I ranted about this back in March. Here’s what I wrote back then. “Just last February, Mike McConnell oversaw a command post exercise simulating a cyber attack on the US telecommunications infrastructure. Just to add to the drama, the exercise was called Cyber Shockwave. As I expected, the exercise showed the US ability to withstand a cyber attack is woefully inadequate. Mike McConnell testified to this before a Senate committee after the exercise. The beltway bandits, including McConnell’s Booz Allen Hamilton, are aggressively pushing their capabilities in cyber defense and information operations (specifically cyber attack). They smell the money. Unfortunately, not one of the senior experts taking part in Cyber Shockwave is a network engineer (to my knowledge) and wouldn’t know a poorly written firewall configuration if it bit him on the ass! Happily, Howard Schmidt, Obama’s new cybersecurity czar, made a refreshing response to this scare show. He said there is no cyberwar. He called it a terrible metaphor and a terrible concept. What the government needs to do is pay more attention to online crime and espionage. Schmidt echoes the sentiments of many practicing cyber security experts and hackers (in the good sense). The best response to McConnell’s frantic warnings I saw appeared in Slashdot. One poster sent the following: “What they don't understand is that it isn't going to be the government or the military that responds to a real cyber attack, it's going to be a nation wide army of several hundred thousand IT admins working 70 hour weeks to keep their companies secure and operational. Once solutions are found they'll be posted to the web and disseminated faster than the new attacks can be devised. In short, cyberwarfare won't work for the exact same reasons that censorship won't work, there's too many people working against the attackers who can communicate too quickly and too effectively.” In other words, the very same people that keep the internet running for their customers every day are already deeply involved in keeping it safe from the predations of online criminals and spies. It’s just part of doing business. We don’t need massive government or beltway bandit run cyber operations centers. They might look cool, but the technogeeks watching the code streaming through their core routers are the ones confronting the bad guys… and they don’t like anybody screwing with their boxes." I have not changed my mind about who should have the lead in securing the internet, but Schneier and Morozov are warning of the real danger of this government grab for control of the internet. A free flow of information and exchange of ideas apparently scares the hell out of Lieberman and his ilk. How can they "control the narrative" if us hoi polloi are allowed to freely and widely talk amongst ourselves? I will speak out against as often as I can. Bruce Schneier also continues to speak out. He again made his point at an international meeting of the Cooperative Cyber Defense Center of Excellence in Tallinn. http://www.thenewnewinternet.com/2010/06/18/hathaway-and-schneier-speak-at-cyber-conference/
The Twisted Genius
Both sides have their arguments but I can assure you that a number of foreign powers are laying the groundwork for "cyberwar" should that become appropriate as leverage in conventional warfare or economic warfare!
What is interesting is the bottom line of the posters argument is confirmed by over $50B spent just since its creation by DHS with almost no regards to security or protection against unauthorized use or manipulation. In fact even DOD has been rated poorly on its security for IT systems and processes. What open source material that exists seems to substantiate a large DOD investment in offensive cyber warfare.
Posted by: William R. Cumming | 21 June 2010 at 07:45 AM
Ah, a new Trojan Horse appears, leading the new Beltway Gold Rush. Lieberman and his cohorts are scarcely more knowledgeable about the Internet than Sen Ted 'The Internet is a series of tubes' Stevenson. The bill is sponsored/promoted by Symantec, which tells Internet insiders everything they need to know about the efficacy of this bill. The band-aid part of this bill seems to indicate that everybody will have to install/submit to some sort of nationwide virus scan, or be banned from the Net. Sounds good in bureaucratic theory, but practically speaking, this will be to computer security what the TSA is to airport security.
The newly minted 'cyber-security' consultants will feed off the corpus of fear, while the proposed bill will likely enable govt. censorship of dissident websites. Of course, Net professionals understand that the Net can't truly be censored, however, the practical effect of this bill would have a likely chilling effect on information flow within the mainstream US websites, so that any dissident messages get filtered out before they reach the masses.
Col., your site could easily be hosted outside of the US, however, the likely scenario is that the Red, White and Blue Wall, Uncle Sam's version of China's 'Green Dam' would start construction. Read up on China's Internet censorship to get a feel for Unholy Joe's vision:
http://en.wikipedia.org/wiki/Internet_censorship_in_the_People's_Republic_of_China
Of course, as noted by many others, this is a move of desperation by an aging power structure, who understands this threat even less than they comprehended the threats posed by Saddam; in either case, they don't care, because their true concerns lie elsewhere.
