Slashdot Mirror
Who Would Want To Be Obama's Cybersecurity Czar?
dasButcher writes "President Obama is expected to name a new cybersecurity czar sometime soon. This person will be charged with defending the digital boards from attack by hostile nation-states and terrorist organizations. But the question Larry Walsh asks is: Who really wants the job? The previous three people who held the post barely made a dent in solving the security problems. Government bureaucracy and private sector resistance make it nearly impossible to find any measure of meaningful success in this job, he writes."
Reader eatcajun contributes a related link to the long-awaited US cyberspace policy review.
We'll give you Stephen Conroy if you like.
I am not stubborn. I am right!
...nuff said.
It seems like everytime somebody is about to be OR IS appointed for a NASA job, Obama moves them elsewhere.
What about hostile countries that are not nation-states?
Not me! I don't want Congress telling me to "remove all references to them from the Internets" or "turn off the Internets".
First post.
Obligatory XKCD link (five part story).
The copyright holders and their corrupt organizations may want it.
They use the position to make sure one looks too hard at the invasive digging into people's hard drives and network traffic.
Meanwhile they totally ignore any REAL threats and protection measures. (As can be seen by stories on Slashdot about data thefts left and right).
Sig Battery depleted. Reverting to safe mode.
Whoever he picks, I hope they are technologically savvy enough to realize that all of the terrorists in the world won't be able to do one millionth of the damage that's already being done by spammers.
Are there any RIAA lawyers left who don't yet have high level Obama positions?
I've had enough abrasive sigs. Kittens are cute and fuzzy.
so I guess I am ineligible even if I wanted the job.
. . . Schneier and Campbell . . .
. . . Schneier can lecture us on, "What is Cybersecurity?" . . . Campbell can cut 'em up with chainsaws, and blow their brains out with his shotgun.
How could we lose?
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
is the cyberczar going to declare a "WAR ON BLOGS"?
Come on, you gotta know a job like this pays some serious bank. And in todays economy, that means a lot more then it used to. Sooooo...if anybody wants to hire me, you can find my resume online. (President Obama, are you reading this?) I posted it on my website: http://www.niksput.com/resume.html Also you can email me: sdn@niksput.com
He couldn't do worse that an RIAA lawyer.
While corporate lobbyists dictate the infrastructure, it's gonna be a Windows backbone. Nobody can make that secure. While this situation remains, the position is a no win one.
n/t
Results 1 - 10 of about 17,800 for sysadmin horror stories...
1. How do you convince the prez that he shouldn't download shonky software just because his Macbook isn't running Windows?
We don't need a "czar", we need a new military branch. I am not aware of ANY real and lasting contribution any "czar" has ever made in the United States. The first drug czars came close... if you call that a contribution, but from everything I've seen, they're basically PR and cheerleaders, and don't have much authority or get much done.
If we're serious... and I mean really serious... we need a branch of the military to do the heavy lifting. We don't need to start this in a big way, but we need the security infrastructure to build on should tensions begin rising with nation states. These guys would be the grunts doing the front line lifting and poking around while the NSA focuses it's talent on developing high level techniques. This is what we'd do if we got really serious.
In my view, the position of czar is a joke. Czars are for 19th century Russia and have no place in a modern United States government.
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
What is up with this American love affair with old Russian titles?
Excuse me, but please get off my Pennisetum Clandestinum, eh!
But only because I am sure it would look pretty bad ass on my resume. I am sure with that on there I would be able to get a job somewhere, pretty much forever.
No comprende? Let me type that a little slower for you...
These "czars" aren't new super-powerful positions being created by facists. They consist of pre-existing positions that have been given a catchy new title (drug czar instead of "head of the drug enforcement agency") and advisory roles (terrorism czar).
The former already existed. You can't complain about there being a drug czar unless you believe that the DEA has too much power. Of course, they probably do... but that predates the nomenclature used for their leader. The so-called "war on drugs" (which Obama's drug czar want to stop) began a couple decades before that term came into use.
The latter is simply an advisor to the president. They have no powers that the office of the president does not, nor can they overrule the president in any instance. The president would be taking advice from them anyway. All the title does is recognize that he's taking their advice.
I know there are a lot of libertarians/anarchists on /., and that's why the "czar" thing always gets pointed at as proof that the *insert currently leading political party here* are a bunch of fascists. But when you actually look at what the "czars" do, you quickly realize that it's entirely in keeping with our democratic republic.
The difference this time is that Obama is a Democrat, so the media will ignore the czar's complete ineffectiveness and never criticize anything he or she does.
Oh no matter, pick me....
Here is why you would want it: You have the ear of the president of the USA. You get to put down on your resume that you were the cyber-security czar.
