Slashdot Mirror
Bush Names New Cyber Security Czar
goombah99 writes "The Washington Post reports that Cybersecurity "czar" Richard Clarke has confirmed widespread reports that he is leaving the White House, to be replaced by former microsoft security chief Howard Schmidt. He was also part of the Air Force's 'Computer Crime and Information Warfare division'. In related news, the National Strategy to Secure Cyberspace has received Bush's signature and will be released to the public in the next few weeks. Clark's blunt staements on the to the need to avoid erosion of privacy rights is rumored to have rubbed the administration the wrong way, prompting his exit. Anyone know how Schmitt will view the relative security of closed versus open source?"
Nothing says "Security" better to me than "Former Microsoft Security Chief".
screen of death
Our top story - Previous cyberspace advisor sacked after coming worringly near to sticking up for rights of normal Americans. Now replaced by Microsoft "security" manager in amusing henhouse/fox style situation. Corporations breathe freely again. Film at 11.
"To any truly impartial person, it would be obvious that I am right."
Mod me as a troll, I don't care... this is absurd. Microsoft corporation has proven time and time again that they can't grasp fundamental security practices or concepts. Now, instead of having a boss (BillG) whose motivation is profit, we've got a security chief whose boss (GBush / JAshcroft) who wants to rob us of our civil liberties.
Bruce Schneier for Security Chief!!!!
The surest sign of intelligent life in the universe is that none of it has tried to contact us. -- Calvin & Hobbes
Next, RIAA advisor appointed as judge in IP case, Disney spokeperson heads the new congressional committee for copyright term balance, and Pakistan appoints Hans Blix's replacement at the head of the UN Arms Inspectors Committee.
Daniel
Carpe Diem
Nothing says "Security" better to me than "Former Microsoft Security Chief".
Look, do you want extensive experience or not? I trust this guy to have run into more security problems than just about anyone else out there.
I wonder if he leaned more toward engineering (and the godawful CryptoAPI) or policy (and the signing procedures that let Nimda get out)?
On a more realistic note, in terms of practical security benefit, the recent spending of taxpayer dollars on a set of minimum Windows security standards (the "Gold Standard") is probably one of the most cost-effective things that could have been done for nationwide security. Even if it grates those Linux/Mac OS/etc people among us the wrong way... It beats blowing more money on facial recognition at Super Bowls.
May we never see th
According to his biography here. From his bio, it doesn't sound like he's a dyed in the wool microsoftie.
Instead of making jokes or clamoring about how this is a bad (or good) thing, let's try to figure out what this guy is about.
Any signal out there?
My father is a blogger.
I've worked for the Dept of the Navy for 6 years now,4 years as an active marine and 2 for a navy contractor and I've seen a trend in the Navy/MC away from microsoft products and their consultation.
But then again, it doesn't mean that everything will be MS because he's a former MS officer, but it is more than possible. If anything he may have a VERY humble attitude toward things because I'm sure he's been the brunt of many criticisms from his past post.
It's no secret MS has had problems with security.
But I wonder what this will mean for upcoming copyright and piracy issues involving computer software and the like. Since he comes from a company where the doctrine is pretty strict in terms of copyrighting and such, we will see a severe change in the laws?
"Clark's blunt staements on the to the need to avoid erosion of privacy rights is rumored to have rubbed the administration the wrong way, prompting his exit"
Well if the previous guy was removed because he was in favor of keeping privacy rights a concern, this may indeed be the case.
Overall, I can't say this is a good sign.
Excuse my above ramblings, I have strep throat and it's driving me crazy.
Day by day, MS is becoming more like one of those boring typical corporations in US. Start-up -> make money -> lobbying -> get people inside Washington and build business around bureaucracy. I don't dare call MS an innovator, but come on, it's not even 20 years since MS started their business, and they are already joining the club of boring bureaucrats.
"In heaven, the Italians do the cooking, the Swiss do the accounting, the German fix the cars, the French are the lovers, and the British are the police.
In hell, the English do the cooking, the Italians do the accounting, the French fix the cars, the Swiss are the are the lovers, and the Germans are the police".
I guess we can add something about who's in charge of cyber security in either places... and I'm pretty sure where Microsoft has a bigger footprint.
Oh, I can't help quoting you because everything that you said rings true
Just to point out... According to the article, this guy was in charge of Microsoft's network's security, not Microsoft's software's security. The fact that he has been able to keep that web site, which runs on NT, from being cracked for so many years must qualify him as some sort of security god.
(If I am misinformed, and microsoft.com has actually been cracked and defaced at some point in the past, do tell...)
United States SP1
This service pack addresses the following security holes and bugs found in the current public release of United State version 2003:
- free speech buffer overruns
- memory leaks of useless patents
- higher intelectual property security
- copyright roll-over
- civil rights run away processes
- stronger backdoors for stronger crypto
- cpu race conditions
- elimination of privacy APIs
Quoting the last five (short) paragraphs of the story:
Is anyone else disturbed by the way first choice candidates seem to be running away from any involvement with government internet security?
Seems to me that this new IT security person appeals to MS and that is it. So, why lump the rest of us into that paradigm?
Don't get me wrong: I help run a company's IT and whatever pronouncements this new guy will make will have all the impact of a stale cocktail.
I find jokes like these as funny as the concepts they profess to support.
Dawn of the Dead
...that will make it easier for us (well, those of us in the States at least) to scream "Biased!" when he comes up with any closed-source/Microsoft advocacy. This could actually help.
I gave up sigs almost a year ago.
Perhaps one of the editors could get a Slashdot interview ... i mean .. i think a large number of technical people read this site .. and it would be in his best interest perhaps to have a little Q&A with us
He was canned because he wanted to protect individual rights, and had limits on how far he'd go against the citizen?
That alone should scare the hell out of people. Who is taking his place is minor compared to that.
Or did I mis-read it thru the awful grammar?
---- Booth was a patriot ----
According to the schmitt bio: Prior to joining..., Mr. Schmidt was the Chief Security Officer for Microsoft Corporation, Redmond, WA. While there, he oversaw the Security Strategies group, insuring the development of a trusted computing environment via auditing, policy, best practices and incubation of security products and practices.
this does not sound like network security per se to meWe all tend to guilty of going-with-what-we-know. So his past is a relevant to gussing his future policy. Thus his involvement with microsoft and aspects of trusted computing are troubling. Another statement from his bio that i'd like to know more about is
Mr. Schmitt ....has been instrumental in the creation of public/private partnerships and information sharing iniatives
what sort of information sharing? Sharing as in the TIA's notion of it? or sharing as government databses need better integration? Given his FBI and Airforce 'crime information warfare' background it is probably safe to assume that he would see lack of integration as an impediment to law enfocement would like better sharing of confidential data amongst law inforcement. Not an entirely bad idea if safe gaurded and until it reaches the TIA sort of level.
Other than second guessing what I exepct will be the promotion of policy I wont like, the remainder of his Bio plainly says he is technically qualified for both the techincal, policial, manegerial, and policy aspects of cyber security. Few people would be as qualified to adminsitrate the office. I think I would just feel better if he were the deputy and someone else was setting policy.
Some drink at the fountain of knowledge. Others just gargle.
*****
Before joining Microsoft, he was a Supervisory Special Agent, Director of the Air Force Office of Special Investigations, Computer Forensic Lab and Computer Crime and Information Warfare. (HQ AFOSI/CCI). Under his direction he established the first dedicated computer forensic lab in the government. The AF specialized in conducting investigations into intrusions in government/military systems by unauthorized persons in counter intelligence and criminal investigations.
Before AFOSI he was with the FBI at the National Drug Intelligence Center (NDIC) where he headed the Computer Exploitation Team as a Computer Forensic Specialist. As one of the early pioneers in the field of computer forensics and computer evidence collection, he continues to provide training support to an international audience dealing with the new challenges around computer evidence collection and processing.
He was a City police officer from 1983-1994 with the city of Chandler Police Dept. Arizona. He served on the SWAT team, organized crime and narcotics investigations and field sergeant. While there he was detailed to the FBI academy teaching classes in the use of computers in criminal investigations for approximately 2 years.
Howard has over 31 years public service having served with the US Air Force in various roles from 1967-1983 both active duty and in the civil service. He has served in the military reserves since 1989 and currently serves as a Credentialed Special Agent, US Army Reserves, Criminal Investigation Division (CID). He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet activity.
He holds a Bachelors Degree in Business Administration, (BSBA) and a Master of Arts in Organizational Management (MAOM). He also has a Technician class Ham Radio License, and a Single Engine Land pilots license.
******
Hey folks, remember before you kneejerk -- there are more types of security than what programmers think of when they hear the term.
~REZ~ #43301. Who'd fake being me anyway?
For all the people whose blood boils at the mere mention of Microsoft's name: give this man some credit for leaving the company. And, as others here have pointed out, what better laboratory for the study of cyber warfare than MS? Could YOU have handled that heat as long as he did?
It's only funny until someone gets hurt. Then, it's hilarious.
It's all about Fear.
What? People thinking and exchanging news and information on the web? Horrors! They might all be saying bad things about us, (the Powers That Be)! We must put a stop to this!
The best part is that, after all is said and done, after all the fire works and torture and human carnage, the bastards will lose. You cannot channel that much destructive force without being destroyed. Such minds deteriorate as they cling to their nice comfy illusions of grandeur, (and they are illusions. Everybody knows that Bush is a coke-snorting moron, no matter how hard he tries to pretend otherwise, no matter what sly tricks he participates in, his brain remains a piece of cheese. And he continues to rot.)
In the end, the darkness is self-consuming. It's like a black hole; that's the perfect metaphor, actually. The perfect symbol. Selfishness wants and takes and takes until it collapses under its own weight. Selfishness is the frightened child which wants to cling to (and control) its mother, and damn it, climb back into the womb if at all possible. Because the bright and beautiful world is just too damned frightening. (Beware the clingy child.)
Beauty and the Unknown are for the strong and bright-eyed children, who grow accordingly, and seek outwards; never to control, but to test themselves against the world and grow stronger and more capable of participating in the wonders they seek.
Selfishness and Fearfulness, by contrast, seek ultimately, to return to the dark warmth of sleep, and there disintegrate into dream and into nothingness. --And that's fine, (Let 'em vanish!). The only problem being that they can't bear to think there is a bright and beautiful world out there populated with heros and the brave. --Simply, because the contrast between the worms and the brave is a painful one! Nobody wants to be a fearful worm; especially not the worms; especially not the worms! --They have the least ability of all in dealing with hard truths. They are not about growing or changing; they are about warm illusions and control. A brave man winces at his faults but then sets about the task of fixing them. While, a coward cringes in horror at his faults, and seeks to tell himself stories where really, he, is the hero, and then he goes about trying to enforce this image upon all those around him; to maintain the illusion. And all the while, in reality, he degenerates further while the Brave Man grows ever stronger.
Like I have said many times before, Good Guys Always Win. Always. Always. (Despite the millions of messages to the opposite we are bombarded with daily by the Fear-controlled media! Despite the deep cultural programming which begs women to seek 'bad' boys while in the same stroke, casts a homosexual in the role of Smallville's 'Superman') But you watch. You'll see. It all pans out in the end. There will be carnage and there will be blood, but in the end, the worms will turn to mud and vanish, and the heros and the brave will remain. --I firmly believe in reincarnation and in many lives, and that the Heros and the Brave will continue; that Death is just a train station platform. I also believe that the worms will return as well, although in a reduced form, (thanks to Karma). The only way to destroy a soul is for it to continually participate in debauchery and petty fear, until it regresses, finally, into primal matter. Let 'em regress. Let 'em go. Let the little worm people try to control the world and the internet, let them try to control thought itself. (And if it's an MS clone who'll be running things over at the White House, then you can bet they'll keep a thumb on the pulse of such net indicators as Slashdot; Are you listening, you chumps? I am talking about YOU.)
The forces of Fear will cause friction for a time, and they can influence thought, even to a large degree. But only for a time. And not the minds of the strong, who will only shake their heads. And then, finally, they will pass. Good riddance.
Chumps.
-Fantastic Lad
Second, if he was ever head of MS security, he is used to dealing with extremely difficult situations and has handled his share of disasters. Overall, that job would provide great experiance understanding the tradeoffs made between functionality, ease of use and security. Also, a good understanding of how some software companies resolve security issues and how to lead an effort to address security flaws in software. Probably an ideal background overall.
I had the opportunity to meet and interview Clarke when he came to my school last year to give a speech as part of a post-9/11 outreach program to CS faculties around the nation. (In fact, I wrote an article about it for our school newspaper, if you're interested.) He really handled himself well. The crowd was more or less 100% engineering and CS faculty, grad students, and the type of smart undergrads that would actually care about such a thing, in other words a tough crowd to play to. And I think everyone was a pretty skeptical at the outset that any government official would know his ass from a hole in the ground when it comes to IT policy, so-called "cybersecurity" (blech), and such. But he did! After he spoke he gave about a 40 minute Q&A where people asked him all sorts of tough and sometimes really esoteric questions concerning software patents, the DMCA, network security, hell, something about quantum computing even came up. His knowledge was impressive and, even more heartening, when he didn't know the answer he just said so rather than bullshitting. All in all I left with a good feeling that this guy was the White House's go-to man for IT policy and would be protecting our computers from the terrorists. Now it sounds like he got fired because he wasn't quite fascist enough for the Bushies, which is really depressing. Guess I should have seen it coming all along.
I think there is a world market for maybe five personal web logs.
About 15 years ago, I was working on for a consulting firm (which shall remain nameless here ;-) that does mostly government contract work. I was one of a small group that was assigned the task of analyzing and reporting on security issues with the growing collection of commercial networked small computers. My task was mostly collecting and/or writing security-test software.
After a couple of months, the security guys discovered some of the things that I'd collected (or written). I was summarily fired.
During the discussions, my boss observed that I was perhaps lucky that they didn't decide to prosecute me. He thought that there were two reasons they merely fired me: 1) I was doing the job that I'd been assigned, and 2) They were afraid that my lawyer would merely demand that all the evidence against me be presented in court.
Within six months, all the rest of the group had quietly resigned. I'm still in occasional contact with some of them. None of us has ever accepted another security-related job.
Computer security is of growing importance. But nobody with much experience in it is likely to accept a government job. I wouldn't avise anyone to take such a job, unless you know that you have the power and money to defend yourself when the inevitable happens.
(It might be interesting to hear from others with similar experiences. Of course, the poster boy for this whole topic is Randal Shwartz. Google him and read all about it.)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
When I hear about a the "Drug Czar" I am reminded about the "war on drugs" that has already cost us plenty of civil liberties and caused a violent and expensive black market for drugs.
The idea of a "Cyber Security Czar" frightens me even more, especially given the fact that the Bush Administration doesn't seem to care jack squat for the rights and privacy of American citizens.
The fact that it seems they dismissed the old Cyber Security Czar because he was actually sticking up for the privacy of citizens (and thus not working towards Bush's vision of a facist-style government in which citizens are reduced to flag-waving serfs with no actual rights) scares me quite a bit.
"You spoony bard!" -Tellah