Proposed bill would create National Cybersecurity Advisor
By Nilay Patel 
posted Apr 6th 2009 1:43PM
posted Apr 6th 2009 1:43PM
It hasn't gotten a lot of traction yet, but Senators Jay Rockefeller and Olympia Snowe have jointly introduced a bill that would create an Office of the National Cybersecurity Advisor, a new White House position designed to beef up the nation's information security policies. The new office goes hand-in-hand with the Cybersecurity Act of 2009, another proposed bill that would create an entire panel of security experts brought in from the government, private sector, and universities. All together, the two pieces of legislation would require that government networks and software meet a set of security standards and vulnerability tests -- and, more controversially, that private networks deemed "critical infrastructure" by the President meet these standards as well. What's more, El Presidente can order the disconnection of those networks during a "cybersecurity emergency" or national security emergency if needed, and security professionals will need to be licensed by the government to work on them. Yeah, it's a long way from BlackBerrys loaded with presidential campaign information being sold at yard sales, but we'd bet some of these ideas get tamer as the bill moves through the process -- we'll see how it goes.
"Olympia Snow" sounds like a pr0nstar. I thought it was somewhat relevant...
That aside, about time, eh?
well, maybe, except for this part: "private networks deemed "critical infrastructure" by the President meet these standards as well"
That's not part of the job description of a President, and frankly, the government has no business dictating this to private companies unless that company does business withe the federal government, at which point the government can make it a requirement to be awarded a contract.
Hmm, true. But competence in the digital world is something I've never come to expect from the govt. so how well will this get implemented? Assuming it passes the graph charting - internet is a bunch of tubes idiots on the hill...
No.. it's not about time... this is nothing but another Big Government powergrab.
Our President will then filter the internet... Try googling President Obama now and you get a mix of good and bad things. Google it after this bill passes and you will only get good things about him... HMMMM... sounds like China...
I know, there hasn't been enough "ALL SEEING EYE" policies for a couple years. I'm glad they are making the internet safer for americans.
I can't stop wondering how the hell did the USA turn into a communist country without anyone noticing and actually being praised for it by the citizens?! o_O I'll never understand that...
Obviously the 'private network' mentioned here are the backbones, and the root DNS servers.
At least that's what I assume at this point.
I was assuming private networks to be the networks maintained by banks, insurance companies and auto manufacturers.
The bill is I expect based on all those scare stories about how the chinese are cyber-attacking and how enemies could bring down internet (and harm your bodily fluids) and so they come up with this security army including the power to disconnect china or pakistan or europe whenever they get hysterical (or the next republican nutter in the whitehouse gets a message from god).
That's why I think the 'private' and 'important for the infrastructure' refers to the backbones/DNS.
Of course if that goes through then there will be protests from all around the globe, and hopefully someone then set up an alternative internet as they often suggested they would.
your interested in Olympia Snowe?
The name Jay "Rockefeller" immediately grasped my attention. But that's probably out of your league because your actually welcoming this kind of stuff.
@ Wwhat
It's funny that you mention specifically about "republican nutters" in the white house as this also shows that there can also be "democrat nutters" in the white house as well (you know, the fact that this bill even mentions that the current president will even attempt to specify which networks will be required to comply).
The more things change the more they stay the same and all that...
So if the government declares a private network to be "critical", they can not only take it offline at will but only people chosen by the government can work on it? I'll pass.
xkcd.com/494/ , xkcd.com/495/ , xkcd.com/496/ , xkcd.com/497/ , xkcd.com/498/
ironman, +100
Is it just me or do the past 11 weeks feel like Atlas Shrugged playing out in real life?!?
:-(
This could give government power over internet commerce, as the online revenue is fairly large. I could see companies like Amazon who are deemed critical to America's economic infrastructure being monitored. Sadly I see our nation moving the way of Australia and it's internet censorship legislation. The internet will be freedom's last stand, we have to be careful who we give the power to.
PS-I know the seal on our currency has meaning and symbolism and all but couldn't we have picked something a bit less creepy?
Well internet is a thing that was doomed from the outset, people communicating freely and doing their own thing? Are you MAD?
And the more senators and congressmen learn about the existence of the real internet (not just as a theoretical thing on paper) the sooner its demise is ensured, thanks a lot twitter.com :sigh:
Yay! Obama is actually creating those new jobs he promised....one at a time.
If government IT sucks that badly, then create a government IT position. We do NOT need any sort of regulation on the internet, it's an open platform, you can create a website if you like, but when it comes to regulation of the actual connections, I'm going to have to ask you to GTFO.
A subdivision of the FBI could do the job without having to create a whole new position in the White House.
With our failing economy the last thing we need is MORE government positions to be paid by taxpayers dollars.
Give this responsibility to someone else. Please don't create a whole new department of thousands of people filing papers paid for by us for eternity!
I wonder if this is how the internet censoring in China started.....
The real problem seems to be that the government networks are so locked down (by people with 1990's IT backgrounds) that many users simply use alternative networks to get the jobs done. The universities are the same way... (usually at least 4-5 years behind in terms of core technologies).
So are they really going to ask those two bodies to come together to make standards? IMHO, they should go to someone like Google and ask them to draft something BEFORE asking the government/university to waste their time.
Side Note: I live in DC, and you can always spot a top secret government employee because they have a phone that looks like it is from the 90s (no camera, no memory card slot, etc. etc.). Remember, the people that say they work on top secret projects, usually don't work on the real top secret projects.
