House Overwhelmingly Passes Cybersecurity Bill

eldavojohn writes "The Caucus, a NY Times Blog, is reporting on the overwhelming majority vote (422 yeas) the House gave a new cybersecurity bill. The Cybersecurity Enhancement Act, H.R. 4061 has a number of interesting provisions. Representative Michael Arcuri, a Democrat of New York who sponsored the bill called cybersecurity the 'Manhattan Project of our generation' and estimated the US needs 500 to 1,000 more 'cyber warriors' every year in order to keep up with potential enemies. The new bill 'authorizes one single entity, the director of the National Institute of Standards and Technology, to represent the government in negotiations over international standards and orders the White House office of technology to convene a cybersecurity university-industry task force to guide the direction of future research.'"

I wonder

[jwinster]

Since this new body is designed to "represent the government in negotiations," I wonder if there's any relation to the ACTA treaty currently discussed behind closed doors.

Re:I wonder

[coinreturn]

Since this new body is designed to "represent the government in negotiations," I wonder if there's any relation to the ACTA treaty currently discussed behind closed doors.

I don't wonder at all.

Re:I wonder

[girlintraining]

You don't have to wonder. This is one of the final moves being put in place to distance themselves from public controversy. They're expressly putting treaty powers into the hands of someone who isn't an elected official. When it finally blows open, they'll conduct an investigation, which will be tied up in committee for years. The investigation will continue until it drops off the media radar and people forget about it. In the meantime, no direct criticism can be made of ACTA -- because the investigation hasn't resolved. It's a standard PR move, and it's been done before. If the public demands blood, they'll pin it on the scapegoat -- "We Were Misled" will be the headline. But the treaty will remain.

This is how bureauacracy deals with things they know will become controversial: They elect a fall guy, and then create a web of deceit to blunt the minds of their critics and hopefully dissipate entirely any demands for their power to be reduced. And most of the time, it works.

Re:I wonder

You don't have to wonder. It has nothing to do with ACTA. Really. Read the bill. It's S&T driven: research, education, and having somebody there when standards setting bodies meet.

You're dreaming if you think that State Dept. listens to NIST. Or that this bill would pass the House without going before Foreign relations committee if it had that kind of reach.

Re:I wonder

[Tekfactory]

NIST isn't a new entity, they are the US Government's standards body, they are part of the Dept of Commerce, and write all kinds of standards the government has to use.

So when the government directs their standards body to take part in standards negotiations on their behalf, there is no conspiracy there.

Take a look at some of what NIST does

http://www.nist.gov/index.html
http://www.nist.gov/public_affairs/orgchart.htm

Also note that like IEEE all of their Technology Special Publications go through public comment periods.

http://csrc.nist.gov/publications/PubsSPs.html

One of my favorites is SCAP, its like an XML for Security products that helps to standardize vulnerability reports and security settings so you can check using an array of SCAP compatible tools if your thousands of machines are all patched and up to date as well as running your enterprise security config.

http://scap.nist.gov/

I'd be concerned if some new bill made someone ELSE without some of the worlds best test labs, scientists and engineers negotiate standards for the US.

Re:I wonder

[davester666]

Task one for NIST: declare the BitTorrent protocol as a tool that is primarily used by hackers and terrorists, and thus must not be permitted on American networks.

Re:I wonder

[TheNarrator]

Treaties are really awful, they are the big loophole in the constitution by which tyranny can be introduced.

http://www.jpands.org/hacienda/article4.html

Article VI, paragraph 2 actually stipulates on the issue: "...all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution [of any State] or Laws of any State to the Contrary notwithstanding. [Emphasis added.]"

Re:I wonder

[girlintraining]

It has nothing to do with ACTA. Really. Read the bill. It's S&T driven: research, education, and having somebody there when standards setting bodies meet.

The internet has been a thorn in the side of every government since it's creation -- it's a place where people can organize against the government, conduct tax-free business, and freely and anonymously congregate. The only 'standards' the governments of the world are interested in, are ones that allow them a greater degree of control over it.

Do you really think they give a damn about whether it runs on IPv4, or IPv6, or whether DNS is secure or not?

Re:I wonder

[sensei+moreh]

Take a look at some of what NIST does

Ok - I'll look at http://www.time.gov/timezone.cgi?Central/d/-6/java/

Re:I wonder

[Vairon]

They are not a loophole. The supreme court has ruled that treaties do not supersede the constitution.

http://www.npr.org/templates/story/story.php?storyId=89100044
http://www.sweetliberty.org/issues/staterights/treaties.htm
http://en.wikipedia.org/wiki/Treaty_Clause
http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=CASE&court=US&vol=354&page=1

Re:I wonder

[geekoid]

I don't say this often, but you should be banned from the internet.

A new body, sheeesh.

Re:I wonder

[FatherDale]

The State Dept DOES listen to NIST, and was the first federal agency to adopt the NIST SP800 series as the primary guidance for information security issues. State also made up 100% of the panel that built the CAP certification, and built it mainly on SP 800-37.

Re:I wonder

[Thinboy00]

What's this then? The 10th Amendment is part of the Constitution.

Re:I wonder

[Vairon]

What you linked is consistent with what I said.

It clearly says that treaties do not override the constitution. treaties may trump state rights, but only when there is not language in the constitution prohibiting the treaty.

"...the Supreme Court held that the law was in fact constitutional, noting that the treaties clause of the Constitution (Article VI, clause 2), sometimes known as the "supremacy clause," makes treaties the "supreme law of the land," a finding that trumps any state-level concerns with regard to the provisions of any treaty (though it does not trump other provisions of the constitution)..."

Also Missouri v. Holland was in 1920, since then Reid v. Covert (1957) has made it even more explicit that the Constitution supersedes treaties ratified by the US Senate.

As I understand it, here's the order of law:
Constitution
Treaties ratified by the US Senate
Federal enumerated powers only
States all other powers

Re:Why Icecream has no bones

Uhmm.....you forgot to check the "Post Anonymously" box.

At least

[sleekware]

It's a step in the right direction...

Re:At least

[thehostiles]

really?
Hacking: a crime that will get you some jail time and computer probation.
Cyber Warrior: a profession where you hack and get paid for it by the government.

If the government wanted to beef up their web security by improving defense, they would hire people titled "engineers"

Re:At least

[sleekware]

Ah, good point.

Re:At least

[geekoid]

Murder: A crime that will get you jail time
Infantry: a profession where you kill people while being paid by the government.

Seriously, nothing new here.

They do hire people titled "engineers"
Dont' get caught up in the reporting of these things.

I need a job and this one fits my life to a tee.

[JDeane]

Where do I sign up?

Cyber Warrior positions available?

[PingSpike]

I knew all those years playing Quake would come in handy eventually.

Re:Cyber Warrior positions available?

[Hurricane78]

I think you mean System Shock 1!

Re:Cyber Warrior positions available?

[ArundelCastle]

Can you imagine handing out shiny new business cards?
-----
[DHS logo]

Bill "FraggleR0x0rs" Ferguson

Cyber Warrior
U.S. Government

Cell: ### Skype: ### AIM: ###
-----

Dude, awesome.

Re:Cyber Warrior positions available?

[Alsee]

I am Cyber Warrior. I was once likely to be eaten by a grue.

-

eeep

[the_Bionic_lemming]

The house overwhelmingly approved? That means it'll add to the deficit, be largely useless, and misused by RIAA.

God help us all.

Re:eeep

[interkin3tic]

That means it'll add to the deficit

By this, do you mean to imply there's a tax cut hidden in there somewhere?

Cyber Warriors....

[neogeographer]

Come out to playyyyyyyyy

Re:Cyber Warriors....

[DarrenBaker]

Why is it that the Government, when referring to IT matters, always uses terminology like that... What is this, the United States of Johnny Mnemonic?

Re:Cyber Warriors....

[sconeu]

Alas, most Slashdotters are too young to get your reference.

Re:Cyber Warriors....

[Jawn98685]

Dude,
Tell me that you didn't not get the "Warriors" reference...
More seriously, would you prefer cyber "cops"? Cops or warriors, the terminology does, in my mind, trivialize this truly global contest (war, battle, struggle, whatever). As others have observed, there is some serious talent out there and it is well motivated. Unless/until there is similar motivation for those inclined to wear white hats, things are going to get worse, not better. The military will (just like in Gibson's novels) understand the threat and build or buy the best defenses. Big Corporate World will, eventually, come to a similar conclusion and pony up, though signs seem to indicate that this will be later, rather than sooner. The rest of us are on our own. "The government" can't/won't throw enough resources at the problem to keep the spam bots off grandma's PC. And honestly, I am not sure I want anyone, especially the government, that close (as in close enough to make a difference) to my edge of the network.

Re:Cyber Warriors....

[nine-times]

Wrong movie. Cyber warriors are like road warriors except the "road" is the information super-highway. Now, I know that's confusing because the Internets are more like tubes than like dumptrucks, but still, the Internet is exactly like a highway for information only superer.

So much as you'd expect, these cyber warriors will be riding around in cyber-cars (aka computers) trying to hoard cyber-gasoline, and perhaps trying to get revenge for their murdered cyber-wives. I know, it sounds funny, but you'd totally understand if you were a hacker who was familiar with cyberspace. The most important thing is to make sure all the T1s don't break through your firewalls and get access to your IP addresses.

Re:Cyber Warriors....

[DarrenBaker]

What? Yeah, I got the reference.

It's stupid chest-beating bill-marketing terminology aimed below most people's intellect, because that's how the bill authors see us. The intent and effect of the bill is irrelevant here. It just irks me that they feel they need to dumb it down for us. Instead of 'Information Technology Security Official', it's 'Cyber Warrior'. How gauche.

Re:Cyber Warriors....

[tyrione]

He probably wasn't born to see the movie when it first aired back in the days when our cable boxes were rotary dials.

Re:Cyber Warriors....

[tyrione]

Wrong movie. Cyber warriors are like road warriors except the "road" is the information super-highway. Now, I know that's confusing because the Internets are more like tubes than like dumptrucks, but still, the Internet is exactly like a highway for information only superer.

So much as you'd expect, these cyber warriors will be riding around in cyber-cars (aka computers) trying to hoard cyber-gasoline, and perhaps trying to get revenge for their murdered cyber-wives. I know, it sounds funny, but you'd totally understand if you were a hacker who was familiar with cyberspace. The most important thing is to make sure all the T1s don't break through your firewalls and get access to your IP addresses.

And you thought he was interested in an analogous reference? It was meant to be tongue-firmly-in-cheek.

Re:Cyber Warriors....

[Dalambertian]

I do wonder whether the government is capable of guiding the future of IT security, especially if they insist on having their own back-door as a matter of national security. I really had no idea how vulnerable we were until I saw this lecture http://www.demoscene.tv/prod.php?id_prod=13914 and his discussion of mebroot.

Re:Cyber Warriors....

[nine-times]

And you thought I was attempting a serious rebuttal?

Re:Cyber Warriors....

[neogeographer]

Slashdot: Stuff that REALLY matters

Re:Cyber Warriors....

[XxtraLarGe]

Wrong movie. Cyber warriors are like road warriors except the "road" is the information super-highway. Now, I know that's confusing because the Internets are more like tubes than like dumptrucks, but still, the Internet is exactly like a highway for information only superer.

Wouldn't that make them Tube Warriors? I mean, the Internet is like a series of tubes, or so I've been told...

Re:Cyber Warriors....

[countertrolling]

...that's how the bill authors see us.

Well, considering how many times we reelect these goofs, it seems to be more of a matter of how we present ourselves. It's not "dumbing down". It's marketing, and rather successful at that.

Re:Cyber Warriors....

[DarrenBaker]

I know... It's a vicious cycle. But don't kid yourself - It's dumbing down in the name of marketing.

Re:I need a job and this one fits my life to a tee

[chill]

http://www.usajobs.gov/

So now suddenly it's OK again?

[moz25]

Too little, too late.

For more than a decade, effort was done to *weaken* the domestic talent at developing themselves or helping (causing) to harden the existing infrastructure.

Re:So now suddenly it's OK again?

Standard operating procedure: Eradicate what's there, bring in your own guys.

Re:So now suddenly it's OK again?

[GovCheese]

The federal government hasn't done a particularly good job advertising their Scholarship for Service Federal Cyber Service program where promising cyber students are given scholarships in return for a promise to give the government 2 years of service as federal employees in a cyber security related position. Few in the IT field even know it exists. But it's an exceptional idea and most government agencies are lobbying for expanding it to bring in even more students. The federal government isn't entirely incompetent or bereft of good ideas or lacking the will to implement them. The SFS Cyber Service program is one of their success stories.

Re:So now suddenly it's OK again?

As someone who transitioned through the program, yes it is an excellent system. The problem is that it is very difficult to find clearable talent in the the field, so to remedy the situation they expanded who can be accepted to the program.
As of now, the SFS program is filthy with Business degrees and the CS, ECE, CompE degrees are a rarity. Somehow i don't think the business kids are quite the "Cyber Warriors" that everyone is talking about.

Re:So now suddenly it's OK again?

It gets better:

H.Amdt. 545:
An amendment numbered 1 printed in House Report 111-410 to address the lack of minority representation in the cybersecurity industry including women and African-Americans, Hispanics, and Native Americans. The amendment adds language in Sec. 107 to describe how successful programs are engaging said minorities and in Sec. 108 to include minority-serving institutions on the Cybersecurity University-Industry Task Force.

Yay, more quotas.

H.Amdt. 548:
An amendment numbered 4 printed in House Report 111-410 to require the National Science Foundation to study ways to improve detection, investigation, and prosecution of cyber crimes including piracy of intellectual property, crimes against children, and organized crime.

Won't someone think of the children? And "This bill brought to you by the MPAA/RIAA".

Re:So now suddenly it's OK again?

[shaitand]

They should up the ante a bit on this. Since they want four year degrees the should pay for 4 yrs of schooling. If they want you to have completed two years on your own to show commitment that is fine but they should reimburse those two years after successful completion. They could even up the service requirement to four years to match.

It just doesn't make sense to stick people in low paying government jobs with student loans to pay as their reward.

Re:So now suddenly it's OK again?

[countertrolling]

...filthy with Business degrees...

