Slashdot Mirror
U.S. Government To Get Cybersecurity Chief
cmason32 writes "The Bush administration is going to create a new Cybersecurity Chief position in the Homeland Security Department. The move is supposed to demonstrate the government's dedication to cracking down on hackers and 'cyberterror.' One of the responsibities of the position is to 'secure cyberspace.' However, critics are already noting the position is not likely to be effective."
I wouldn't just call this position ineffective. I would also call it a waste of taxpayer dollars, a way to abuse power, and a waste of time.
This will simply become a tool of the RIAA/MPAA/etc?
U.S. government to get cybersecurity chief
By Ted Bridis
May 25, 2003 | WASHINGTON (AP) --
The Bush administration plans to appoint a new cybersecurity chief for the government inside the Homeland Security Department, replacing a position once held by a special adviser to the president. Industry leaders worry the new post won't be powerful enough.
The move reflects an effort to appease frustrated technology executives over what they consider a lack of White House attention to hackers, cyberterror and other Internet threats. Officials have outlined their intentions privately in recent weeks to lawmakers, technology executives and lobbyists.
The new position, expected to be announced formally within two weeks, is drawing early criticism over its placement deep inside the agency's organizational chart. The nation's new cyberchief will be at least three steps beneath Homeland Security Secretary Tom Ridge.
In Washington, where a bureaucrat's authority and budget depend largely on proximity to power, some experts fear that could be a serious handicap.
"It won't work. It's not a senior enough position," said Richard Clarke, Bush's top cyberspace adviser until he retired this year after nearly three decades with the government. Clarke's deputy, Howard Schmidt, resigned last month and accepted a job as chief information security officer for eBay Inc.
"While it's not optimal having someone technically that low in the pecking order, it's much better than the current situation," said Harris Miller, head of the Information Technology Association of America, a leading industry trade group. He said success at that level of Washington's bureaucracy is "not mission impossible, it's just a difficult mission."
The plan is consistent with Ridge's unease over elevating cyberconcerns above the security of airports, buildings, bridges and pipelines. The agency currently lumps both those issues under its Information Analysis and Infrastructure Protection unit, one of four directorates in Homeland Security.
"It's pretty difficult for many businesses and many economic assets in this country to segregate the cyber side from the physical side because how that company operates, how that community operates, is interdependent," Ridge told lawmakers at a hearing this week.
The new cyberchief also will be responsible for carrying out the dozens of recommendations in the administration's "National Strategy to Secure Cyberspace," a set of proposals put together under Clarke just before his departure.
That plan, completed in February, is drawing criticism because it emphasizes voluntary measures to improve computer security for home users, corporations, universities and government agencies.
"I don't think we have a plan," said Rep. Zoe Lofgren of California, the senior Democrat on the Homeland Security subcommittee on cybersecurity. "If we just take a look at that strategy, we're not going to end up with the solutions we need. There's a sense among the committee that there needs to be a little more meat."
The government privately acknowledges many of those criticisms. In a previously undisclosed internal memorandum to Commerce Secretary Don Evans, the head of the agency's Bureau of Industry and Security described complaints from technology executives after meeting with them in September in California.
The executives felt the government's plan was "not sufficiently strong because many of the key recommendations had been `watered down' and were not `mandatory,"' Undersecretary Kenneth Juster wrote. His organization at the time included the U.S. Critical Infrastructure Assurance Office, which has moved to Homeland Security. The Associated Press obtained a copy of Juster's memo under the Freedom of Information Act.
Officials are still looking for candidates for the new position, which will be announced within the next two weeks. Clarke, now a private consultant, cautioned that the administration will have a difficult time convincing a prestigious cybersecurity expert to take the job. Some others predicted that won't be a problem.
"Most folks if asked to do this would jump at the opportunity," said Sunil Misra, chief security adviser at Unisys Corp.
Eventually the americans will have THREE forms of government! The first is the regular government, followed closely by a Shadow government (For emergencies only, of course!), and finally a Cybergovernment!
Now when kids say they wanna grow up to be President, the teacher will have to ask "Will that be Shadow, Cyber, or Plain?"
I am a filthy pirate.
If you get to Guantanamo Bay before me, save me a cell, would you please?
"The government of the United States is not, in any sense, founded on the Christian religion."
