backtop


Print 86 comment(s) - last by Reclaimer77.. on Jul 25 at 1:08 PM

Republicans, Democrats both support measure to expand federal power, but Ron Paul leads minority opposition

In an editorial in The Wall Street Journal, a newspaper published by conservative media mogul Rupert Murdoch's News Corp. (NWS), President Obama laid out his opinion of why poor cybersecurity is such a dire threat to the nation and his opinion on what should be done about it.

I. President Obama Calls Out Businesses for Poor Security

In the piece he describes the results of a recent wargames simulation by nation defense and intelligence agencies, recalling, "Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill."

The scenario was fictional, but President Obama warns it could happen, if safeguards are not put in place.

Train derailed
President Obama claims terrorists could use cyber-attacks to derail trains.
[Image Source: Zimbio]

He blames poor security partially on the corporate sector, calling out the glaring incompetence security-wise of decision makers at some utilities and other vital infrastructure firms.  He writes:

Yet simply sharing more information is not enough. Ultimately, this is about security gaps that have to be filled. To their credit, many of these companies have boosted their cyber defenses. But many others have not, with some lacking even the most basic protection: a good password. That puts public safety and our national security at risk.

The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements.
 
 
Obama speaking
President Obama wants to expand the federal gov't to "solve" the cybersecurity "crisis".
[Image Source: U.S. Aid]

President Obama is proposing an amendment National Security Act of 1947 [PDF], which is ostensibly targeted at promoting information and expertise sharing between U.S. government agencies and key civilian-sector contractors/infrastructure providers.

II. Bill to Expand DHS is Backed by Both Parties, But Has a Few Vocal Critics

The bill, S.2105 [PDF], is a redraft of earlier House bill H.R. 3523.  

The new bill is dubbed the "Cybersecurity Act of 2012".  The key change from the earlier house measure is that the Senate bill funnels the information shared by private sector firms through the U.S. Department of Homeland Security (DHS).  President Obama vocally opposed the earlier House bill, which put the DHS in more of a backseat role.

Homeland Security
The bill would expand the scope of the DHS. [Image Source: CyTalk]
 
The new bill enjoys a fair measure of bipartisan support in the Senate.  It is sponsored by Senators Susan Collins (R- Maine), Joe Lieberman (I/D- Connecticut), Diane Feinstein (D-Calif.), and J. D. "Jay" Rockefeller IV (D- West Virginia).

However, the bill has a couple of vocal opponents among the more liberal and more conservative members of the House.  Among those opposed to expanding the DHS's role is Rep. Ron Paul (R-TX).  Rep. Paul called the bill "Big Brother writ large."

Ron Paul
Rep. Ron Paul is one of the few opponents of the measure to expand federal government.
[Image Source: AP]

Rep. Paul has suggested that the Department of Homeland Security is poor in talent, offensive to civil liberties, and redundant, commenting [source]:

Before 9/11, we were spending $40 billion a year, and the FBI was producing numerous information about people being trained on airplanes, to fly them but not land them. And they totally ignored them. So it’s the inefficiency of the bureaucracy that is the problem. So, increasing this with the Department of Homeland Security and spending more money doesn’t absolve us of the problem. Yes, we have every right in the world to know something about intelligence gathering. But we have to have intelligent people interpreting this information.

President Obama is urging Democrats and Republicans to come together, as they oft do, to overlook civil liberties and debt concerns and pass a bill to expand the federal government.  As with many such expansions of federal government pushed by America's two ruling parties in recent years, there will likely be large price tag to this measure.  And as usual the justification is "national security".

Sources: WSJ, U.S. Senate



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By amosbatto on 7/21/2012 8:48:05 AM , Rating: 0
This article is frustrating, because it doesn't explain the details of the bill.

We have huge security holes in the internet, but the answer is not to further restrict our digital rights, promote government spying, and waste taxpayer money on more big-brother solutions. None of these solutions are very effective and they have huge costs.

The best way to increase cybersecurity in America is for the government to migrate its own computers to UNIX architectures (Linux, BSD, Solaris, Mac OS) and promote their use among the business community. The UNIX architecture is inherently more secuMicrosoftre than Windows and it would help eliminate many of the virus, trojans, worms, spyware, botnets, etc. The second (and related initiative) would be a general migration to free/open source software, since this software allows code review to find security holes. Studies have shown that the code in leading free/open source projects have fewer defects and fix bugs more rapidly than proprietary software.

Not only should the US government switch its own computers and encourage businesses and individuals to switch, but it should regulate the industry, so that hardware can be sold separately from software and consumers can buy PCs and mobile devices with any operating system and software which they like.

If the government wants to waste millions of dollars on cybersecurity, it should offer free security audits, where specialists advise companies on how to secure their systems. Secondly, it should develop free/open source tools to do security audits on source code and pay programmers to improve security in free/open source projects.

The government already does this to some degree. For example, Uncle Sam developed SELinux, but it should be massively expanded. For example, hundreds of thousands of web sites use Smarty templating, but it doesn't have automatic escaping of variables, so web designers have to manually implement it for every variable they insert in the template. The government should pay a programmer to add automatic escaping to Smarty, so web designers have it by default. That would be a much smarter use of our tax dollars than paying for a bigger department of homeland security.

Of course, none of these suggestions will be implemented because free/open source software doesn't have a lobby, and congress is utterly captured by big money interests which like proprietary software and "intellectual property".




By BigEdMan on 7/21/2012 11:25:22 AM , Rating: 1
+100000


By Ringold on 7/21/2012 1:13:06 PM , Rating: 4
quote:
The second (and related initiative) would be a general migration to free/open source software, since this software allows code review to find security holes.


The transition to unix wouldn't solve two core problems.

The first is that the biggest weak link with any OS is the user. It'll never change, that's an OS-independent problem.

The second is this notion that people reviewing code will report the bugs. The CIA and Mossad had some of the brightest people in both nations in the field working on it, and they exploited some hitherto unknown exploits. Giving that caliber of organization access to source code simply saves them a little time, as they're sure as hell not going to submit a patch to fix a vulnerability they want to exploit against their enemies.

That plan also totally ignores that some people would like compensation for their work on software and don't care to give away their secret sauce for free. Unlike internet OSS neo-Marxists in their mothers basements, some people want to be compensated for their work to put food on the table. Open source has its uses, but its not a panacea.


By drycrust3 on 7/21/2012 5:52:14 PM , Rating: 2
quote:
Not only should the US government switch its own computers and encourage businesses and individuals to switch, but it should regulate the industry, so that hardware can be sold separately from software and consumers can buy PCs and mobile devices with any operating system and software which they like.

We saw all the fuss when Apple withdrew the EPEAT rating on some of their products, with places like American city councils not allowed to use those Apple products, so why not have a cyber security rating similar to the EPEAT rating, where failure to meet the required threshold means those products can't be purchased and those already purchased have to be replaced with ones that do comply. For example, say you used a 5 star rating, and say Ubuntu 12.04 running Firefox 14.0.1 was 5 stars and Windows XP running IE6 was 0 star, then the US Government says anything with a rating below 4 stars is unacceptable and will attract higher tax rates. You can bet that suddenly all those "essential" and "runs legacy software" and "can't afford to upgrade" computers will be upgraded to a 4 star compliant software in no time at all.


"Folks that want porn can buy an Android phone." -- Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki