Slashdot Mirror
U.S. Government To Get Cybersecurity Chief
cmason32 writes "The Bush administration is going to create a new Cybersecurity Chief position in the Homeland Security Department. The move is supposed to demonstrate the government's dedication to cracking down on hackers and 'cyberterror.' One of the responsibities of the position is to 'secure cyberspace.' However, critics are already noting the position is not likely to be effective."
I wouldn't just call this position ineffective. I would also call it a waste of taxpayer dollars, a way to abuse power, and a waste of time.
Industry leaders worry the new post won't be powerful enough.
But... I thought hackers could already start World War Three with a telephone call? How can this position not be powerful enough?
This will simply become a tool of the RIAA/MPAA/etc?
U.S. government to get cybersecurity chief
By Ted Bridis
May 25, 2003 | WASHINGTON (AP) --
The Bush administration plans to appoint a new cybersecurity chief for the government inside the Homeland Security Department, replacing a position once held by a special adviser to the president. Industry leaders worry the new post won't be powerful enough.
The move reflects an effort to appease frustrated technology executives over what they consider a lack of White House attention to hackers, cyberterror and other Internet threats. Officials have outlined their intentions privately in recent weeks to lawmakers, technology executives and lobbyists.
The new position, expected to be announced formally within two weeks, is drawing early criticism over its placement deep inside the agency's organizational chart. The nation's new cyberchief will be at least three steps beneath Homeland Security Secretary Tom Ridge.
In Washington, where a bureaucrat's authority and budget depend largely on proximity to power, some experts fear that could be a serious handicap.
"It won't work. It's not a senior enough position," said Richard Clarke, Bush's top cyberspace adviser until he retired this year after nearly three decades with the government. Clarke's deputy, Howard Schmidt, resigned last month and accepted a job as chief information security officer for eBay Inc.
"While it's not optimal having someone technically that low in the pecking order, it's much better than the current situation," said Harris Miller, head of the Information Technology Association of America, a leading industry trade group. He said success at that level of Washington's bureaucracy is "not mission impossible, it's just a difficult mission."
The plan is consistent with Ridge's unease over elevating cyberconcerns above the security of airports, buildings, bridges and pipelines. The agency currently lumps both those issues under its Information Analysis and Infrastructure Protection unit, one of four directorates in Homeland Security.
"It's pretty difficult for many businesses and many economic assets in this country to segregate the cyber side from the physical side because how that company operates, how that community operates, is interdependent," Ridge told lawmakers at a hearing this week.
The new cyberchief also will be responsible for carrying out the dozens of recommendations in the administration's "National Strategy to Secure Cyberspace," a set of proposals put together under Clarke just before his departure.
That plan, completed in February, is drawing criticism because it emphasizes voluntary measures to improve computer security for home users, corporations, universities and government agencies.
"I don't think we have a plan," said Rep. Zoe Lofgren of California, the senior Democrat on the Homeland Security subcommittee on cybersecurity. "If we just take a look at that strategy, we're not going to end up with the solutions we need. There's a sense among the committee that there needs to be a little more meat."
The government privately acknowledges many of those criticisms. In a previously undisclosed internal memorandum to Commerce Secretary Don Evans, the head of the agency's Bureau of Industry and Security described complaints from technology executives after meeting with them in September in California.
The executives felt the government's plan was "not sufficiently strong because many of the key recommendations had been `watered down' and were not `mandatory,"' Undersecretary Kenneth Juster wrote. His organization at the time included the U.S. Critical Infrastructure Assurance Office, which has moved to Homeland Security. The Associated Press obtained a copy of Juster's memo under the Freedom of Information Act.
Officials are still looking for candidates for the new position, which will be announced within the next two weeks. Clarke, now a private consultant, cautioned that the administration will have a difficult time convincing a prestigious cybersecurity expert to take the job. Some others predicted that won't be a problem.
"Most folks if asked to do this would jump at the opportunity," said Sunil Misra, chief security adviser at Unisys Corp.
Drug Czar!
Eventually the americans will have THREE forms of government! The first is the regular government, followed closely by a Shadow government (For emergencies only, of course!), and finally a Cybergovernment!