So 2 years at Goldman Sachs or AIG trashing the economy will cover the student's obligations? Or do they have to chair the Fed?

Private sector

[gmuslera]

A private company could be delegated for most of the dirty stuff. OCP, Cyberdyne, and Umbrella Corporation already proposed themselves for that task.

Re:Private sector

[Blakey+Rat]

Did Weyland-Yutani bid on it?

Re:Private sector

[jellomizer]

That is knda why the government hires contractors. If they are caught it is those immoral contractors, if they are not they perform a valuable asset to the country... Even if they do get caught and take the PR mess they hire them again as all they did was what they were hired to do.

Re:Private sector

[EventHorizon_pc]

So did Aperture Science Laboratories, but we all know Black Mesa will get the job.

Re:I need a job and this one fits my life to a tee

https://www.sfs.opm.gov/

I went through this program. Got a FREE MS in CompSci in 3 semesters, interned at NIST for a summer and ended up working for NSF for a couple years. Started at NSF and a GS-9, was GS-12 within 2 years.

Re:Why Icecream has no bones

[fibrewire]

Nah, I just get sick of cybersecurity bill garbage - not like anyone on slashdot is going to do anything about it.

Google attack?

[antiaktiv]

Would it have had as much support without the recent (allegedly chinese) attack against Google and other companies?

BYOCT... (Bring your own conspiracy theory)

Re:Google attack?

[shaitand]

ALLEGEDLY Chinese?

Re:Google attack?

[BhaKi]

ALLEGEDLY Chinese?

The same people who said there were WMDs in Iraq are saying the attacks are from China. So the 'allegedly' adverb should be used. My personal opinion is that the whole China-Google episode is a desperate joint attempt by NSA, CIA and Google.

To what end?

To make Americans boycott Chinese products and go for local ones.

Re:Google attack?

[shaitand]

The Chinese have been caught with their hands in so many U.S. digital cookie jars in the past few years I fail to see what difference it makes.

I also fail to see how it benefits the NSA to make public the fact that Google was compromised through NSA backdoors in their gmail system.

Re:Orders?

[mujadaddy]

Hi, I'm Separation of Powers, and I take laws that Congress makes and give them to the Executive branch so they can enforce them.

In other news, you really don't know what those words you said mean, do you?

Where is their test environment?

[zerointeger]

Since when does using a fuzzer to modify http headers constitute as a l337?

So do I have to give up my computer while somebody that wants to test out their l337 skillz essentially destroying my development server and hard work without compensation?

Where are the bills protections to me as a non-felon, voting, tax-payer?

Re:Shivers...

[Narnie]

If we don't act now, we will fall behind and develop a cave^H^H^H^Hcyber gap. Once the nuclear winter clears, the Ruskies^H^H^H^H^H^H^H Hackers will invade and we will have a serious disadvantage! And every cyber warrior should have 10 women to impregnate. Of course these will have to be attractive women to encourage procreation.

Bleh

It's incredibly difficult to do something in an official, bureaucratic capacity without making your plan (and your goals) seem ridiculous, and your knowledge of the problem laughably ignorant. The internet is championed as a communication medium designed to be 'un-patrolable,' and any system that inspires hollywood-type 'hacking' will be immediately, firmly, and justifiably criticized by those who value it for exactly that reason. It sounds like our politicians are convinced that China has a few more 'cyber-warriors' than us, so we need to get in on that arms-race and move some of those crazy xbox kids away from shooting zombies so they can make pew pew at the holes China's punching in the giant 'firewall' UI buried under Nebraska. Why does the language of our policy, the words coming from the mouths of our representatives, have to be so over-simplified? Why can't the media hire somebody who knows what the hell they're talking about, and have him explain it in language appropriate for the content? Aren't the people who actually care about the issue, and so become its audience, the same people who are insulted by the simplified method in which its presented? Honestly, if you want my Grandmother to read an article in your newspaper, fine, if you want her to vote for you, fine, but don't spoon-feed me BS and tell me it's good for me.

Re:Bleh

[starfliz]

not enough citizens care. to have proper citizens people need to be educated on civics, logic, and management. The government(s) are in charge of our schools. This is the foundation on which all problems rest.

What the heck is a Cyber Warrior?

[Qualin74]

Can someone tell me WTF a "Cyber-Warrior" is? Seriously. Like, what is it.. A bunch of script-kiddies running 1337 ha0r tools? Or someone who just knows how to pingflood? If they really want to be concerned about "Cyber Security", why don't they nuke all the computers running Bot nets? Why don't they go after the jerkoffs running the C&C servers? Why don't they set up Honeypots acting as spam traps and go after all those spammers clogging up the pipes? Why don't they go after the RBN equivalents out there? Nobody would dare to sue a military unit, would they? Am I missing something here?

Re:What the heck is a Cyber Warrior?

[Akita24]

It's like a Road Warrior only different.

Re:What the heck is a Cyber Warrior?

[Lord+Ender]

Right now, it is trivial to get into any medium or large company's datacenter. And it happens all the time. I would imagine that the term "cyber-warrior" would refer to someone skilled in the craft of doing exactly that.

Are they hiring these people to "hack back" for counter-intelligence purposes? Will they be using these guys to try and get botnets all over countries we have poor relations with for intelligence-gathering purposes? Or are they hiring them merely ramp-up penetration testing efforts against our own systems?

It's hard to say, but I'm guessing there might be some of each.

Re:What the heck is a Cyber Warrior?

[chrisG23]

Can someone tell me WTF a "Cyber-Warrior" is?

Someone involved in any aspect of computer security, which can contain any of the following: penetration testing of systems to determine their vulnerabilites, network monitoring and analysis/intrusion detection, malware analysis, research into new exploits, analysis of botnet infrastructures and so on on the defensive side, and for the offensive side it is scanning target computer systems and networks, enumerating, exploiting, and pwning, either as a script kiddie with tools or as a more real hacker, creating your own tools for the particular system.

If they really want to be concerned about "Cyber Security", why don't they nuke all the computers running Bot nets?

International law. They (the FBI) already goes after people operating the C2C servers inside the borders of this country (the USA). Most people don't know it when their computer is infected with a botnet, depending on the botnet.

Why don't they go after the jerkoffs running the C&C servers? Why don't they set up Honeypots acting as spam traps and go after all those spammers clogging up the pipes?

I think that is the idea of this whole thing actually.

Why don't they go after the RBN equivalents out there?

It is hard to find the ringleaders, and then even if the USA did, they would likely be in Russia, and Russia may not accept our evidence. (Begin rumors without citation) There are some that think the Russian government unofficially supports the RBN, as long as their activities do no mess with Russian interests.(/rumors)

Nobody would dare to sue a military unit, would they? Am I missing something here?

Military action is never a good first option, or second, third or fourth option for that matter. There are serious consequences for violating a sovereign nation with an act of war, unless they are really weak and poor and have no friends.

If there is evidence that countries are beefing up their own cyber warfare capabilities, then it sorta the explicit and implicit responsibility of a government to its people to protect them. You don't see any countries in the world that can afford a military without one do you? Unless they can get it way with it some other way (think Switzerland of countries that are not allowed a sizable military as a condition of their surrender in a previous war by the winning country(ies).)

Welcome to the future. Its like Robot Jox but without the robots and just the software.

Re:What the heck is a Cyber Warrior?

[Lord+Ender]

Pay me a good salary and give me an interesting job and you can call me the tooth fairy. Your priorities are entirely backwards. Besides, nobody said that was the job title. Troops today have titles other than "warrior," you know.

Re:What the heck is a Cyber Warrior?

[mikael]

Can someone tell me WTF a "Cyber-Warrior" is?

Somebody who understands how all the Internet protocols work (ssh/sshd, smtp, inet). If you have a Linux system, look at your /etc/services file. Do you know what all those protocols are? Look in your /etc/ssh directory. Are there files there? What are the *_key, *_key.pub files for? What are the hosts.allow, hosts.deny files in your /etc directory for? What is selinux? Or the smb.conf file?
Do you what all the RFC files are for? What is your /etc/hosts file for? What is dhcp, and how does dynamic IP address allocation work? What is a DHCP server? What is postfix? How would you tell if any of those files were misconfigured or compromised?

What are the vulnerabilities in all the source code that these are implemented in? How would you look for them? How is malicious code written? In what way can code take advantage of the hardware (Some time ago, there was a security fault where a program could generate a page fault, the kernel interrupt handling this event wouldn't restore the user ID, and thus granted root ownership to the process).

That is just barely describing the functionality of a basic home Linux system for personal use, let alone a commercial web server, which will have multiple backups (CPU's, disk drives, network connections, backups).

For someone to gain access and control of a web server, all they have to do is to get a single executable bit of code to execute on that system, that can receive commands from outside, perhaps even allowing remote login.

Re:What the heck is a Cyber Warrior?

[mrdoogee]

!!!!!!ATTENTION CITIZEN!!!!!
W97M.Marker.o virus has been detected on this system. Airstrike is incoming and a SEAL team has been dispatched to your location. Please assume *PATRIOT* position on the floor and await further orders.

What the * is a Cyber Warrior?

[CoffeePlease]

Just saying it does not make it mean something. We need a new congress.

Re:What the * is a Cyber Warrior?

That's easy. A Cyber Warrior is someone empowered (for your own protection) to watch your communications, analyze your network of friends for suspicious links, grant your tax money to friendly contractors, seize your dangerous data, and defend your computer against its true enemies (who, as we speak, are probably planning their next attack with exploding wigs instead of flammable jock straps).