Yeah, the very idea that a cyber-security czar has any control over US cyber-security is truly silly, but who knows. Your suggestions might get a few positive changes to be made, and in the event of a catastrophic cyber-security catastrophic event (like, terrorists flying virtual 747s into the virtual world trade center in Microsoft's flight simulator...) you can just resign and write a tell all book about how you were prevented from doing the right thing by idiots and red tape.
HA! I just wasted some of your bandwidth with a frivolous sig!
I am sure he will find away around this so called bureaucracy of yours as he has been doing quite well for himself in the private sector.
Of course with the new job comes new nomenclature, I present to you ladies and gentlemen the BCCFH (The bastard cybersecucurity czar from hell) and don't worry about assigning him any more power than a normal UNIX sysadmin, he'll get the job done.
An Education is the Font of All Liberty
...so clearly I'm not qualified to be on Obama's cabinet.
-Styopa
In this type of political postion reputation and personality are as important as your knowledge. Kevin has shown in his legal employment history an aptitude to address cyber security in a way that draws the necessary attention to the issue. His crimial history gives him the legitimacy with both sides of the issue.
"Of all the things I've lost, I miss my mind the most." ~Ozzy Osborne
They want everyone else to be insecure and theirs super secure. Leaving run of the mill networks insecure as to leave a bait, to see who is doing what and let them think they are getting something. But in actuality the top brass practices such compartmentalized security right down to the electronic emissions computers make. Even Apple has compromised their security to play nice with Uncle Spook. Java exploit still not patched and it's been 7 months now.
Arguably, few have had more experience dealing with gaping software security vulnerabilities than the big kahuna himself.
Hope is the currency of fools
I think Regan was the one who started giving government officials the the nickname of the "The _______ Czar". In every case the problem assigned to the Czar never went away and often got worse. You would think that term would fall out of use. You want to guarantee a problem will not go away? Appoint a Czar to oversee it.
Mitnick is a great guy. But he is too specific on creating a mess. Besides, too private and he seems even shy...
Go for Morrison... He knows how to make a real worldwide mess out of Internet.
Obviously!
Cowboy Neal.
Property is theft.
I'd take this job in a second. The position has a track record of failure and thus, expectations are low. This is exactly the kind of job I'm looking for. If you succeed, you're a miracle worker, if you fail, nobody blames you, either way it's not bad. It looks even better when you add in the fact that the pay is good and you have an awesome title. I mean c'mon, you'd be a freaking czar, how many people can legitimately put "Czar" on their resume?
I'll do it
Mixture of OSs. Some Win, some BSD, some Linux, some OS-X, different flavors of each. Mixture of N, N-1, and N-2 security patches (in case a patch introduces a new 'sploit).
Range of machine architectures. X86, PPC, ARM, Itanium, Sparc, whatever else is around.
Public facing machines behind firewalls and only open the needed ports.
On corporate or government systems that are only used for tasks like word processing or spreadsheets, the ability for normal user accounts to run executables other than the system ones is disabled.
Machines needing top security are airgapped to the public internet.
I could go on. But the above stuff would go a long ways.
Of course, I'm not qualified but we're talking about the U.S. government here so since when would that matter?
This ain't rocket surgery.
I'm a huge fan of this administration but in this particular case I think the private sector could do a much better job protecting against threats than any Czar. Besides, I hate anyone who's title has a C followed by a Z in it, that's just not right. Drop the "c" or just say: "KaZaar!".
There will be lolcats all over the place, I promise! ;-)
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
I second this motion.
He has the gumption to challenge security by (proprietary) obscurity.
With his hands-on experience with DARPA, he knows how it is broken and what needs fixing.
http://en.wikipedia.org/wiki/Theo_de_Raadt#DARPA_funding_cancellation
The Roman Rule: The one who says it cannot be done shall not interrupt the one who is doing it.
this sounds like a job for Public Security Section 9.
EOM
Equine Mammals Are Considerably Smaller
Who wants the job? Perhaps somebody who wants to have power, without all that pesky "running for office and actually being elected by the people" stuff. Somebody who wants to make rules about how everybody is to run their computers, without all that pesky "being responsible for what goes wrong" stuff.
www.eFax.com are spammers
Chuck Norris.
The internet was developed from observing his CNS.
Would love to see him in a fake photo with Czar clothes. Maybe he goes forward to the czar role, pushes us to the open source communism and Ballmer starts calling him Stalinman.
Some non-tech yes man.
Preferably visible minority.
Why interrupt the pattern.
but I'm an employed white male who wouldn't base my decisions on my perceptions of social injustice brought about by my situation.
The man who's name is synonymous with Security: Peter Norton
King of the Internet. I already provide half the commentary on it.
NSA?
All your database are belong to U.S.
This guy's a hard-core hacker and pen-tester who's helping to lock down banks. He does not do politics. He's just hard-core about locking down networks.
Here's my quick, from the hip view on how to maximize the probability of a successful outcome:
Cybersecurity is focused on maintaining control of systems and networks. Cyber-warfighting is a valuable source for understanding potential threats, but it is not the objective of the cybersecurity committee to advance the state-of-the-art of cyber-warfighting.
