Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Cybersecurity Commission Chairman Jim Langevin About US Cybersecurity Plans

Posted by Roblimo on from the Chapter-72854-in-the-endless-security-vs.-liberty-debate dept.

US Representative Jim Langevin (D-RI) is one of the chairs of the CSIS Cybersecurity Commission that released a comprehensive 96-page report on Dec. 8 under the title, Securing Cyberspace for the 44th Presidency. The aim of the Commission is to help the incoming administration balance "cyberspace" security needs with civil liberties. We'd like to thank Rep. Langevin and his staff (some of whom are ardent Slashdot readers) for taking time to answer your (hopefully) cogent questions. Usual Slashdot interview rules apply, and — also as usual — we'll post Rep. Langevin's answers as soon as he gets them back to us.

7 of 92 comments (clear)

  1. So..... by Anonymous Coward · · Score: 4, Interesting

    So how many civil liberties you guys plan on taking away?

  2. Red Teams by Bananatree3 · · Score: 4, Interesting

    The NSA has had great success with Red Teams and competitions between security experts in helping learn how to better secure sensitive data and to keep up to date with the latest attack techniques.

    What are your plans to utilize this powerful technique? If applied elsewhere, Red Team competitions can help better secure other aspects of the internet and to stay uptodate.

  3. Regulation by Hatta · · Score: 5, Interesting

    The free and open nature of the internet is its biggest asset. How do you plan on enforcing "cybersecurity" without damaging its free and open nature? Are you sure that the cure (government regulation) isn't worse than the disease (cybercrime)? Remember there was no cybercrime before the internet. The internet has brought us both crime and prosperity, so far the prosperity has far exceeded the crime. I benefit far more than I suffer from having an unregulated internet, can you convince me that a regulated internet is even necessary?

    What sort of measures can you take to fight cybercrime without affecting my unfettered access to the internet? The phrase "If you have nothing to hide, you have nothing to fear" is not an acceptable response.

    --
    Give me Classic Slashdot or give me death!
  4. Re:Why run this out of the EOP? by gclef · · Score: 5, Interesting

    To build on this, how are you planning on addressing the credibility gap between what the executive wants to achieve, and what the rest of the internet community (at least in the US) believes you really can/should achieve?

    For example, I was at BlackHat this year, and the keynote speaker was one of the Feds, speaking about the federal plans for cyber security. The discussions in the hall after his keynote were scathing. Many of the attendees concluded that he had no clue what he was talking about. This, I think, has to be the first hurdle the executive needs to clear before accomplishing anything. Put simply: the private sector just doesn't believe in government's ability to succeed. How are you going to fix that?

  5. How will this power be controlled? by Opportunist · · Score: 5, Interesting

    I work in IT security and thus I wonder how you plan to deal with two conflicting problems: Rapid change of threat scenarios and ability to supervise and monitor the actions taken by the "cyber police".

    Threats in IT change rapidly. Over the course of days sometimes. So quick reactions to emerging threats is a necessity. You have to react fast when something emerges, you can't let debates go on forever with weeks passing to give various interest groups a say in the matter.

    How do you plan to ensure that civil liberties will not suffer from the necessary fast response when trying to make the internet a safer place? That whatever organisation is supposed to make the "net safer" will have certain powers is a given. Whenever, though, someone who has power has to do something fast (i.e. before someone could complain or interfere), the temptation to abuse this power (claiming "danger in delay", when the only danger would have been that someone could find out that power abuse is afoot) is present as well. How do you plan to address this?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  6. Single Platform Vulnerability by codepunk · · Score: 4, Interesting

    It is no secret that our nations national security is threatened by the current single
    platform strategy. The lack of operating system diversity creates a fatal environment
    in which a single system flaw can expose all govt facilities and networks. As it stands
    today a single serious vulnerability could be exploited to blackout most if not all of
    our govt infrastructure.

    How do you intend to address this serious problem?

    --


    Got Code?
  7. Re:Wow. by zappepcs · · Score: 4, Interesting

    Wow, there are a lot of good questions being made here, but one thing REALLY bothers me:

    The aim of the Commission is to help the incoming administration balance "cyberspace" security needs with civil liberties.

    The word balance suggests that there is give and take on either side of the scale. I posit that there is not. Civil liberties must be maintained, at the cost of security on the Internet if required. Q: How do you intend to manage that problem?

    A government commission on 'cyberspace' security should obviously be intending to bring 'cyber criminals' to justice in order to protect ..... what exactly? What exactly is 'cyberspace' that you are going to secure?

    If your domain is bringing criminals to justice, shouldn't you simply be an enhanced part of the FBI?

    In what ways have you, and will you work with groups from other countries with similar mandates?

    So far, you seem to like using 15-20 year old buzz words. How does this reflect on your ability to react quickly to the changing landscape of threats to Internet infrastructure, businesses, and commerce etcetera? Further, 'cyberspace' as most of us know it is very big. How do you intend to react quickly and 'secure' it when the tens of thousands of people and companies currently trying to do so are not able to? Making it illegal to run un-patched databases on websites will NOT fix the problem, so how do you intend to fix the problems?

    As someone who writes software I am keenly interested to know if my vocation will come with risk of incarceration in the future. Will simple security mistakes bring to me risk of punishment, other than punishment of losing my current job?

    Aside from virus software one of the largest commercial security problems is DDoS attacks. Will you address that problem, or only problems that you can easily handle? Will the FCC be assisting you in any respect with regard to DDoS attack handling etc. Since 'cyberspace' runs on commercial pipes for the most part, and those pipes/tubes are full of lolcats running P2P, what will be the commissions reaction to capacity issues with regard to security of 'cyberspace'.

    Are there any specific commercial ventures that will be ignored by the commission's work? Will this affect my local website AND Google, or just Google?

    Is the word 'cyberspace' used in the title to relieve anyone of actually having to define what you will be responsible for?

    --
    Support NYCountryLawyer RIAA vs People