Slashdot Mirror
White House Declassifies Outline of Cybersecurity Plans
An anonymous reader writes "The Obama administration on Tuesday declassified part of the Comprehensive National Cybersecurity Initiative created during the Bush administration, outlining offensive and defensive strategies for protecting information networks. The initiative was originally intended to unify efforts of a number of government agencies into a comprehensive strategy to protect the nation's computer networks. 'One area in which the government did officially disclose new details was Einstein 3, a program to protect civilian government systems from intrusion by deploying sensors on the networks of private telecommunications companies. For the first time, the government disclosed officially that the program would use technology developed by the NSA, the nation's largest intelligence agency. It also said that the Department of Homeland Security, which would run the program, would share malicious code data with the NSA but not the content of communications, such as e-mails.'"
Yes, the threats are real, but the solution that the "Cyber Warriors" came up with is crap. A much better solution than working around all the holes and patching them quicker is to simply rip out a bad design and replace it with a better one. Its not easy changing everyones OS, but it's cheaper in the long run.
If your neighbor is worried about the Red Menace, he might be inclined to put a ABM launch site in his backyard, or even ICBMs as deterrent force.
You probably don't want that.
There are some very good reasons for centralizing physical warfare under a single political authority. It's not just that the constitution says this is a federal executive job (i.e. not something you leave to the states or the people); it's a good idea. If it weren't in the constitution already, I think almost all people would support an amendment making it so.
But even so, there are limits to that. There's no legitimate reason the federal government should be able to have any sort of authority at all, over whether or not people are allowed to build bomb shelters. A bomb shelter isn't a particularly good way to deal with the threat of nuclear holocaust (the best thing to do, is persuade the Russkies to not attack in the first place), but it doesn't really endanger your neighbors or usurp the president's negotiating power.
The same applies even to 18th century threats. If your neighbor is worried that the Brits might try to retake the colonies, it's ok for him to stock up on musket ammunition, but that's not really a good solution either. You want a single political entity to deal with the Brits, hopefully at a point long before anyone has to worry about redcoats marching through their farms.
With cybersecurity, the situation is pretty different. The analogy to relatively ineffective private bomb shelters and relatively ineffective musket ammunition stockpiles, happens to be the best solution to computer security problems. If you decide to have a policy of not executing malware, you are pretty much invincible except for Denial of Service issues related to overwhelming traffic. (And the private network providers are able to deal with that.)
We don't need any sort of central authority for dealing with computer security. That doesn't mean a central plan would be totally useless, but the payoff is pretty low. A president in charge of cybersecurity is about as an effective solution to cybersecurity, as bomb shelters are an effective solution to nuclear war.
People can already deal with this; they just don't bother to. That's their problem.
Now, TFA is actually not all that stupid-looking. He's mostly talking about the government protecting goverement systems. That's a no-brainer. But we don't need them to protect private networks, and I hope people keep an eye on any bullshit that moves in that direction.
Go to a typical hospital. Count the number of life critical monitoring equipment is running old unpatched copies of XP and connecting to easily broken WEP encrypted networks.
How many financial transactions take place at ATMs loaded with Windows 2000? How many banks have crappy, poorly written ASP.NET websites.
How about all those malware filled crusty old porn surfing boxes that manage our power grid in their spare time?
Yes, there is a problem. We are vulnerable and something bad will someday happen. However, nothing our government is going to do is going to help. What's necessary is for the people to demand better from the hospitals, banks, power companies etc... which implement this crap. That isn't going to happen. The people don't understand, don't care and don't want to.
Meanwhile what is some government agent reading my email going to do to help? Our government has a horrible track record on privacy and lately even on basic human rights in general. On top of this, all three branches and both parties are in the pockets of media executives who admittedly do have some legitimate points about their property being stolen but would like to take things way beyond protecting what is truly theirs and eliminate fair use while closing off media to any potential competitors.
Protect the internet, protect free speech. Keep the government out.
I guess my most major concern about using the Department of Homeland Security is that if anything should go wrong; that it's not during dinner.
And I guess my most major concern about using the Department of Homeland Security is that. They take my nail clippers away because it's a security risk, say I can't wear underwire bras, have closed the bathroom down for most, if not all of the flight (and god help you if you have a feminine issue then) now they want to take high-resolution naked pictures of me and share them with their government buddies, contractors, and basically anyone not me. They can't even handle issues of basic sanitation and common decency -- a problem as I understand has been solved for a few thousand years now. I would go on a feminist rant right about now, but frankly I don't think they're being sexist, just retarded. Unfortunately, retardation isn't curable. But I digress...
The only reason the internet still works at all is because they haven't gotten around to screwing it up -- yet. I can just see it now -- The entire internet has been turned off because a kindergartner in Utah made a drawing that suggested he was going to shoot the president. It was later disclosed that the drawing was of a cat and the sun. And later, mom posts it on the fridge...
#fuckbeta #iamslashdot #dicemustdie