Typical of politics, and exemplified by the implementation of "Homeland Security". The politicians just seem to want to get something up and visible to show they're "on the job". Quality isn't Job #1, it usually isn't even on the same list. It is smoke, mirrors & hand waving -- "see we did something"!
What about the FBI's cyber crime investigations? What about all the infrastructure/info that the NSA has? Will either of these agencies be mandated to cooperate? Or, will there be petty "Not Invented Here" and "This is MY jurisdiction" bickering?
The gov't doesn't need a new Czar to secure their part of cyberspace (Milnet, etc.), and do they really think some agency will tell people (civilian companies & individuals) how to configure routers, firewalls and virus scanners?
Learning HOW to think is more important than learning WHAT to think.
Who read that headline as
"U.S. Government To Get Cybersecurity Chef"
What would he serve, Johnny Mnemonic Barbecue Freedom Fries?
-sig- It's not stupid, it's advanced -sig-
A display lights up 'Secure cyberspace ON'.
Reminds me of one of my all time user requirement highlights. This was on a multi platform, multi system deployment which I was working on several interfaces for.
21.0 Error Recovery Process
When any error has occurred in across the system the user will select a fix error button. This will resolve all problems.
When I suggested that the button could call a routine to print a P45 for anyone selecting it I was accused of been unresponsive to user needs.
Sorry, it appears I was mistaken.
The doubleclick guy was supposed to be the Homeland Security Privacy Czar.
In a related matter, it appears that I'm not so lazy after all.
ye hackers living within the borders of the United States shall soon fall under the tyrannical rule of the cybersecurity czar! Your constant day to day actions will be monitored by private-sector companies that control the entire Internet, told who and what to sniff by their grand ruler! All Hail The Grand Czar! ....what? there are computers outside of the US borders? Bah! We are at war with Oceania and have already eradicated these rogues operating under the control of the terrorist Linus!
Exactly how much more power do they really need, especially when they've got things like the Patriot Act and the proposed Son of Patriot Act?
Cool- a new variant on the old election trick of forcing out figureheads as the election comes up; that way you can blame problems on someone who's long gone, and bring in someone new nobody can judge yet. Environmental policy sucks? Make your EPA head resign. People finally pissed off with reporters not being able to get anything out of the White House? Make your press secretary resign!
Can't keep your "Cybersecurity chief" chair filled, because the dudes keep resigning faster than you can appoint them? Why, shift the position into a branch of the government where nbody knows what the hell is going on. Yeah, baby! Keep 'em guessing...
By the way, wanna know why Ridge is head of Homeland Insecurity? Cause the poo baby lost his election for a congressional seat. But, no worries! The GOP sticks up for its people! Loose your election, get a post you're not remotely qualified for in a few months! But that's okay, it's probably a position that doesn't mean anything anyway.
Please help metamoderate.
That's Richard Gill man! The hacker enemy number one.
You know it makes sense, a little reminder from jointm1k.
And while you're at it, define "cyber terrorist". Who decides who's a terrorist and who's not ? Minitru ?
Don't forget to think different.
the thing with homeland security is that you will never realy know if it is effective because only a failure will be noticable and depending on how many plots were foiled before would tell you how effective HLSD is.
I am the Alpha and the Omega-3
I am feeling so cyberterrorised lately, and this is the exact response I was looking for the government to make.
It isn't like we have more important issues with Disney, RIAA, and MPAA buying legislation or anything.
fifth sigma, inc.
"Terrorism" in its many forms (I believe in the 50's they were referred to commies instead of terrorists) have been used as an excuse to pass Orwellian-style legislation here in the U.S. I think most of us would agree to as much. I see this whole homeland security program to have been little more than the legislated and executed implementation of more or less random spying on american citizens and it sickens me that this is being done in the name of patriotism. That is not what my father, nor his father fought for.
Chillingly, this mentality is now being brought to be applied to a vague concept... a buzzword. How will this be interpreted by our inadequate, bloated and outdated legal machinery of U.S. Government? Essentially, "securing cyberspace" is conceptually equivalent to "restricting information" or, for the non-slashdot crowd, the monitoring and policing of any and all communications services. Calls to your spouses and parents, its all fair game. When will it be enough? why do you, a good and honest person who has no intention of breaking the law or committing acts of terrorism, become the subject of inquiry? How far will we let this go?
This comment is fully compliant with RFC 527.