Now when kids say they wanna grow up to be President, the teacher will have to ask "Will that be Shadow, Cyber, or Plain?"
I am a filthy pirate.
If you get to Guantanamo Bay before me, save me a cell, would you please?
"The government of the United States is not, in any sense, founded on the Christian religion."
is a certain Mr Anderson
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Typical of politics, and exemplified by the implementation of "Homeland Security". The politicians just seem to want to get something up and visible to show they're "on the job". Quality isn't Job #1, it usually isn't even on the same list. It is smoke, mirrors & hand waving -- "see we did something"!
What about the FBI's cyber crime investigations? What about all the infrastructure/info that the NSA has? Will either of these agencies be mandated to cooperate? Or, will there be petty "Not Invented Here" and "This is MY jurisdiction" bickering?
The gov't doesn't need a new Czar to secure their part of cyberspace (Milnet, etc.), and do they really think some agency will tell people (civilian companies & individuals) how to configure routers, firewalls and virus scanners?
Learning HOW to think is more important than learning WHAT to think.
Is that like Jeff K's website?
...wasn't the person originally tapped to hold this position the former CEO of double-click (in other words, a pop-up and ad-banner czar by trade)?
Sorry, no links to give. Not only am I at work, but I'm lazy as well.
Talk about a joke job. This might be worthwhile if they made more of an effort to go after spammers, kiddie porn traffickers, and the other riff-raff. But of course, instead they'll spend all their time going after the 15-year old kids who "break into" Pentagon websites or trade Metallica MP3s, making sure to ruin the lives of these "cyberterrorists" and making the Internet safe for the RIAA and the rest of their Hollywood paymasters. Fuck this.
Who read that headline as
"U.S. Government To Get Cybersecurity Chef"
What would he serve, Johnny Mnemonic Barbecue Freedom Fries?
-sig- It's not stupid, it's advanced -sig-
A display lights up 'Secure cyberspace ON'.
Reminds me of one of my all time user requirement highlights. This was on a multi platform, multi system deployment which I was working on several interfaces for.
21.0 Error Recovery Process
When any error has occurred in across the system the user will select a fix error button. This will resolve all problems.
When I suggested that the button could call a routine to print a P45 for anyone selecting it I was accused of been unresponsive to user needs.
The title says it all. Watch how quickly they try to turn on us as they try to find excuses to regulate and shut down copy promoting technologies.
Ironically, until they let go of copyrights, the forces opposed to true internet security will be too great because they will always want the right to "verify" we have the correct content.
"to secure cyberspace". How about that? I am sure the government will do an excellent job as it have been doing with everything else it lays its hands on.
Then her and Al Gore can run on the "Father and Mother of the Matrix...err, I mean Internet" platform!
hahahahahha. Proof once again that mentioning RIAA or MPAA will get you karma points. Mentioning both is even better!
Good ol' predictable slashdot moderators!!
And who's sponsoring this? I mean, fine, have another department, but I could imagine that there are some corporate interests behind this, too... "Secure cyberspace" sounds so familiar...
-- Power corrupts, but PowerPoint corrupts absolutely.
that the new hacking czar will be as effective at reducing hacking as the drug czar was at reducing drug use/sales.
ye hackers living within the borders of the United States shall soon fall under the tyrannical rule of the cybersecurity czar! Your constant day to day actions will be monitored by private-sector companies that control the entire Internet, told who and what to sniff by their grand ruler! All Hail The Grand Czar! ....what? there are computers outside of the US borders? Bah! We are at war with Oceania and have already eradicated these rogues operating under the control of the terrorist Linus!
Exactly how much more power do they really need, especially when they've got things like the Patriot Act and the proposed Son of Patriot Act?
this is actually worse than that - it is "See we are doing something please fund our election campaign". The people they look to please here are the corporations that have been lobbying for long.
Siggy Say, Siggy Do
This is kind of playing out like the Net Force books; a goverment agency patrolling the internet (in the case of NF an independant division of the FBI) and they try to prevent "cyber terrism" ... there biggest enemy is Cybernation; a country that is totally online (no physical property and everything is free; like open source without the donation buttons).
Does this mean that someone will try to take over the world by doing away with the current economy and create their own country online in the process?
Cool- a new variant on the old election trick of forcing out figureheads as the election comes up; that way you can blame problems on someone who's long gone, and bring in someone new nobody can judge yet. Environmental policy sucks? Make your EPA head resign. People finally pissed off with reporters not being able to get anything out of the White House? Make your press secretary resign!
Can't keep your "Cybersecurity chief" chair filled, because the dudes keep resigning faster than you can appoint them? Why, shift the position into a branch of the government where nbody knows what the hell is going on. Yeah, baby! Keep 'em guessing...
By the way, wanna know why Ridge is head of Homeland Insecurity? Cause the poo baby lost his election for a congressional seat. But, no worries! The GOP sticks up for its people! Loose your election, get a post you're not remotely qualified for in a few months! But that's okay, it's probably a position that doesn't mean anything anyway.
Please help metamoderate.
Yay, now the internet can finally be free of hackers, viruses, bugs, spam, and every "cyber" problem that plagues the republicans! Um, I mean, American citizens!
Blatant self-promotion: Jerek.net
That's Richard Gill man! The hacker enemy number one.
You know it makes sense, a little reminder from jointm1k.
And while you're at it, define "cyber terrorist". Who decides who's a terrorist and who's not ? Minitru ?
Don't forget to think different.
I guess that means that spam is doomed ;-)
Whoever gets appointed to this position won't know ANYTHING about computers, the Internet, or technology in general. He'll have a staff that will build a web site and print out their e-mail for him. He himself won't have the slightest idea what TCP/IP is or why it's important to his job. And yeah, he'll be in close contact with executives from the RIAA, MPAA, and Microsoft.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
There was once a time when the world feared the US. Now they will just laugh at our mention. We are slowly becoming a joke, and I'm afraid to say, a very bad one.
If you're reading this, make it your responsibility to ensure that your friends and family vote next time (I don't even care who you vote for). Apathy has gotten us to this point.
Loose your election, get a post you're not remotely qualified for in a few months!
Damn skippy. And you would think that Bush's PR machine would have kept Rumsfeld out of his current position. I guess it does pay to keep people ignorant.
Why yes I am paranoid! Thanks for asking!
Microsoft, and Linux will be the scapegoat for all security problems.
the thing with homeland security is that you will never realy know if it is effective because only a failure will be noticable and depending on how many plots were foiled before would tell you how effective HLSD is.
I am the Alpha and the Omega-3
Oops. Forgot this.
Why yes I am paranoid! Thanks for asking!
Score:3, Insightful
Insightful? INSIGHTFUL? Dammit! I was shooting for Score: 2- 50% Bitter, 25% Democractic-Whining, 25% Get-Over-The-Florida-Elections-Already. At the very least, gimme Flamebait. That mod point up is just insult to injury- I mean, hell, I'm not even gonna loose any karma on this one!
AAAAARRRRGGG!
Please help metamoderate.
Wow, one more idiot that can't seem to comprehend the difference between 'loose' and 'lose'. Maybe you should start looking for one of those cushy government jobs.
Can't the military handle this?
It's not like Cybersecurity has to be BASED specifically for the U.S., like homeland security. I'm sure the Airforce/Navy/Army hackers can handle this. Actually, I'm pretty sure that there is already a MOS for this.
"Much work is lost, for the lack of a little more." -Edward H. Harriman
umm...she resigned becasue she dissagreed with him on certain topics. you act like if some one was awarded the position of a cabinet secritary that they would never want to leave.
and after 20 years of taking reporters questions culminating in the white house.....you would not get burned out? especialy if you can make a ton of cash in private industry now and have a new wife?
I am the Alpha and the Omega-3
I don't think Neo would be a great candidate for the job, maybe Agent Smith could do it better? "Do you hear that, Mr. Anderson? That is the sound of inevitability."
I am feeling so cyberterrorised lately, and this is the exact response I was looking for the government to make.
It isn't like we have more important issues with Disney, RIAA, and MPAA buying legislation or anything.
fifth sigma, inc.
i knew this would happen, but it still infuriates me. think the internet sucks now? wait about 5 years. these days will shine by comparison. fuck you, mister bush.
I dunno, but I hope to god they can persuade them to install some patches so this seemingly unending torrent of emails from "Microsoft support" stops somtime
Reichstag fires everywhere!
applicant.
