s critical infrastructure providers to undergo regular security audits would be straightforward and inexpensive – especially relative to the enormous risks. Areas of sensitive data are also low-hanging cyber fruit. In health care, education and finance, California already imposes security and privacy requirements that go beyond federal law. Those legal mandates, though, are mostly enforced through after-the-fact penalties. Much like critical infrastructure, sectors that rely upon sensitive data would benefit from periodic outside auditing.
Of any state government's, California's policies also have the chance to help (or harm) the most people: nearly 39 million people, according to a 2014 U.S. Census estimate.
Re:facepalm (Score:5, Informative)
Why would you say something like that? Whereas, I don't have high confidence in any governmental organization to ratify legislation that works well with tech matters, California has lead the way for many in the past that are now national standards.
Off the top of my head, there was a time where you could buy a new car without a catalytic converter, and without any emission standard requirements in every state besides California. Same thing can be said about safety equipment or specification (bumper heights, crash standards). Currently, all the requirements that had to be met for California are nationally required.
I expect we will see the same adoption nationally for small motorized and two-stroke motors in the future. Also, the Junior College system that CA has had since (at least) 1978 (sans tuition for residents) recently had national mention.
All in all, although many protest and resist change, it seems that California legislators are more intuitive than most and they seem to have lead the nation on many other models aside from the aforementioned.
Re: (Score:2)
This is the intent of "separate but equal" States at it's core.
That is definitely an advantage of the federal system, but it was not the purpose. The constitution was written that way to prevent the centralized government from becoming too dictatorial. Indeed, if the constitution had given the national government much more power, not all of the states would have joined.
Re: (Score:1)
The constitution was written that way to prevent the centralized government from becoming too dictatorial.
And how's that working out lately? And by "lately" I mean the last 9 decades, more or less.
As one wag put it, it took about a century and a half to get a Supreme Court that would rule that a man raising grain on his own land to feed his own family and livestock was engaged in "interstate commerce" as he did so.
Silly me, I thought that for an act to be commerce between states, it had to be: (1) commerce, and (2) between states. What he did was neither.
Now to await the first person to provide the Court's BS
Re: (Score:2)
If a majority of the people want a larger federal government over a long-enough period of time, no constitution ever written will prevent it.
I'm interested in your follow-up question, though.
Re: (Score:1)
Sorry, you didn't give the Supreme Court's BS rationale. No follow-up for you.
Just kidding. Here it is.
So, is there any action a person can take in the United States that is *not* "interstate commerce"? Walking near a school while carrying a firearm, perhaps? Operating a business which transacts with retail customers in its own state, but uses supplies that were manufactured in another state?
Once Justice Roberts said that if you call it a tax with an exemption clause for doing what the government wan
Re: (Score:2)
So, is there any action a person can take in the United States that is *not* "interstate commerce"? Walking near a school while carrying a firearm, perhaps? Operating a business which transacts with retail customers in its own state, but uses supplies that were manufactured in another state?
Of course. Donating money to politicians.
Re: (Score:2)
In California and by California are not the same things even though they sound similar.
I'm not supporting the parent's position but please understand that you are not speaking about the same things.
Re: (Score:2)
I'm not sure why I would have to. The article stated the government of California which is the only entity that could be by California. This is the context the OP's comment should be examined in. You stated "in California" which is not the same thing but could encompass the same things.
Re: (Score:2)
Lol.. i explained why i wouldn't have to. I see you are ignoring content in order to focus on red herrings so i guess this conversation is over.
But here is a recap in case big paragrapg scare you. The context was obvious, no explaination needed as the article was talking of the government of california and the GP was talking of the article.therefore the attempt to associate anything that ever happened in california is misplaced and out of context.
Re: (Score:2)
California, seems to be reactive in terms of policy.
It will try hundreds of policies many of them fail or have no impact. But the few that do work they will tout how progressive they are.
Still I want to cross the state border with my nice juicy apple.
Re: (Score:2)
That's a perfect analogy to this story. Spot on.
that assumes that "security audits" are worthwhile (Score:1)
I've worked in banking were we were audited by multiple government entities, our private auditors and auditors from our thousands of customers.