There aren't many "top secret" IT projects outside of the NSA. You need a top secret clearance to do a lot of the work because it's possible that something you're working on will contain that sort of information, but you have no need to know. It's pretty much the same thing as janitors with their TS clearances; they have it, but it's not like they're reading the intelligence reports over breakfast each morning.
snowe
I nominate Ted Stevens, as he seems to have a good grasp of the technology.
Anyway, this is just government speak for "we want to monitor and control the Internet"
It would be nice if the Senators who create these bills actually understood technology and the internet. Obama's team does, but the Senators who are writing this legislation are usually very old and out of touch, read Ted Stevens and in this case, Snow and Rockefeller are in their 60s and 70s respectively. Not saying you can't be older and technologically literate, but the Senators who come up with this stuff rarely are anything but the former.
you know ag holder just voided stevens' indictment, right?
Hoppppppppppppeeeeeee and channngggggeeeeeeeeeeeee
well sucka libs with no brains ya got what ya voted for.....damn. I bet by september you bitch assess will miss Bush "The Fascist Dictator" ...Oh the irony.
Is your avatar a photo of your brain or your penis?
Um, what? Obama isn't the frontrunner on this one. Snowe just happens to be a Republican.
She is more left than many Democrats.
She is one of only 3 GOP'ers (All liberals) to vote for O's bloated budget.
So the Dems can have her.
Just what we need, more politicians.
They know exactly what they are doing. It's consistent with their approach to the private sector...classify it as 'critical' and then try to control it. I have no interest in anymore government 'oversight' when it comes to the Internet no matter who is in the White House.
This is change I hope doesn't pass.
Exactly!
I hate to say it, but no one on the Hill or in the White House knows what they are talking about. Yes, they know how to use the technology (ie facebook, youtube, etc)....like everyone else, but they don't know how it's set up and what it takes to secure it. It took the government 15 years to realize that making the default password on government computers "default" and allowing its employees to use the password "redskins" was a bad idea. Who knows what stupid things they can do if given the chance.... JUST SAY NO to this one.
oh yeah, the over favorite password was "password"!!
The continued power the legislature is attemting to hand the president is truely disturbing.
We already half way down the slope to totalitarianism - no need to push us further.
I'm not so sure Engadget's summary is entirely accurate. Many government networks are insecure. Look at the occasional virus outbreaks that take out entire departments. Some government networks are extremely secure, but you tend not to hear about those--for good reason. The Rockefeller - Snow bill is proposing a set of standards and someone to oversee them. Not such a bad thing, really. As for making private "critical infrastructure" companies subject to those proposals, I don't see the problem. "Critical infrastructure" in this sense is power generation, communications, and public utilities like water supply companies. These are already heavily regulated by the government and monitored. As these industries reliance upon technology increases it becomes important to secure those technological assets against disruption. Having standards in place makes it easier so that you're not struggling with those issues *during* the national emergency.
Online warfare has already started. It's time the government started to take that threat seriously.
I agree. This is a step forward for giving the law a heavy hand against cyber crimes and towards a chance for network savy people to enter the political realm. How can the public have a problem with the goverment trying to secure its own infrastructure on top of that. The only problem that can arrive from this is picking the guy who thinks the internet is made of a series of tubes for NCA.
"I man walks by me and happens to punch me in the face, I can deal with that problem myself. I man steals from me from when I'm not looking from a place I don't know, then we a problem."
There's no reason for this bill to exist. You don't need to pass laws to impose security standards on government institutions, the government controls them and they can just change the SOP and requirements. Then the other part gives the government authority over private networks that are deemed "critical". That's what we call a "blank check". I have no issue with the government being able to take control of utility control systems in the event that something happens, but for God's sake, spell it out. Even if this administration wouldn't think of abusing it, eventually there'll be someone else with their finger on the button so to speak and you can't just make assumptions.
Loosely written laws cause far too many problems as it is. Even if you think that it's clear to anyone with a lick of common sense, to assume that everyone has that sense is naive at best if you've read the news more than once.
This is a good idea, it just isn't finished yet.
Look at the rumors of the cyberwar that China is aparently having over anything dealing with Tibet, the rumors of Russian Hackers attacking military servers for more then just kicks, but for military secrets for military purposes. It's good that something is getting done, because we need to at least start somewhere...
Here's my problem with this plan. Define what is meant by "security standards and vulnerability tests" and what is a "critical infrastructure"? Does that mean systems that provide overrides and backdoors for the gov't to have better access...in order to shut down systems in the case of an "emergency"? Does that include opening up corporate secrets that might relate to the secureness of a system? What happens if a gov't worker wants to leak the info(see pentagon papers,etc)? Who qualifies as "critical infrastructure" and to what degree do these privately owned companies have to yield to the feds in their hiring and firing decisions? Have far will government go...will it stop at protocol or will it try to dictate purchasing decisions and content of the related websites connected to the systems?
The government should just keep its hands off of private companies. Until they can run a profit with Amtrak and the US Postal Service, I really don't want to see what they can do with banks, car companies, or networking systems!! I'm sure google and others are doing just fine without gov't help.
There's got to be a bucketful of oversight on this one.
And now will have a new show called The NCA of sexy geeks with guns and double d's chasing down cyber crimes one html at a time...wooooo
Is funny since the best cybersecurity advisor of the market are ex-"commies" or ex-"nazis" (and, in minor scale, "mossad" advisors)
The DMCA and the anti hacking measures put several american hacker out of the market.
Raise your left hand, and wave bye bye to privacy :(
Now repeat with your right....Goodd