It is an unintended and unfortunate side-effect that Cyber Warriors, in order to keep you safe, require significant funding and additional powers over you.

Needless to say, we'll require lots of them.

the 'Manhattan Project of our generation'

[KharmaWidow]

So does this mean that they are trying to wreck havoc on our lives like nuclear bombs have? ...Wars, threats of terrorism, devastating economic sanctions, preemptive wars, and cold wars?

Reminds me of the DEVO song "It's a Beautiful Life"

Rule of law, which Congress writes...

[weston]

I wasn't aware that Congress could order the White House to do anything. What part of the Constitution gives it this power? What about "separation of powers"?

In theory, we have rule of law in this country, and the executive branch is bound by law, which congress writes, except the Constitution. The theoretical separation of power lies in the fact that the executive is generally part of the legislative process via the veto/signing power.

In practice, the executive branch has even further freedom pretty broad latitude, arising partly from being the executor of the law, and partly from human sociology (most people have some natural aversion to adversarial actions against high-status individuals) and politics (sure, maybe Bush and Cheney are guilty of war crimes, but you open that can of worms and you're going to start a big fight and potentially find yourself staring down the barrel of similar accusations in the future).

If anything, the executive branch is stronger in practice than it should be.

Re:Rule of law, which Congress writes...

[mcgrew]

If anything, the executive branch is stronger in practice than it should be.

I certainly wouldn't argue with that.

Re:Rule of law, which Congress writes...

[shaitand]

The entire federal government is dramatically more powerful than it should be. Just look how many powers it has stolen for itself by twisting a simple authority to regulate interstate commercial traffic.

umm wat?

[nilbog]

Shouldn't treaties be made by people who are responsible to an electorate? Isn't that the point of our entire system of government? This seems really shady to me.

Re:umm wat?

[Tekfactory]

The Director if NIST a confirmed presidential appointee.

Appointees get chosen by the president and grilled by the Senate, all of whom are elected and in theory responsible to their electorate.

Re:umm wat?

[dnahelicase]

Shouldn't treaties be made by people who are responsible to an electorate? Isn't that the point of our entire system of government? This seems really shady to me.

Don't use the internet to point out obvious lapses in judgment that the US government might have made. If it seems shady to you it means you have something to hide, and it's because of people like you that we need treaties like ACTA.

Once the new cyberwarriors can finally get out and patrol the internet we won't have to worry about these weaknesses being released to the pirates.

Re:umm wat?

[Late+Adopter]

The Director of NIST is a Senate-confirmed position. He's responsible to the Secretary of Commerce, and then the President, who is in turn responsible to the electorate (America is not a direct democracy, remember).

A lot of business is done at the Cabinet level and below, even internationally (we have the State Department, remember, and the Office of the US Trade Representative). Treaties that require more than existing Executive power still have to be implemented with legislation.

Separating reality and fantasy

[Angst+Badger]

Every time I hear a government official -- or, for that matter, anyone else -- refer to a "cyber warrior" outside of the context of a game or movie review, I want to take their television away from them until they're old enough to tell the difference between reality and fantasy. And in the case of this buffoon and his thousand extra cyber warriors per year, he also needs to read The Mythical Man-Month before he's allowed to leave his room.

Re:Separating reality and fantasy

[spinkham]

I'm sure that kenetic response for network threats is part of the US strategy. Though we don't use swords much anymore...

Re:Separating reality and fantasy

[Lord+Ender]

If anyone is living in fantasy, it's you. Computer systems are compromised all the time here in reality. Sometimes it's by bored teenagers, sometimes it's by the mafia, and sometimes it's by foreign governments and their proxies. There is nothing of fantasy about hiring people with those skills; they could help you secure your own systems and gather intelligence on your enemies.

Re:Separating reality and fantasy

[lennier]

Because 'cyber warrior' sounds better than 'script herder'.

Re:Separating reality and fantasy

[frank_adrian314159]

When I hear politicians calling soldiers "warriors" it makes me want to puke, as well. Being a soldier has been (and still is) a noble short-term profession. But we should always look at employing soldiers as, at best, a necessary evil. Give the guys that do it respect, but don't elevate them to exalted levels. And make no mistake, using the term "warrior" seeks to do this. We should never elevate the military above the political. I don't want to become an empire ruled by exalted military commanders (though the Congress seems to be showing too much deference and moving in this direction these days).

Re:Separating reality and fantasy

[geekoid]

If they where throughinh 1000 people at on single project, you would be correct.

This is about 100's of new projects and needing the man power. You can have multiple teams working on separate projects and be successful.

Please tell me you don't think 1000 people will al be working on the same project? That would be a hell of a funny way to do paired programming.

Yes, cyber warrior is a lame name. No doubt about it.

