Federal Cyberspace Policy Draft Released

mh_cryptonomicon writes "The initial public draft of the National Strategy for Securing Cyberspace was released today. This document outlines the Administration's plan for ensuring that the Net remains a 'good neighborhood.' Following the release of the plan, the Administration's Cybersecurity team will take it on the road for discussions with the people about what can and should be done to protect and defend the net. More information (and the 65 page draft) can be downloaded from the White House's Critical Infrastructure Protection site. This draft is considerably smaller than the 3300 page monster it was reported as being. Commentary is starting to pop up everywhere, including www.cryptonomicon.net/blog/."

Pretty Decent NY Times Article

[Over_and_Done]

Good article about it here. Don't worry, this is the printer friendly version, so you don't have to register.

They're going to put this on a political road shw?

[tcd004]

Come on. No true thourough review will come from having "town meetings." This is just a public stunt to make people feel like they have input in drafting the policy. My bet is that this thing is already signed-sealed and delivered.

If they really wanted a quality review they'd submit it to 20-30 different universities, think tanks and businesses and individuals who are integral to studying the internet. By doing reviews in a "town meeting" format, they might as well just put it on a call in talk show and have the callers "draft" the policy.

I don't mean to put down the quality of input that ordinary "citizens" can add to this policy, a town hall is just not the way to do it.

hrumph.

tcd004

Read Richard Gere's Ass Zoo, really

Re:slashdot slams whitehouse

[cosmosis]

Well, in the original Press release, and because one of its chief architects is an ex-M$ employee, the "secure Computing" initation, TCPA, and Palladium are sprinkled generously throughout the document. This is scary, when the federal goverment is serious consdiering M$ Palladium as the legally protocol for all computing within US borders in the future. Imagine, DRM become a legal mandate to "protect us from terrorism" and in turn Hollywood will get everything they want along the way. We all know full well how dangerous and restricting Palladium can and most likely be if it ever becomes the standard - open and free computing will end. If this happens, time to move out of the US where I can exercise my right to freely compute on the computer of my choice.

I don't know about you all, but I'm completely sic and tired of the "war on terror" being used by big gov/big business to get everythng they ever wanted at the expense of everyone else.

Perhaps he meant "do his part"

[sam_handelman]

"Everybody has to do his own thing to protect cyberspace," he said.

Excellent, a government guideline I can get behind!

I'll take my laptop down to the beach, get stoned out of my mind, and watch this high quality version of Attack of the Clones I finally downloaded, then take a nap.

Wake me up when I've made the net secure - and try and explain it slowly, this south american shit I got utterly destroys you. I'll be laughing at stains on the ceiling 'til new years, no lie.

Re:They're going to put this on a political road s

[Winged+Cat]

Yeah, that was my impression, too:

"'Discussion'. Yeah. Right."

Still, from what I've heard of the plan, it's not too bad. Main points seem to be primarily relying on increased security awareness (come on, sysadmins of the clueless newbies, admit it: you've wished, at least once, that all new users of the chunk of the 'Net you control would have to get some decent training about what a virus is and how not to get one - well, that's about what they're advocating) and reliability rather than monitoring (not "scan all the traffic looking for something nasty" but "lock down the ports so nasty things don't happen" - i.e., prevention).

Re:65 pages?

[Skapare]

Don't worry, the net will be safe for the next 10-15 minutes while all the hackers go get their laughs.

Heh

[dwaggie]

Gee, how are we going to police something that large? Are we only applying these rules to USA-borne servers and networks? What about networks that span international waters? I mean, there is only so much they can do. The government should worry about -its- network. If the government is that worried about there being instructions for mass terrorism or conversations between terrorists, then they should try and keep it at just an information level.. Secure the places where they can attack, and don't impinge on international, and almost other-worldly, rights.

I say other-worldly because the Internet is not bound by the traditional geographic laws. This nation may /seem/ omnipresent in the net, but there are quite a bit of Canadians, Europeans.. you name it, they're all coming online, and they're all going to be out of the jurisdiction of this here United States of 'Merka. (that's Texan for 'America'. Look! I speak George Bush!).

Trying to regulate the internet is like trying to catch a fish with a bubble wand.

Yeah. It's not going to work.

What the government can do

[xlation]

The document says in part tha the Federal government can help to "empower Americans" to protect cyberspace by:

1. raising awareness
2. sharing information about vulnerabilities and solutions
3. fostering partnerships with and among private sector groups, and others
4. stimulating improvements in technology
5. increasing the number of skilled personnel investigating and prosecuting cybercrime
6. protecting Federal computers
7. promoting increased security for the networks upon which the economy and national security depend.

It seems that for cyberspace, as for species, the best protection is in diversity. The email worms thrive not only because Outlook is flawed, but because outlook is everywhere. The same concept applies to hardware from chips to the backbone as well.

If anything, the Gov't should play a roll as a supporter of open standards, limited patent abuse and, for starters, fixing or flushing the DMCA

Good neighborhood = net CC&R's?

[gentlewizard]

I read the words "good neighborhood" and started to seriously worry. All the "good neighborhood" attempts I've seen in the past were implemented by ruthless Neighborhood Associations, complete with Codes, Covenants and Restrictions (CC&R's) attached to the land. Buy a lot in the "neighborhood," you're legally obligated to follow the CC&R's. Most of which seem to have something to do with what color paint you can paint your house, whether you're allowed to have a basketball hoop out front, or whether the garage door can be open at times other than when you're actually moving a car in or out.

Do we really want the whole Internet to be one big anal-retentive "good neigborhood" controlled by an equally anal-retentive Neighborhood Association?

The reason for this approach is not only obvious, but it's the same reason CC&R's are created. Property values. CC&R's protect the property value, not the human values of living there. They elevate the property above the people. This sounds like the same thing to me, elevating the property values of commercial entities over the human values of the average person who is using the 'net.

Re:Good neighborhood = net CC&R's?

[Matey-O]

The reason for this approach is not only obvious, but it's the same reason CC&R's are created. Property values.

I've got a different, less pessimistic, view of HOAs, It might even extend to the 'good neighborhood' that's being proposed by this draft.

Perhaps I'm a happy sheeple, but I don't find my CC&R's particularly draconian, nor do I find them elevating $tuff over people. The homebuilder offered one of 7 floor plans with one of 12 color schemes. If I didn't like that, I didn't have to buy the product. If there are restrictions in place to prevent my NEIGHBOR from affecting the value of my property, that's good too.

My CC&R's, loosely paraphrased, state that I need to keep the property up and maintained. I don't see a problem with that as I have a vested interest in keeping that property in good shape.

Now flip a coin and talk about the Internet(tm). I have NO qualms with maintaining a good network infrastructure (Firewall, Virus scanning) because if I and my neighbors are compelled to do so, the Network (neighborhood) as a whole benefits from it.

That doesn't sound like such a bad idea to me.

Re:Good neighborhood = net CC&R's?

[Tokerat]

And in the real world, if you don't like it, you have the freedom to move.

So where do we go when the whole Internet becomes like this? AOL?

Cyberwar: How Terrorists Could Defeat the U.S.

[irishkev]

A few days ago, I wrote an essay called, "Cyberwar: How Terrorists Could Defeat the U.S., and Why They Won't."

www.cryptogon.com/docs/cryptogon_cyberwar.pdf

It discusses physical threats to information infrastructures that are almost never mentioned publicly.

NOTE: Acrobat 5 is required to view the document.

WARNING: The information contained in this document is intended for educational purposes only. Anyone who attempts to undertake what is described in the "Possible Terrorist Scenario" section will be committing an act of war against the states involved. I am NOT encouraging anyone to carry out what is described in that section. I am exercising my First Amendment right to free speech to make people aware of the dangers posed to the global information infrastructure. Our society relies on these technologies, and an open discussion of the threats to these technologies is necessary in order to defend them.

How to tell if it's serious, or just more wonkage

[ethereal]

• Do they take software makers to task for poor quality software and/or insecure software which create the majority of security expenses for industry and the government?
• Do they demand more accountability from software vendors for these flaws, including potentially requiring opening specs or even source code up for inspection before using the software in mission-critical systems?

A news report that I saw yesterday, prior to the final document release, seemed to indicate that this report does not take insecure software makers to task for their role in the security crisis. If the final draft of the document keeps the kid gloves on like that, then I don't think this is going to be a very useful starting point for the government.

Probably the single best thing the government could do would be to set up strong security requirements for software used by any federal government branch, and enforce those requirements. Setting a high standard would force vendors to get a clue if they want to sell to the federal market, and as a by-product consumer and business software would get some help as well.

Amusing quote from the Cryptonomicon Blog

[caferace]

"One of the most annoying features of Outlook Express is that it's default settings make it disgustingly easy for email to travel via email messages."

Well, despite all it's security holes, I'd gather this was pretty important from a design standpoint. :)

I wondered when

[_ganja_]

I wondered when this would finally start to kick off. There are many things that I have doubt about with this government and their obvious manipulations but due to lack of knowledge there is an element of doubt who is telling the truth. As a CCIE, networks are something I consider I know a bit about and this rings alarm bells.

There have been a few articles now in the press that state there could easily be a terrorist attack on the internet which I merly laughted at but it seems that average joe in the street thinks that a bunch of Afganistan cavemen could seriously achive this.