Security audits are only worthwhile if the company being audited is actually serious about security in the first place. In over a decade of such audits I don't think the audits ever found anything that we didn't already know.
During this time we aquired multiple other companies, all of who had passed security audits, and the quality of their security had very little r
Re: (Score:2)
"Security audits are only worthwhile if the company being audited is actually serious about security in the first place".
I guess what matters is who holds the 'purse strings". When I observe a non-compliant issue and report it to my client, most of the time my client calls for a secondary audit. It's rare to see the same issue on the secondary. The audits I've done where I observe the same non-compliance are rarely retained by my clients.
My clients hold the "purse strings" and will accept an
Re: (Score:2)
So why don't you post the fucking clue?
california is a joke (Score:4, Insightful)
And they're supposed to get tough on cyber security?
Re: (Score:2)
Which part of what he said is not true? Talking points or not, he did not mention the mass exodus from California so your setting up strawman just to knock down seems like a convoluted ploy to ignore the realities mentioned.
Re: (Score:1)
You mean trash like. . .Toyota (moving their hq), Motorola (opening new manufacturing), Apple (New jobs are all going into Austin), Dropbox, Nest. You know it costs twice as much to rent a Uhaul from California to Texas, because they have to pay someone to drive it back.
Its not that there isn't anyone in left in California, but pretty soon there won't be any decent jobs. Unfortunately it means that companies are moving Californians into Texas by the neighborhood, and they just can' stop acting like Califo
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Funny)
No need to get all lathered up and angry! Relax! Clean your guns, watch some NASCAR and enjoy some BBQ pork rinds.
California won't come to you, I think you will be safe in whatever flat spot you park that single wide trailer in.
And be sure to tell your neighbors and coworkers how lucky they are to not be in California!
Californians ARE moving to Texas in droves, and br (Score:2)
Many, many people are moving from California to Texas, often following companies who are either moving their headquarters or like Apple, who is moving their new development to Texas. They come here because this is where the jobs are, and the cost of living is so much lower. The same person might make two to three times as much real income after accounting for cost of living.
They come to Texas because Texas has jobs, Texas has affordable housing, Texas has a road system that works, unlike California gridl
Re: (Score:1)
been that way since $1 gas (Score:1)
23 years ago, my mother moved to Austin because that's where she found a nice job with a tech company, Dell, and a nice house for about $120k. Since then, gas has gone to about $4, gone back up and down. The Texas economy has done well throughout. This is the point where someone will point out that the Texas economy wasn't as good 30 years ago (when Democrat Ann Richards was governor).
Shale oil has been good to Texas in the last three years, but again we've been doing well much longer than that, and tech
Re: (Score:2)
My honest assessment is as I hinted above - business is coming to Texas FROM the states that are making pot legal, increasing regulations, etc - liberal states. That suggests to me that while smoking pot might be fun, and these liberal policies may have some benefits, they are bad for an economy - bad for jobs. I get it - I used to be a member of NORML. So I understand that point of view - I wrote some of the literature they read. It just hasn't worked well for the jobs and cost of living situation.
Hasn't worked well compared to what? People are far less productive jobwise, when they're rotting in jail for committing a victimless crime like possession of marijuana than if they were casual marijuana users working some job within their abilities. And it costs a lot more to store those people in jail than it does to ignore their activities except in cases where they're doing something negligent, like operating heavy machinery while impaired.
And this War on Drugs (like marijuana), has resulted in the s
Perhaps. Note the repeated emphasis on jobs, econo (Score:2)
> As a result, we have to expect and accept that people will on occasion act in ways that we don't like and perhaps even contrary to their own well-being.
Perhaps that's applicable. There are enough gray areas to that question that we could go on for hundreds of pages discussing it. We'd never all agree, because it's a philosophical question, no a factual question. It's rather a different topic, though. What we're discussing here is jobs and the economy in Texas. In other words, as I said in the post you
Re: (Score:2)
Perhaps that's applicable.
It is applicable. There's no "perhaps" to it. In a mostly free world people will act in ways that we won't approve of.