OTOH:
"Cyber Warrior needs Dew, badly"

Re:Separating reality and fantasy

[Angst+Badger]

My objection was to the terminology, not the notion of the threat. Americans have this very unproductive habit of trying to cast every struggle in terms of a war of some kind: the war on drugs, the war on terror, even the war on cancer. The problem is that warfare is not a very effective model for much of anything except actual war, where it is arguably not terribly effective at anything except wasting lives and resources. Securing a system is not in any way like warfare. It is a whole lot like engineering, mathematics, and systems analysis, among other disciplines.

If the congressional bozo in question had called for engineers, technicians, and scientists, that would have been fine. Instead, he called for "warriors", which is at best empty rhetoric and at worst betrays a complete failure to grasp the nature of the situation. I know very well that the threats are real. I also know very well that none of those complex, multidisciplinary threats are going to be effectively met by simplistic militaristic thinking.

Re:Separating reality and fantasy

[Lord+Ender]

If they intend to counter hacks in an offensive manor, then war really is a fair analogy.

Google/NSA

[Temujin_12]

Hmmm.... this would be related now would it?

Google is finalizing an agreement with the National Security Agency to help the search giant ward off cyberattacks, according to the Washington Post.

Re:Why Icecream has no bones

[poetmatt]

so the real answer is that you're saying you forgot to check off "post anonymously", then.

Re:Orders?

[bsDaemon]

If Congress passes a law which has requirements of the Executive branch, then they are required to meet them. This law contains such a provision. By signing the bill into law, the President is clearly agreeing to the terms. It's not so much an "order" -- and even if it is, Congress has subpoena powers as well as the power of impeachment, so they're fully well able to order people to do things.

If you really wanted to become the most powerful person in the country, you don't really want to be president. You want to be Speaker of the House, and then also get the chairmanship of the Ways and Means and Appropriations committees. Some other stuff like foreign affairs, defense and intelligence, etc might be nice, but controlling what comes to a vote on the house floor, and the committees which control the purse strings, pretty much everyone would have to just bow down and suck it.

Re:Orders?

[starfliz]

separation refers to the creation of law. Just because the house passes a bill it does not make it a law. The white house has the power to veto. If the white house signs this then it agrees to it. The executive can be overridden of course but that just means the senate and house believe the bill is to important for the executive to have judgement.

Re:Why Icecream has no bones

[wizardforce]

better to be ignorant of it then right?

Re:Orders?

[tyrione]

Hi, I'm Separation of Powers, and I take laws that Congress makes and give them to the Executive branch so they can enforce them. In other news, you really don't know what those words you said mean, do you?

Touché.

I give up

[Quiet_Desperation]

I'm done fighting this stuff. I have only two questions. [1] Where do I send a resume to be a cyber warrior and [2] do I get an awesome badge?

Re:I give up

[mrdoogee]

I'd prefer to be a cyber cleric. Or perhaps a cyber thief/rogue. My DPS against servers is pretty low, but I have a great AoE script that gives everybody else +1 against *NIX type mobs.

Re:Orders?

[mujadaddy]

Now, the SCOTUS can order the President to obey the laws

Andrew Jackson would disagree with that.

This is Junior high school shit, everyone should know it.

Congress issues requirements for the Executive branch all the time. Everyone should know this "Junior high school shit."

I'll be your John Wayne

[elrous0]

the US needs 500 to 1,000 more 'cyber warriors' every year in order to keep up with potential enemies

I'm ready to serve my country. But if you want me on the team I'll need Top Secret clearance, one of those cool James Bond gun pens, a military uniform so I can get laid in bars, and a lifetime supply of Diet Mountain Dew Code Red and Doritos.

Re:I'll be your John Wayne

[daveatneowindotnet]

I can assure you, that you will be disappointed in all of these things if you given them.

Re:I'll be your John Wayne

[imac.usr]

What have you got against Doritos?

Re:I'll be your John Wayne

[russotto]

I'm ready to serve my country. But if you want me on the team I'll need Top Secret clearance, one of those cool James Bond gun pens, a military uniform so I can get laid in bars, and a lifetime supply of Diet Mountain Dew Code Red and Doritos.

Sorry, with your physique the military uniform will only get you laughed at in some bars and beaten up in others. Back in the day the Top Secret clearance might have gotten you laid by one of the KGBs finest, but I think they've cut the budget for that. And you'd probably just shoot your balls off with the pen gun, so you're not getting it.

Re:I'll be your John Wayne

[geekoid]

Jame Bond didn't need a military uniform to get laid.

OTOH, how freaking cool would it be if the Tuxedo was a military uniform? mm.. ok not too cool.

"and a lifetime supply of Diet Mountain Dew Code Red and Doritos."

so a months worth.

too coincidental

[JustNiz]

Does anyone else also think its entirely too coincidental for the progress of the new cybersecurity bill, that a large scale hack of a giant US company (Google) was supposedly perpetrated by a comunist country a mere couple of weeks before the bill goes before the house?