To advance the ability of the citizens and organizations of the United States to retain control of their information systems, an elite task-force will be formed:
1. Retain Bruce Schneier
2. Retain Ten Specialists, Bruce's Choice, Following Criteria:
2.1. One EFF Constitutional Rights specialist
2.2. One ACLU Constitutional Rights specialist
2.3. One significant code contributor from the NSA SE:Linux project
2.4. Two information security specialists from among:
2.4.1. Microsoft
2.4.2. Google
2.4.3. Apple
2.4.4. IBM
2.5. Two espionage defense specialists from among:
2.5.1. General Dynamics
2.5.2. GE
2.5.3. Boeing
2.5.4. Halliburton
2.6. Three platform specialists
2.6.1. Microsoft
2.6.2. Mac
2.6.3. *nix
3. Specialists Get One Vote Each
4. Bruce Gets Tie-Breaker Vote
5. Each Specialist Can Employ Two Research Specialists
Votes are expected to be unanimous or nearly unanimous - non-unanimous decisions imply that every member of the panel is failing. It is every member's job to think critically, to respect diverse needs, and to help the others understand their perspective. Failure to do so implies betrayal of duty.
All votes will be secret for at least one year. Sensitive votes will be secret for five years.
Sensitive entities (corporations, organizations, government agencies) get free advanced training, room, and board, conducted at a military academy. Security practitioners get preferred enrollment. Corporations must continue to pay the employee. Corporations can choose not to send anyone, but the name of any sensitive corporation which chooses not to send some top rank security specialists will be published. It's tough, but fair, and necessary.
Curriculum will focus on practices for keeping each system under the full control of its owner. Curriculum will not sacrifice that mission to advance the ability of any non-owner of a system to compromise full control by the owner of that system.
Stop-Prism.org: Opt Out of Surveillance
Looks like our Nazi Racist 'n Chief President Barak Obama is painting himself in a corner quicker than Alolf Hitler ... and will end the same. At least, perhaps, the US will not invade Poland, in its search of cyber weapons of mass destruction, in order to justify the invasion of Poland and the killing of civilians.
The only people who would want to be the Cyber Czar would be those who'd be in it for personal benefits.
Hopefully, this means that more moral and qualified people would want to keep the job just to keep it out of shitty hands.
For something like this, I honestly don't like the idea of having one person behind it. What happens if he's murdered? I mean, if a group of professions honestly want to hack the U.S.... the poor son of a bitch who is the "Cyber Czar" is going to take a hit. Rather physical, such as being sniped or just having his shit hacked... he will be knocked out of the way.
"Instant gratification takes too long." - Carrie Fisher
For this job you need someone who has political savvy and can indeed show leadership coupled with diplomacy - and on top of that he needs to have at least a degree of technical competence to ensure someone isn't telling him lots of guff.
If I wasn't non US I'd be interested as I've done this a few times before. I built the fundamentals on a large government work when nobody was interested in collaboration, and I did international interoperability where the group I worked with was talked with making it happen but was placed at totally the wrong level to have any clout whatsoever. And we managed regardless by working at the human level.
The technical stuff is the easy part. Dealing with the human side of things is the hard work, but it's fun too. If you get the right team you can steer them in the rightdirection, form them and let them get ready for when you have the breakthrough (it sort of happens in parallel, but you need more focus on a strategic aim than a tactical effort to drive it in the right direction).
But I'm rambling now. What I wanted to say is that it is NOT an impossible job. But it certainly isn't going to be an easy one for the first few years.
As a matter of fact, if your understanding of a job at that level is simply staying out of trouble you are the wrong person for the job. You will really have to commit yourself.
Whoever gets the job, he/she has my respect.
Insert
Must this new cyber-czar claim expenses that (mostly) correlate to the price of hookers and blow consumed?
...Leo Laporte!
He'll show them crackers what for!
Why to have a cybersecurity Czar? Better have a real one. The American Czar will establish an Empire, and it's a kewl thing. People think that a Czar is Undemocratic, but when you have a Czar it's he who would decide what is Democratic. In America, every Citizen would have a right to be the Czar, but the only Czar would be Obama, because it's Democratic.
Technical knowledge, ability to look at problems objectively, stay apprised of a variety of threats, and organize information for the ready consumption of others.
If the job wasn't limited to security, I'd say Wozniak.
If the job is limited to security, all they'll need is an ineffectual mid-grade bulletstopper. This will make it a true government operation. Same as it ever was and all that.
The "Civilized World" jumped the shark ca. 1973.
I'll do it, no problems.
Open Source: Eroding the Digital Divide
n/t? I had to look that up.
What the hell was wrong with SSIA that we needed something shorter and more cryptic?
There are some seriously lazy bastards on the tubes these days.