What we're discussing here is jobs and the economy in Texas.
And I get you think that legalized marijuana smoking is somehow worse economically than the current state of affairs with its destruction of people and the rule of law.
Similarly, maybe you think that "regulating" your employer to bankruptcy is more "fair".
OR MAYBE YOU DO. You're the one glossing over the destruction of a person's life just because they smoke or possess weed. Putting people out of business merely because they smoke something you don't approve of is pretty damned
Soemtime we'll have a thread about that (Score:2)
> You're the one glossing over the destruction of a person's life just because they smoke or possess weed.
The morality of drug laws is not the topic of discussion in this thread. As I keep telling you:
What we're discussing here is jobs and the economy in Texas.
> And I get you think that legalized marijuana smoking is somehow worse economically than the current state of affairs with its destruction of people and the rule of law.
There's no "think" about it, the fact is that the economy in Colorado, Cali
Re: (Score:2)
AB 32 requires California to reduce its GHG emissions to 1990 levels by 2020 â" a reduction of approximately 15 percent below emissions expected under a âoebusiness as usualâ scenario.
Pursuant to AB 32, ARB must adopt regulations to achieve the maximum technologically feasible and cost-effective GHG emission reductions. The full implementation of AB 32 will help mitigate risks associated with climate change, while improving energy efficiency, expanding the use of renewable energy resources, cleaner transportation, and reducing waste.
It's not hippies smoking weed which makes California gasoline a third more expensive than Texas g
please stay there. You'll like Morris (Score:2)
If you can find any of it, I think you might enjoy reading a guy from Colorado named Ray Morris. He was a big pot guy in Colorado , active with NORML in the early nineties.
It has become obvious that you're currently unable to grasp the concept that there can be a conversation about something other than weed ( too stoned?), so if you're in Colorado, please stay there. All we have down here is Mexican dirt weed anyway. You wouldn't like it.
Re: (Score:2)
1) Has God given all of us free will?
2) Is it God's design that we should take away some degree of free will from others in order to help them become better people?
Re: (Score:2)
Hmm, I wonder who or what you found that made you think that. Maybe Robert Morris? Anyway:
1) I don't speak for God. It seems He gave us instructions and the ability to follow them, or not. Mostly the same instructions the state Health Department gives us - don't eat improperly slaughtered meat, shellfish can be dangerous, and don't sleep around.
2) Jesus instructed that if a brother is doing something stupid and dangerous like fucking his neighbor's wife, tell him so. If he doesn't listen, three friends
Texas economy not reliant on oil industry (Score:2)
In the past the oil industry was a much bigger part of the Texas economy than it is now. It's still a large part, but there is a ton of high-tech stuff all around Texas - Apple is building all of its Mac Pro units in Texas, for example...
They also have a lot of international trade, including a major airport and shipping port too. All of that adds to economic diversity.
Re: (Score:2)
Outside auditors for CA government? Ha! (Score:3)
What they propose is not going to happen simply because of this:
He calls for the state government to protect critical infrastructure and sensitive data, relying on outside auditors and experts.
Outside auditors doing anything in CA government? We'll see that only when all else is lost, and people are starting to go to prison.
Re: (Score:2)
Perhaps you should come up to date on California's budget situation [sacbee.com]. Even if California had the biggest deficit in the past, California has the largest economy of any state, by a wide margin, making everything relating to finances bigger in California than any other state.
California doesn't even have the highest sales tax rate. [slashdot.org]
Re: (Score:2)
You are welcome to your state where a lack of laws allows employers to restrict your opportunities to change jobs. Yeah, welcome to your overlords who use the lack employee protection to push your income down.
Yeah, that didn't happen in California (Score:2)
>. You are welcome to your state where a lack of laws allows employers to restrict your opportunities to change jobs. Yeah, welcome to your overlords who use the lack employee protection to push your income down.
Yeah, it was Texas where that happened, not California, right? It was Google and Apple conspiring against employees. Nope, must have been Toyota and Texas Instruments who did that.
The thing is, when the statehouse is deeply involved in business, those three or four businesses who purchase sta
Re: (Score:2)
Yeah, it was California where employees were able to sue employers for such collusion. Good luck with that in some other states, where what Apple, Google, etc. did is just business as usual.
arithmetic. Learn it. Use it. (Score:2)
The cost of living is 28% higher in California:
http://livingwage.mit.edu/stat... [mit.edu]
http://livingwage.mit.edu/stat... [mit.edu]
The average dollar salary of a programmer is 10% higher:
http://www.indeed.com/salary/q... [indeed.com]
http://www.indeed.com/salary/q... [indeed.com]
Texas programmers therefore have average effective salaries 18% than in California. I AM having good luck.
Re: (Score:1)
Not if your programs calculate percentages like that.
LOL I was being lazy and knew it. 16% (Score:2)
Yeah, I was being lazy when I wrote that, and I knew it. Funny that I didn't feel like taking a few seconds to do the arithmetic, given the subject line of my post.
Eyeballing it, Texas programmers effective salary is actually about 16% higher. I still don't feel like double-checking my math on that, but feel free to.
Re: (Score:2)
I AM having good luck.
No you aren't. You're in Texas. The two are mutually exclusive.
Re: (Score:2)
Re: (Score:2)
They have a double digit sales tax rate and the biggest deficit out of every state
Correct me if I am wrong, but it is also by far the wealthiest out of every state: the deficit is not a serious problem. Look at how EU screws itself with its obsession on member state deficits, this is not a path to follow
Re: (Score:1)
NOTHING is going to happen in California. Their budget is a joke. They have... the biggest deficit out of every state...
California has had a budget surplus the last two years. They expect to do so again this year.
never happen (Score:1)
You mean all those industries that off-shored their IT and Security to the cheapest bidder can't secure their systems?
BIG FREAKING SURPRISE.
I don't care about California (Score:2)
Really...how about Rhode Island? It's a small enough place, so it should be easier to secure.
Re: (Score:3)
Companies are profit maximizers. They aren't making changes because the current system doesn't cost them anything. They are never going to "put their money where their mouth is", and it is stupid to expect them to or even want them to.
The reason it doesn't cost them anything is because they are effectively immune from many forms of lawsuits, thanks to "the government".
what could possibly go wrong? (Score:3)
A state run by a single party beholden to corporate interests and lobbyists and massively dependent on the tech industry. A state that is so incompetently run that it is teetering on the verge of bankruptcy, that its schools have dropped to the bottom, and that can't even solve its traffic gridlock. Cybersecurity legislation in California will do little more than exempt tech companies from any sort of liability and pour out massive amounts in government subsidies to big corporations for cybersecurity initiatives.
Real cybersecurity would require massively increasing the financial liability of corporations for any breach in security that causes their customers to lose money or waste time. For example, when a data breach at Home Depot causes banks to have to reissue credit cards, banks should be financially responsible to their customers for the many hours they have to waste on dealing with new credit card numbers, and Home Depot should be financially responsible to banks for all their resulting costs. If each of these data breaches cost corporations a few billion dollars, you'd be surprised how quickly security shapes up.
Re: (Score:1)
Real cybersecurity would require massively increasing the financial liability of corporations for any breach in security that causes their customers to lose money or waste time. For example, when a data breach at Home Depot causes banks to have to reissue credit cards, banks should be financially responsible to their customers for the many hours they have to waste on dealing with new credit card numbers, and Home Depot should be financially responsible to banks for all their resulting costs. If each of these data breaches cost corporations a few billion dollars, you'd be surprised how quickly security shapes up.
This is 100% correct, but it would also require people to be responsible for their own accounts, at least to some extent. There are some people that still use default passwords for their accounts, or easily guessable ones. And that's just the least of problems with individuals.
The truth is, no one, not providers, not consumers, not the Government, not anyone, regards computer security for the crime-lousy potential that it holds. Because that would acknowledge some really scary truths about the way it act
Re: (Score:2)
That isn't a problem with individuals, it's a problem with companies relying on passwords in the first place. Passwords by themselves are not secure, no matter how careful and knowledgeable the user may be in choosing them.