To me, this is an obvious attempt to censor the internet by using fear tactics which work due to peoples ignorance. I'm tired of this annoying propaganda and manipulation by what is meant to be a government of the people and for the people.

This site is very interesting and certainly worth seeing the other side of the story, maybe this is why censorship is so important?

Regardless, the net doesn't need this "protection" and I wonder if this "protection" is for my benifit in any case.

Re:I wondered when

[_ganja_]

A classic case of logical fallacy :argumentum ad hominem (attack the arguer and not the argument), which highlights your ignorance, furthermore, you even makeup the traits you attack; not so smart as one thinketh eh?

But I wonder why this brought on such a vicious personal attack? History shows that censorship is only in the best interests of the censor; hence I am not in favour of net censorship by any government. As for "vitrol [sic] and bigotry", I merely state that I find it hard to believe that people living in caves in Afghanistan could launch a serious cyber attack to bring down the entire Internet, of course this only based on a professional judgement but I'll remind you of this quote from one of your earlier Slashdot comments "How do I know all this? I'm currently a freelance graphic designer and you better believe I know my shit when it comes to copyright."

As for bigoted, this is an odd context to use of the word, the only meaning here being that I am bigoted towards terrorists, well hey if I'm going to be bigoted maybe terrorists are a better choice than just because of someone's hair colour eh? See another one of your comments. Sigh. Initially I thought this was a troll but after looking at your older posts, you seem to have some egotistical need to tell people how incredibly smart you are and how remarkably wrong they are. Congratulations on being the first in my foes list

Earlier post missing this link

This is kind of

[SquadBoy]

OT but I just wonder if everytime someone uses the term "cyberspace" like this if William Gibson just wants to kill himself?

Re:I think this is necessary ( dont shoot me yet)

[YrWrstNtmr]

And who regulates the sites from North Korea who get a BeanieBabies.kids domain, goes through the whole review process, and then later change its contents to porn? Who cuts off BeanieBabies.kids?

And who makes the decision about swimsuit models and child models? Selling bathing suits and lingerie, or pornography? Selling diapers, or kiddie porn?

That's the main problem. There is, and can be, no one controlling entity with real enforcement rights.

And yes, I do have kids. AOL, for all its many faults, IS not too bad at regulating and allowing parents to lock down kids accounts.

Re:slashdot slams whitehouse

[cosmosis]

Yes. I cried on 9-11 deep tears of sorrow - knowing that as people died in the burning/crushing embers, so did our freedom.

Its absolutely sickening how the right-wing christian fundamentalists nuts used this tragedy to push there own agenda, and the Democrats didn't put up any fight at all... instead they asked how high do you want us to jump?

The pace and breath in which this epic power grab is happenening is totally surreal... no questioning of it on ANY of the main media, cover-ups and wagging the dog rule the day, as we watch the greatest criminals in history take over the world and rob us blind (Enron, Worldcom, Halliburton)... And now they are going after $7 Trillion in Oil in Iraq regardless of what the world thinks. The sure proportions of the power grab are enormous and disheartening to the extreme. Personally I don't see ANY serious counter-trends at all, except very bad ones - more real terrorism in our borders, greater world instability, greater hatred for americans. And to think just three years ago, the future looked brighter than ever. Wow, what a turn-around. This New World Order crap obviously has been in deep and secretive planning for years... I suspect ever Sicne George Senior lost the election in 92.

Freaking busybodies...

[tlambert]

Freaking busybodies...

I will put my router up on cinderblocks in my front yard if I damn well want to...

-- Terry

/. spelling.

[geekoid]

It's not spelled "DRAFT", it is spelled "DAFT"

get it right. ;)

Not every enemy lives in a Cave

[kaladorn]

Not to be politically incorrect, but the US has probably made some enemies who have a bit more backing (for example PRC, North Korea, organized crime, etc) and a lot more technical savvy. If you think that the only threats are from grass-eating starving cavemen too embroiled in their own local fights, then you're underrating the other players in the the game of global realpolitik.

Maybe most of these aren't directly terrorists (only supporting of same), but they certainly have intelligence aims and wouldn't mind causing the US economy some dislocations. Continuance of Foreign Policy or War by other means and all that jazz.

And organized crime might love to have access to a lot of wonderful law enforcement data, and lord knows they have the money to hire a few good (well, maybe not good but competent) hackers.

Now, I do agree that the US Gov't is taking advantage of the situation to clamp down on some other things - kinda like Canadian authorities using the invocation of the War Measures act at various times to deal with unrelated but annoying things like street-people, vagrants, etc.

But there IS a threat. Just because you're not getting kicked in the groin every day doesn't mean someone doesn't have it on their list of things to do.