For a preview, look at how well the Recording and Motion Picture Lobbies have fared against hackers; even as they have waged legislative and legal war on copyright circumventers, aka 'pirates,' their position has been exposed as an industry that got obscenely rich on a protected business method that was rendered obsolete, and desperately tried to retain that position by heavyhanded enforcement. Their lobbies are powerful politically, and a junior mirror of the Israeli lobby, pushing the US to extend its artificially enlarged copyright enforcement on other countries. For example, one 'modern' thing Iraq got out of the US invasion was a set of copyright laws that mirror the US'. Recently, Canada was pilloried legislatively as being a haven for pirates, because they have failed to adopt the draconian US laws. (Look at Disney and the Sonny Bono Copyright Extension Act to see how copyright has been tilted firmly against the Public Domain, in favor of private copyright holders, perverting the original aims of copyright).
Their underhanded and often illegal methods are invariably exposed quickly by the hacker community. In one notable episode, Sony got caught distributing a 'rootkit,' hacker software that effectively takes over the user's computer, which can then be used to monitor it, and transmit data, aka 'phone home.'
Regardless, if you want to see Yankee Ingenuity fired up again, wait until the backlash against this scam begins. Even as they try to demonize 'hackers' as the new 'terrorists,' here is the practical effect; far from stimulating the US computing sector, this will inhibit our true innovation, siphoning off resources to support the bloodsucking Beltway consultants. True innovation will flourish in finding ways to expose and circumvent any content monitoring efforts.
While any site that publishes dissident views could potentially be a target of Joe's Cyber Cops, there is one huge target right now that has the US govts' attention--Wikileaks. An international site for whistleblower's data, Wikileaks has drawn the emnity of many states around the world, from Germany to Australia, and now the US, after publishing the 'collateral damage' video from Iraq. (The same footage was sat on by the Washington Post, among others).
http://www.newyorker.com/reporting/2010/06/07/100607fa_fact_khatchadourian
Backgrounder on Wikileaks above, which also describes its unique decentralized structure, which makes it extremely resistant to single-point censorship. Also, note that Iceland, in the wake of its crash, recently passed whistleblower protection laws that enable safe harbor for sites such as Wikileaks.
Right now, what has the US govt. pissing its pants is the recent whistleblower activity of Pfc. Bradley Manning, a 22 year-old intelligence analyst who leaked the above video, plus who claimed to have copies of 260,000 top secret State department communiques, which could expose some very dark secrets, due to their frank nature in describing the actions and perceptions of US diplomatic personnel and foreign allies.
Manning was in contact with Julian Assange, the 'hacktivist' founder of Wikileaks, and may or may not have sent him an encrypted dump of the communiques. Manning himself was turned over to the authorities in a really fishy sting operation, fronted by two hackers cum journalists, Adrian Lamo, and his editor, Kevin Poulsen, staffer at Wired magazine. Poulsen is now in custody, being held without charge, and without access to lawyers. The Pentagon are supposedly trying to track down Assange, likely to determine the fate of the communiques. Despite Wikileaks not breaking any US laws, there is no doubt that they would like to silence Wikileaks, although its decentralized nature may well prove to be immune to shutdown--but not intimidation of whistleblowers.
http://www.thedailybeast.com/blogs-and-stories/2010-06-10/wikileaks-founder-julian-assange-hunted-by-pentagon-over-massive-leak/
http://original.antiwar.com/justin/2010/06/08/free-bradley-manning/
http://www.salon.com/news/opinion/glenn_greenwald/2010/06/18/wikileaks
Posted by: Roy G | 21 June 2010 at 07:57 AM
TTG
Having "debated" in the IQ2 arena, I am not surprised. The game is cooked in advance. pl
Posted by: Patrick Lang | 21 June 2010 at 08:21 AM
Think I'll move to a South Pacific Atoll (one we did not nuke).....
Posted by: Jake | 21 June 2010 at 09:42 AM
It appears that Lieberman is starting to feel a little heat regarding his bill. So what does he do, he goes on camera
http://rawreplaymedia.com/media/2010/1006/cnn_sotu_lieberman_100620a.mov
and tells everybody to 'relax' about it. Lieberman is not alone on this carnage assault upon the freedom to know. Senator Susan Collins (R-ME) and Senator Tom Carper (D-DE)are Lieberman's co-conspirators.How much has AIPAC paid Collins and Carper, anybody know?
