Slashdot Mirror

← Back to Stories (view on slashdot.org)

House Overwhelmingly Passes Cybersecurity Bill

Posted by timothy on from the critical-mass-of-buzzwords dept.

eldavojohn writes "The Caucus, a NY Times Blog, is reporting on the overwhelming majority vote (422 yeas) the House gave a new cybersecurity bill. The Cybersecurity Enhancement Act, H.R. 4061 has a number of interesting provisions. Representative Michael Arcuri, a Democrat of New York who sponsored the bill called cybersecurity the 'Manhattan Project of our generation' and estimated the US needs 500 to 1,000 more 'cyber warriors' every year in order to keep up with potential enemies. The new bill 'authorizes one single entity, the director of the National Institute of Standards and Technology, to represent the government in negotiations over international standards and orders the White House office of technology to convene a cybersecurity university-industry task force to guide the direction of future research.'"

33 of 170 comments (clear)

  1. I wonder by jwinster · · Score: 5, Insightful

    Since this new body is designed to "represent the government in negotiations," I wonder if there's any relation to the ACTA treaty currently discussed behind closed doors.

    --
    Q.E.D.
    1. Re:I wonder by coinreturn · · Score: 3, Insightful

      Since this new body is designed to "represent the government in negotiations," I wonder if there's any relation to the ACTA treaty currently discussed behind closed doors.

      I don't wonder at all.

    2. Re:I wonder by girlintraining · · Score: 5, Insightful

      You don't have to wonder. This is one of the final moves being put in place to distance themselves from public controversy. They're expressly putting treaty powers into the hands of someone who isn't an elected official. When it finally blows open, they'll conduct an investigation, which will be tied up in committee for years. The investigation will continue until it drops off the media radar and people forget about it. In the meantime, no direct criticism can be made of ACTA -- because the investigation hasn't resolved. It's a standard PR move, and it's been done before. If the public demands blood, they'll pin it on the scapegoat -- "We Were Misled" will be the headline. But the treaty will remain.

      This is how bureauacracy deals with things they know will become controversial: They elect a fall guy, and then create a web of deceit to blunt the minds of their critics and hopefully dissipate entirely any demands for their power to be reduced. And most of the time, it works.

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:I wonder by Tekfactory · · Score: 4, Informative

      NIST isn't a new entity, they are the US Government's standards body, they are part of the Dept of Commerce, and write all kinds of standards the government has to use.

      So when the government directs their standards body to take part in standards negotiations on their behalf, there is no conspiracy there.

      Take a look at some of what NIST does

      http://www.nist.gov/index.html
      http://www.nist.gov/public_affairs/orgchart.htm

      Also note that like IEEE all of their Technology Special Publications go through public comment periods.

      http://csrc.nist.gov/publications/PubsSPs.html

      One of my favorites is SCAP, its like an XML for Security products that helps to standardize vulnerability reports and security settings so you can check using an array of SCAP compatible tools if your thousands of machines are all patched and up to date as well as running your enterprise security config.

      http://scap.nist.gov/

      I'd be concerned if some new bill made someone ELSE without some of the worlds best test labs, scientists and engineers negotiate standards for the US.

    4. Re:I wonder by girlintraining · · Score: 2, Interesting

      It has nothing to do with ACTA. Really. Read the bill. It's S&T driven: research, education, and having somebody there when standards setting bodies meet.

      The internet has been a thorn in the side of every government since it's creation -- it's a place where people can organize against the government, conduct tax-free business, and freely and anonymously congregate. The only 'standards' the governments of the world are interested in, are ones that allow them a greater degree of control over it.

      Do you really think they give a damn about whether it runs on IPv4, or IPv6, or whether DNS is secure or not?

      --
      #fuckbeta #iamslashdot #dicemustdie
    5. Re:I wonder by Vairon · · Score: 3, Informative

      They are not a loophole. The supreme court has ruled that treaties do not supersede the constitution.

      http://www.npr.org/templates/story/story.php?storyId=89100044
      http://www.sweetliberty.org/issues/staterights/treaties.htm
      http://en.wikipedia.org/wiki/Treaty_Clause
      http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=CASE&court=US&vol=354&page=1

    6. Re:I wonder by FatherDale · · Score: 2, Informative

      The State Dept DOES listen to NIST, and was the first federal agency to adopt the NIST SP800 series as the primary guidance for information security issues. State also made up 100% of the panel that built the CAP certification, and built it mainly on SP 800-37.

  2. Re:Why Icecream has no bones by Anonymous Coward · · Score: 3, Insightful

    Uhmm.....you forgot to check the "Post Anonymously" box.

  3. I need a job and this one fits my life to a tee. by JDeane · · Score: 2, Interesting

    Where do I sign up?

  4. Cyber Warrior positions available? by PingSpike · · Score: 4, Funny

    I knew all those years playing Quake would come in handy eventually.

    1. Re:Cyber Warrior positions available? by Hurricane78 · · Score: 2, Insightful

      I think you mean System Shock 1!

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
    2. Re:Cyber Warrior positions available? by Alsee · · Score: 2, Funny

      I am Cyber Warrior. I was once likely to be eaten by a grue.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  5. eeep by the_Bionic_lemming · · Score: 3, Funny

    The house overwhelmingly approved? That means it'll add to the deficit, be largely useless, and misused by RIAA.

    God help us all.

    --
    _ _ _ Go for the eyes Boo! GO FOR THE EYES!
  6. Cyber Warriors.... by neogeographer · · Score: 5, Funny

    Come out to playyyyyyyyy

  7. Re:I need a job and this one fits my life to a tee by chill · · Score: 3, Interesting

    http://www.usajobs.gov/

    --
    Learning HOW to think is more important than learning WHAT to think.
  8. So now suddenly it's OK again? by moz25 · · Score: 3, Interesting

    Too little, too late.

    For more than a decade, effort was done to *weaken* the domestic talent at developing themselves or helping (causing) to harden the existing infrastructure.

    --
    see a Text Widget
    1. Re:So now suddenly it's OK again? by GovCheese · · Score: 5, Informative

      The federal government hasn't done a particularly good job advertising their Scholarship for Service Federal Cyber Service program where promising cyber students are given scholarships in return for a promise to give the government 2 years of service as federal employees in a cyber security related position. Few in the IT field even know it exists. But it's an exceptional idea and most government agencies are lobbying for expanding it to bring in even more students. The federal government isn't entirely incompetent or bereft of good ideas or lacking the will to implement them. The SFS Cyber Service program is one of their success stories.

      --
      "He's using a quantum encryption scheme! That'll take hours to break!"
    2. Re:So now suddenly it's OK again? by Anonymous Coward · · Score: 3, Informative

      It gets better:

      H.Amdt. 545:
      An amendment numbered 1 printed in House Report 111-410 to address the lack of minority representation in the cybersecurity industry including women and African-Americans, Hispanics, and Native Americans. The amendment adds language in Sec. 107 to describe how successful programs are engaging said minorities and in Sec. 108 to include minority-serving institutions on the Cybersecurity University-Industry Task Force.

      Yay, more quotas.

      H.Amdt. 548:
      An amendment numbered 4 printed in House Report 111-410 to require the National Science Foundation to study ways to improve detection, investigation, and prosecution of cyber crimes including piracy of intellectual property, crimes against children, and organized crime.

      Won't someone think of the children? And "This bill brought to you by the MPAA/RIAA".

  9. Private sector by gmuslera · · Score: 4, Funny

    A private company could be delegated for most of the dirty stuff. OCP, Cyberdyne, and Umbrella Corporation already proposed themselves for that task.

  10. Re:I need a job and this one fits my life to a tee by Anonymous Coward · · Score: 3, Insightful

    https://www.sfs.opm.gov/

    I went through this program. Got a FREE MS in CompSci in 3 semesters, interned at NIST for a summer and ended up working for NSF for a couple years. Started at NSF and a GS-9, was GS-12 within 2 years.

  11. Re:Why Icecream has no bones by fibrewire · · Score: 3, Interesting

    Nah, I just get sick of cybersecurity bill garbage - not like anyone on slashdot is going to do anything about it.

  12. Google attack? by antiaktiv · · Score: 3, Interesting

    Would it have had as much support without the recent (allegedly chinese) attack against Google and other companies?

    BYOCT... (Bring your own conspiracy theory)

  13. Re:Orders? by mujadaddy · · Score: 3, Insightful

    Hi, I'm Separation of Powers, and I take laws that Congress makes and give them to the Executive branch so they can enforce them.

    In other news, you really don't know what those words you said mean, do you?

    --
    Populus vult decipi, ergo decipiatur...
    "Force shits upon Reason's back." - Poor Richard's Almanac
  14. Where is their test environment? by zerointeger · · Score: 2, Insightful

    Since when does using a fuzzer to modify http headers constitute as a l337?

    So do I have to give up my computer while somebody that wants to test out their l337 skillz essentially destroying my development server and hard work without compensation?

    Where are the bills protections to me as a non-felon, voting, tax-payer?

  15. Bleh by Anonymous Coward · · Score: 2, Interesting

    It's incredibly difficult to do something in an official, bureaucratic capacity without making your plan (and your goals) seem ridiculous, and your knowledge of the problem laughably ignorant. The internet is championed as a communication medium designed to be 'un-patrolable,' and any system that inspires hollywood-type 'hacking' will be immediately, firmly, and justifiably criticized by those who value it for exactly that reason. It sounds like our politicians are convinced that China has a few more 'cyber-warriors' than us, so we need to get in on that arms-race and move some of those crazy xbox kids away from shooting zombies so they can make pew pew at the holes China's punching in the giant 'firewall' UI buried under Nebraska. Why does the language of our policy, the words coming from the mouths of our representatives, have to be so over-simplified? Why can't the media hire somebody who knows what the hell they're talking about, and have him explain it in language appropriate for the content? Aren't the people who actually care about the issue, and so become its audience, the same people who are insulted by the simplified method in which its presented? Honestly, if you want my Grandmother to read an article in your newspaper, fine, if you want her to vote for you, fine, but don't spoon-feed me BS and tell me it's good for me.

  16. What the heck is a Cyber Warrior? by Qualin74 · · Score: 2, Informative

    Can someone tell me WTF a "Cyber-Warrior" is? Seriously. Like, what is it.. A bunch of script-kiddies running 1337 ha0r tools? Or someone who just knows how to pingflood? If they really want to be concerned about "Cyber Security", why don't they nuke all the computers running Bot nets? Why don't they go after the jerkoffs running the C&C servers? Why don't they set up Honeypots acting as spam traps and go after all those spammers clogging up the pipes? Why don't they go after the RBN equivalents out there? Nobody would dare to sue a military unit, would they? Am I missing something here?

  17. umm wat? by nilbog · · Score: 2, Insightful

    Shouldn't treaties be made by people who are responsible to an electorate? Isn't that the point of our entire system of government? This seems really shady to me.

    --
    or else!
  18. Separating reality and fantasy by Angst+Badger · · Score: 4, Insightful

    Every time I hear a government official -- or, for that matter, anyone else -- refer to a "cyber warrior" outside of the context of a game or movie review, I want to take their television away from them until they're old enough to tell the difference between reality and fantasy. And in the case of this buffoon and his thousand extra cyber warriors per year, he also needs to read The Mythical Man-Month before he's allowed to leave his room.

    --
    Proud member of the Weirdo-American community.
  19. Re:Orders? by bsDaemon · · Score: 2, Insightful

    If Congress passes a law which has requirements of the Executive branch, then they are required to meet them. This law contains such a provision. By signing the bill into law, the President is clearly agreeing to the terms. It's not so much an "order" -- and even if it is, Congress has subpoena powers as well as the power of impeachment, so they're fully well able to order people to do things.

    If you really wanted to become the most powerful person in the country, you don't really want to be president. You want to be Speaker of the House, and then also get the chairmanship of the Ways and Means and Appropriations committees. Some other stuff like foreign affairs, defense and intelligence, etc might be nice, but controlling what comes to a vote on the house floor, and the committees which control the purse strings, pretty much everyone would have to just bow down and suck it.

  20. Re:What the * is a Cyber Warrior? by Anonymous Coward · · Score: 2, Insightful

    That's easy. A Cyber Warrior is someone empowered (for your own protection) to watch your communications, analyze your network of friends for suspicious links, grant your tax money to friendly contractors, seize your dangerous data, and defend your computer against its true enemies (who, as we speak, are probably planning their next attack with exploding wigs instead of flammable jock straps).

    It is an unintended and unfortunate side-effect that Cyber Warriors, in order to keep you safe, require significant funding and additional powers over you.

    Needless to say, we'll require lots of them.

  21. Re:Rule of law, which Congress writes... by shaitand · · Score: 5, Insightful

    The entire federal government is dramatically more powerful than it should be. Just look how many powers it has stolen for itself by twisting a simple authority to regulate interstate commercial traffic.

  22. I'll be your John Wayne by elrous0 · · Score: 3, Funny

    the US needs 500 to 1,000 more 'cyber warriors' every year in order to keep up with potential enemies

    I'm ready to serve my country. But if you want me on the team I'll need Top Secret clearance, one of those cool James Bond gun pens, a military uniform so I can get laid in bars, and a lifetime supply of Diet Mountain Dew Code Red and Doritos.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  23. This is how all treaties are made. by pavon · · Score: 3, Insightful

    I have mod points, but this sentiment has been stated several times in this thread, and I haven't seen an adequate response.

    All treaties are negotiated by the executive branch on behalf of the president - it's in the constitution. They are then approved by Congress. This bill isn't taking power away from congress - they never had power to negotiate treaties to begin with and will still approve any negotiated by the NIST. If anything, this might be interpreted as taking power from the President as it limits who can negotiate treaties on standards on his behalf. In practice, this is a boring area and he will gladly let the NIST handle it, until a special case comes up at which point it will be within his constitutional power to appoint someone else if he wants, regardless of what this law says.