I pledge allegience to ashcroft's incompetence
For which it stands
An unsecure windows Nation
Under Bill Gates
A Nation with inseucrity and injustice for ALL!
Don't Tread on OpenSource
It seems like that in the short history of the cyber-czar position, there has been a great track record. (Insert joke about Microsoft reliability here.)
Best of luck to the new guy.
"Terrorism" in its many forms (I believe in the 50's they were referred to commies instead of terrorists) have been used as an excuse to pass Orwellian-style legislation here in the U.S. I think most of us would agree to as much. I see this whole homeland security program to have been little more than the legislated and executed implementation of more or less random spying on american citizens and it sickens me that this is being done in the name of patriotism. That is not what my father, nor his father fought for.
Chillingly, this mentality is now being brought to be applied to a vague concept... a buzzword. How will this be interpreted by our inadequate, bloated and outdated legal machinery of U.S. Government? Essentially, "securing cyberspace" is conceptually equivalent to "restricting information" or, for the non-slashdot crowd, the monitoring and policing of any and all communications services. Calls to your spouses and parents, its all fair game. When will it be enough? why do you, a good and honest person who has no intention of breaking the law or committing acts of terrorism, become the subject of inquiry? How far will we let this go?
This comment is fully compliant with RFC 527.
"Granny, will you please open up your laptop to make sure you have no software that can be used for harmful purposes."
I guess you can really tell the workers are on vacation for the holiday, because the only ones left to post on Slashdot are the goof-offs.
There are computer networks that run behind the scenes that maintain every utility that runs our lives, whether it be remotely-controllable circuit breakers on the bulk power grid, hydroelectric dam controls for power & water, the multiplexors that run the telephone systems, etc. It's cheaper to put a machine out in the field and run network cable to it, than to have a live person out at the station pushing the same buttons, so more and more infrastructure is getting networked, telemetered, and controllable...
Companies are increasingly relying on VPN and similar systems to allow workers to tunnel through the internet to connect to their business machines. Well all trust RSA encoding, but crack the operating system and you can use the tunnelling to get into a lot of restricted (price sensitive) data. Or maybe the company has a nifty database back-end to their site, and some buffer overruns gets you into schemas that weren't supposed to be exposed... Or it could be passwords on a stolen laptop. For whatever reasons, sites get hacked.
Right now, what do companies do? If they even notice the cyber attack, they fill out some NIPC forms, and the issue vanishes into the beaurocracy. Not exactly the best measure, because the NIPC doesn't have the authority like the FBI to investigate events... or read the NIPC homepage, even they admit that there were 4 government programs that were combined, each in some way did little pieces of the puzzle but noone had the big picture of the events.
My opinion? Appointing a Cyber-Security chief is a good thing, as long as there are additional steps taken to reduce the bloat of governement, by combining the other departments into one sector that can actually be effective in investigation. You have to not only create the position, but you have to give it the proper resources (like contacts at the FBI & NSA) who can properly identify crackers going after government resources, and hunt them down. Adding another level of red tape isn't going to accomplish much, but any step in the direction of securing national & private sector secrets is a good thing.
- "War on Terrorism"
- "War on Drugs"
- "War on Education"
and other asinine policies of the government_______________________________
"I'm not Conceited...I'm just a realist..."
I think you got your bureaucrats mixed up. Ashcroft was the one who lost an election (to a dead guy) and was then appointed to the cabinet.
Somewhere, something incredible is waiting to be known. -- Carl Sagan
And here I was about to read that article about beginning Network Security; Thanks to the new cyber-tzar, I won't need to .. with his 'secur[ing] cyberspace' n'all
<? include ('signature.inc'); ?>
And naturally, the "terorists" are using 'nix...
I nominate Jeff K.
"It's pretty difficult for many businesses and many economic assets in this country to segregate the cyber side from the physical side because how that company operates, how that community operates, is interdependent," Ridge told lawmakers at a hearing this week.
So this new department will only protect business? Does that mean they'll also only crack down on businesses, or will they save most of their persecution for the people who don't fund their campaigns?
And the "appropriate groups" will undoubtedly primarily include major corporations with clearly established expertise in the field - you can make your own list, this is /. after all. Maybe the ACM and IEEE Computer Society will get a vote each (as long as they behave and don't vote against the others).
And of course, each major party will have its own requirements or the nominee will end up in congressional approval limbo. The Republicans will undoubtedly check out their views to ensure they're big on long, exclusive and seriously enforced copyrights, patents for software even of the simplest sort, restrictions on anything they find does not meet the right approval of the religious right. The Democrats will make sure that the nominee is in favor of long, exclusive and seriously enforced copyrights, patents on software even of the simplest sort and banning all speech that is not appropriately politically correct.
do they really think some agency will tell people (civilian companies & individuals) how to configure routers, firewalls and virus scanners?
;)
Yes, they do.
They'll tell you who you can have for friends, what you can eat for dinner, how much air you can breath before they're through.
But don't worry, this will make us all more secure.
And why does no one want the job? The cybersecurity chief is responsible and will be blamed in case of a successful attack that does serious damage. But the cybersecuriy chief has no authority -- he can't so much as order that an antivirus checker or firewall be installed on any given government computer.
Why don't they just admit that they now consider all crime and unpopular use of first amendment rights to be acts of terrorism?
The word terrorism has all but lost its meaning now. We used to consider a terrorist to be someone who kills innocent civilians to make a political statement. Now white hat hackers are terrorists. Peace march organizers are terrorists. P2P users are terrorists. And those terrorists and people who know the terrorists may be subject to FISA wiretaps, which are not checked by the judicial system.
nt
I skimmed the title, and for a moment started wondering whether Emeril had enough time to hold down two jobs.
On tiny little step closer to 1984.
Anyone else read it that way? Reminds me of that snickers commercial where the guy was drawing the endzone for the KC Cheifs and his friend walks up and says "thats great, but who are the Chefs?"
Kevin Mitnick!
Oh wait. I forgot. Damn.
"Folks just call him Buckethead." -- Les Claypool
Moving this position from being an advisory position to the president to being a position w/in the HDS is the *right* thing to do.
The HDS (Homeland Security Department) is already set up to handle infrastructure threats w.r.t. transportation so, IMO, it makes sense for them to leverage that experience -- though granted not specifically applicable -- to other potential threat sources.
It certainly makes a heap more sense for this position to be w/in an organization focused on naming then mitigating (if not eliminating!) security threats of *all stripes* than to be linked to the president -- where it's lacking a driving, focused authority to steer its actions and inform its decisions.
Those who give up their power willingly deserve none.
I can spell Internet, balance brackets, defeat evil net monsters, and make touch decisions. I just got my citizenship, and my papers are in order. Plus I'm TS/COMSEC/Ultra-Magik/Double-Plus-Good cleared. Suspicious, reserved, and low-key (except for the bizarre hair color).
Remember: Rei for Information Goddess^H^H^H^H^H^HMinister^H^H^H^H^H^H^H whatever-the-positions'-name-is: to make everything right in the cyber-world.
Apparently they've got two weeks to look for candidates, so slashdot -- get cracking, send in your letters of recommendation!
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
You know you want me in charge. Better than someone who can't pronounce: /.
Any objections?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
to fined sumwon whois not afraud of billyonerrors.
This administration has a pattern of attempting to outsource responsibility. Schools are bad - need more private schools. Need more security at the airport, let private enterprise answer the need. Now some will argue that's a good thing; I'll just say that I think there has to be a balance of private and publc sectors so I may get to my real point.
How this administration will play the cybersecurity thing is to: first, contract out a study of how to have cybersecurity; second, contract out the implementation of cybersecurity; and three, mandate everyone buy into the system or get off. Penalty for not being a customer -- how about jail, massive fines, and confiscation of equipment (sort of like if the RIAA finds you trading "illegal" music files). The head of cybersecurity will be the rfq writer and purser for the whole deal, not the architect of the secure net.
Even if it doesn't go down quite that way, how much do you want to bet that taxpayer dollars will end up in Microsoft's pocket so that they can develop the secure ms-net?
How many have they had now?
Get serious...
Another porkbarrel job for some crony of Bush...
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
yep Tom Ridge was a democrat who was the governor of PA before being appointed.