Posted by: J | 21 June 2010 at 09:58 AM
There is a lot in this bill that is good. It would establish a stronger cybersecurity regime within the USG and would move it more towards DHS and away from the DOD and IC. It also greatly reduces the current onerous and ineffective FISMA requirements. However, the emergency and directive powers in this bill are, IMHO, just flat wrong. Any directive the government issues to the private IT industry is bound to be hamfisted, technically innept, and in flagrant violation of the First Ammendment. I sincerely hope a combination of industry technical experts, "information wants to be free" hackers and "Don't tread on me" freedom advocates can force the removal of the offending parts of this bill.
Private - public collaboration is needed in this field. A shining example of how this should be done is the National Cyber Forensics Training Alliance in Pittsburgh, PA. I talked with the FBI SAC who set this alliance up. He approached the problem with the skill, finesse and artistic flair needed to make it work. (Very SF like.) The alliance is built on mutual trust and respect. It works magnificantly.
http://www.ncfta.net/main/home/
Posted by: The Twisted Genius | 21 June 2010 at 11:46 AM
TG, I agree that there is some merit, and am glad to hear this from your more inside perspective. However, the need/desire to create pork is what will drive the politics, imo. This, in turn, will drive away the techies who are most needed. Although i'm sure that Google, for example, may welcome some assistance, I think it would have to be very well-targeted indeed in order to offer something that is outside their skillset.
Frankly, too, my reps move with the herd, and will likely offer only token resistance, as all this 'techie' stuff is over the heads of the Beltway movers and shakers, in the same way they trusted the 'experts' on our response to 9/11.
And finally, their couldn't be a creepier, more cynical pol to push this than Joe Lieberman. The fact that he wants us to 'relax' makes me believe that the rape is inevitable. I hope I'm wrong, but i've hoped before.
Posted by: Roy G | 21 June 2010 at 01:42 PM
From what I can tell from reading the actual bill, this is mostly a full employment for security contractors proposal. As with so many things, whether it's good or bad depends on the implementation. If it comes up with better baseline standards (especially for consumer and small business equipment and configurations) it will be helpful, if it standardizes government and large corporate and telco nets into a monolithic security approach it will be bad and lead to less effective security.
As far as the fears over some sort of kill switch, there's nothing here that changes the President's previously granted national emergency powers that I can see. But anyone who thinks that in the event of a major conflict the intel agencies wouldn't monitor and control a large part of the nation's communication networks is naive.
Posted by: HankP | 21 June 2010 at 03:12 PM
interesting debate The Cyber War Threat Has Been Grossly Exaggarated:
http://vimeo.com/12464156
94 min video
Posted by: N M Salamon | 21 June 2010 at 04:53 PM
It sounds like the best solution is to wise up and dump Windows, I.E. and Microsoft office suite from use on all levels of government and U.S. chartered businesses. Real operating systems such as Unix and its offspring,applications such as Openoffice, Firefox etc. are nearly virus resistant and have vastly better security. Perhaps the bill should just be rewritten to declare Microsoft a software terrorist, prohibiting use of its products. Symantec would not have a product were it not for Microsoft very-software.
Posted by: cletracsteve | 21 June 2010 at 06:02 PM
I am just an analog refugee adrift in this new digital world. I can't understand any of the technical side of what the cyber-knowledgeable people discussed above. I can only go with my instincts which say that anything "Government/Lieberman/NetSecurity" should be prevented if possible. I remember reading about that Rockefeller comment about how it is unfortunate the internet was ever invented. Maybe Lieberman is fronting for Rockefeller and the whole "Rockefelleroid ruling class" in this bill.
If we can't pressure the officeholders to defeat this bill, perhaps we can pressure Obama to veto it. If it gets passed and signed, then the whole digital-expert community will simply treat it as FedGov damage to the internet and try to work around it.
If it can't be worked around, perhaps people who want to communicate with eachother by computer will all have to get disk-recording machines (or whatever those things are) and pass millions of data-disks and thumb drives and things from hand to hand, machine to machine. Instead
of an "internet of online computers", we will develop an "internet of people" all passing millions of constantly updated copies of communications and stuff, the way Ayatollah Khomeini's movement passed millions of cassette tapes into and around Iran.
Posted by: different clue | 21 June 2010 at 10:21 PM