Re:too coincidental

[geekoid]

no, it was in the works and the outcome isn't unexpected.

Cyber Warriors???

[Khan]

Phft! All you need is Jack Bauer and CTU. THAT'LL teach them not to mess with the US! ;-)

Re:Why Icecream has no bones

[thePowerOfGrayskull]

Why do I have to do this? I don't know, but I do. Alas, Ruth Cleveland died in 1904, while the Baby Ruth candybar made its debut in 1921. Its predecessor dates back to 1916 presumably, at the founding of Curiss Candy.

NIST is not new

[forand]

NIST is not a new agency and has been around for some time. They are responsible for keeping track of US time and other standards. If the directory of NIST is anything like those I know who work there I do not think this will be anywhere near as bad as you imply. Finally ACTA has nothing to do with "international standards" and everything to do with copyright law.

This is how all treaties are made.

[pavon]

I have mod points, but this sentiment has been stated several times in this thread, and I haven't seen an adequate response.

All treaties are negotiated by the executive branch on behalf of the president - it's in the constitution. They are then approved by Congress. This bill isn't taking power away from congress - they never had power to negotiate treaties to begin with and will still approve any negotiated by the NIST. If anything, this might be interpreted as taking power from the President as it limits who can negotiate treaties on standards on his behalf. In practice, this is a boring area and he will gladly let the NIST handle it, until a special case comes up at which point it will be within his constitutional power to appoint someone else if he wants, regardless of what this law says.

Safety first

[shutdown+-p+now]

Good to know that we can finally cyber safely, thanks to the Congress!

Cyber warrior...stupid name...

[cgrant]

Please people, tell your Washington representatives and senators that the term is stupid and sounds like it came from a 1980's GI Joe cartoon. Lets come up with something else other than using "cyber" and "warrior" to describe a technical, professional, information security job function.

Re:Cyber warrior...stupid name...

[mrdoogee]

I perfer "TCP/IP Shaman"

News Flash: 1,000 new cyber warrior H1B...

[sgt_doom]

...visas issued. How do you say "cyber warrior" in Punjabi?

Politically correct need not reply -- the class war has been in progress for quite some time now....how many CEOs did you off today?

Alternative to the Bill?

[myspace-cn]

for windows put boxes behind hardware firewalls and keep them updated with wu and secunia psi
for linux boxes iptables + filters
for fbsd pf
for passwords keepassx burnt to CD
for banking a VM
for shoping a VM
for taxes a VM
for data a clone backup

The problem is there's no leadership because everyone's become frickin fascists instead of engineers. Allowing laws to be nanny state instead of following the constitution.

Re:Alternative to the Bill?

[gmuslera]

only the 1st rule is needed, put the windows boxes behind fire walls

Underlying problem remains unsolved

[indil]

'Cyber', 'warriors', and 'troops' are embarrassing and funny, however this bill's focus on educating people about these issues is laudable, and I'm glad malicious behavior in other countries is a growing concern. But the way I see it, computer security laws disincentivize us from innovating technologies that remove known exploits, and instead we patch things up and wait for the same exploit to show up another day. Buffer overflows, injection attacks, spam, denial of service, malware, viruses, these are things we've chosen to prevent by punishment, rather than by enforcing survival of the fittest for the underlying technologies. I will have to deal with spam probably for the rest of my life, because law enforcement can only target so many spammers, and the smaller ones can get by. The responsibility is on the government to enforce good behavior, so there's no incentive for us to make anything better for ourselves.

Re:Why Icecream has no bones

[cjb658]

Why would there be bones in ice cream? It's not made with animal parts.

Re:Orders?

[Chris+Burke]

Now, the SCOTUS can order the President to obey the laws congress passes (and he or his predecessors sighn), but Congress can't order him.

From the text you yourself quoted:

"The new bill ... orders the White House office of technology to convene..."

So... where exactly are you getting confused?

that's not bad, actually.

[geekoid]

", the director of the National Institute of Standards and Technology, to represent the government in negotiations over international standards and orders the White House office of technology to convene a cybersecurity university-industry task force to guide the direction of future research.'""

that's really good, actually. It beets the last 8 years of ignoring the professionals.

This is dumb

[blugu64]

This is stoopid I can't find anything in the text of this bill that says anything about cyberwarriors.

Re:Why Icecream has no bones

[Cassius+Corodes]

That was just the style at the time - when he says "how else can you make an ice-cream" he is not implying that it was impossible to do it without, just that it was unheard of at the time. It has since become unfashionable - not to mention the health risks - to use a bone as the stick for the ice-cream so they just use a bit of wood instead. Its quite bizarre how much the world has changed.

Check it out - its quite interesting: http://en.wikipedia.org/wiki/Icecream#History

Re:Orders?

[countertrolling]

If you really wanted to become the most powerful person in the country, work for the DMV. IRS is a close second.