"Granny, will you please open up your laptop to make sure you have no software that can be used for harmful purposes."
I guess you can really tell the workers are on vacation for the holiday, because the only ones left to post on Slashdot are the goof-offs.
There are computer networks that run behind the scenes that maintain every utility that runs our lives, whether it be remotely-controllable circuit breakers on the bulk power grid, hydroelectric dam controls for power & water, the multiplexors that run the telephone systems, etc. It's cheaper to put a machine out in the field and run network cable to it, than to have a live person out at the station pushing the same buttons, so more and more infrastructure is getting networked, telemetered, and controllable...
Companies are increasingly relying on VPN and similar systems to allow workers to tunnel through the internet to connect to their business machines. Well all trust RSA encoding, but crack the operating system and you can use the tunnelling to get into a lot of restricted (price sensitive) data. Or maybe the company has a nifty database back-end to their site, and some buffer overruns gets you into schemas that weren't supposed to be exposed... Or it could be passwords on a stolen laptop. For whatever reasons, sites get hacked.
Right now, what do companies do? If they even notice the cyber attack, they fill out some NIPC forms, and the issue vanishes into the beaurocracy. Not exactly the best measure, because the NIPC doesn't have the authority like the FBI to investigate events... or read the NIPC homepage, even they admit that there were 4 government programs that were combined, each in some way did little pieces of the puzzle but noone had the big picture of the events.
My opinion? Appointing a Cyber-Security chief is a good thing, as long as there are additional steps taken to reduce the bloat of governement, by combining the other departments into one sector that can actually be effective in investigation. You have to not only create the position, but you have to give it the proper resources (like contacts at the FBI & NSA) who can properly identify crackers going after government resources, and hunt them down. Adding another level of red tape isn't going to accomplish much, but any step in the direction of securing national & private sector secrets is a good thing.
- "War on Terrorism"
- "War on Drugs"
- "War on Education"
and other asinine policies of the government_______________________________
"I'm not Conceited...I'm just a realist..."
I think you got your bureaucrats mixed up. Ashcroft was the one who lost an election (to a dead guy) and was then appointed to the cabinet.
Somewhere, something incredible is waiting to be known. -- Carl Sagan
And here I was about to read that article about beginning Network Security; Thanks to the new cyber-tzar, I won't need to .. with his 'secur[ing] cyberspace' n'all
<? include ('signature.inc'); ?>
"It's pretty difficult for many businesses and many economic assets in this country to segregate the cyber side from the physical side because how that company operates, how that community operates, is interdependent," Ridge told lawmakers at a hearing this week.
So this new department will only protect business? Does that mean they'll also only crack down on businesses, or will they save most of their persecution for the people who don't fund their campaigns?
The military can handle its own. There is an Army MOS for this kind of stuff. Its any 74 series MOS, mostly 74B and 74C. (soon to be 31B and 31C). Any level 20 or higher personnel in this group should have taken System Administration/Network Security Level II, which amounts to a basic defense of Windows 2000+ and Solaris. Level 3 of this course has basic hacking. Level 4 is a full immersion into hacking, programming, etc. Anybody can take up to level two once MOS qualified. Level 1 is given in AIT. Level 2 is given at the post level. Upper levels are tracked and monitored who gets access to the class and is usually a TDY of 2 weeks for level 3, 6 weeks for level 4.
Even without users at the end getting the higher levels of training, those at higher levels, (ACERT and RCERTS) take care of this at the initial levels of packets entering the network. By the time it gets to the end user, that packet has been filtered, logged, and all sorts of other stuff before you see it.
For strike-back capability, we got units for that. For small stuff ask for a WO-2 or better.
This works for the military where one can order people like me around. Civilains on the other hand it might not be such a great advantage.
PFC Gruhn
MOS 74B.
SANS Lvl 2 qualified.
HHD, 1PG, Fort Lewis
Why don't they just admit that they now consider all crime and unpopular use of first amendment rights to be acts of terrorism?
The word terrorism has all but lost its meaning now. We used to consider a terrorist to be someone who kills innocent civilians to make a political statement. Now white hat hackers are terrorists. Peace march organizers are terrorists. P2P users are terrorists. And those terrorists and people who know the terrorists may be subject to FISA wiretaps, which are not checked by the judicial system.
You know you want me in charge. Better than someone who can't pronounce: /.
Any objections?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON