Slashdot Mirror
Sen. Bond Disses Internet 'Kill Switch' Bill
GovTechGuy writes "Sen. Kit Bond (R-Mo.) has introduced his own cybersecurity legislation with Sen. Orrin Hatch, and he had some harsh words for a competing bill sponsored by the Senate Committee on Homeland Security. Bond said that bill, which has been criticized for allegedly giving the president a 'kill switch' over the Internet, weighs down the private sector with mandates and puts too much on the plate of the already overburdened Department of Homeland Security. Sen. Bond's bill would create a new position in the Pentagon, reporting directly to the president, in charge of coordinating all civilian cybersecurity. Any private-sector involvement would be voluntary and free from legal challenge, rather than mandated."
We don't need a military-like "big red button" in the boss's office that shuts down all Internet systems... that would open us up to even worse problems. (Did anybody watch the recent CNN special "We Were Warned: Cyber Shockwave" about this situation exactly? If you shut down all civilian communications, how are you going to tell workers where they're needed? A simple attack somewhere along the power grid, and nobody will know where the fault is to repair it.)
But, there is something we should give over in this area. The ability to kill programs that are causing damage to other systems or the Internet structure. Basically, if food has a problem, we recall what had the problem, not all food. If MS-SQL has a problem, we have an Internet outage... what if Microsoft was able to say "You must patch to version 7.3.43... we've got a security problem with 7.3.42." Basically, if you're running a "wrong" version of an application, you shouldn't be allowed to expose that to the Internet... you're just going to spread the worm of the day once you get caught by the bad guys. Can we have some good guys shut you down first?
The difference is clear... you don't shut down the whole Internet when things go bad, you shut down the bad application. SysAdmins will notice their service is down, and hopefully will get a nice clear message that they've put off the patches for too long, and if their server wasn't already spreading the worm, it was about to before the kill switch got in the way.
This is much like the college solution where if their honeypot detects that you've sent out a worm packet, they tell the nearest network switch to cut you off. You notice your IM client can't connect and neither can your web browser, and call IT. The Internet isn't down... you're down for the safety of the computers around you. Bring your machine to IT, pay for the cleanup service and a free copy of the college's favorite anti-virus, and while you carry your machine back to the dorm they turn your port back on.
This is just basic cyber-defense. You're totally secure if you unplug everything... but then you also lose the services which are the point of having the server. We need to use the good servers to keep some level of communication going... and spread the word that the bad servers need the patch that was released a few months ago! When things go wrong, you don't throw the whole thing out without trying to fix it first!
So, what about the impact on all the other countries?
They tried to make the training video 'light' and humorous, but it still doesn't negate the fact that these plans have already been put into action.
RIP America
July 4, 1776 - September 11, 2001
How about this? A 20 year moratorium on introducing any new rules/regulations on the internet.
Its a rarity if government regulation actually helps, and even when it does "help" it either creates larger problems down the road or fixes something else the government did.
Other than the initial creation of the internet, it has been largely a private affair and that is responsible for the majority of its growth.
Taxation is legalized theft, no more, no less.
Why is it such a shame that it's a Republican?
No good news here. Bond's concerns about a cyber security bill can only mean he feels it isn't harsh enough. If he's in league with copyright's Prince of Darkness Orrin Hatch, who not too long ago wanted to scan all PCs warrantlessly and without judicial oversight automatically destroy those found with "unauthorized content" (read: entertainment), it shouldn't take too much in the way of imagination to predict his response to information he defines as threats to security.
- js.
Those that want a "kill" switch regardless of party better not get what you wish for. If a liberal is in charge of a kill switch, killing off conservative websites just remember that politics is like a circle, what goes around comes around. Personally, I wish a hands off approach to the internet under purely 1st amendment grounds. "Congress shall make no law..." what part of that do those pinheads not understand. With the good, comes the bad. 3/4 of the crap on tv, radio, internet, magazines I don't care for, but I'd rather it be left to the market to figure out, instead of some idiot politician to say if it should be banned.
The entire thing stinks to high heaven. These guys still think of the Internet as of tubes and trucks and who the hell knows what else, but it doesn't matter. The important thing is that this series of tubes and trucks is bothering them something awful.
They can't control dissemination of information on it like they do on TV. Anybody can just start a blog or a forum and discuss policy and worse, they can share actual information, the kind that government prefers you not to pay attention to... here is something shiny for you.
They need a kill switch, and when they say that, they likely mean a kill, as in Minigun type of kill switch.
Take this new cybersecurity bill, add the Trusted Security in Cyberspace proposal, involve the DHS, factor in Gitmo and rendition, multiply by Secret Service getting an 'upgrade' (from the same Lieberman ideas by the way), you are going to have a very neat 'kill switch'.
This 'cybersecurity' nonsense is supposed to be able to expire 120 days after execution, well, just make the emergency last longer, have the president sign an order or whatever it takes. Actually 120 days is enough to push through any kind of agenda if there are no opposing voices at all, and TV opposes nothing (except for clowns, but who listens to clowns, right?
They just want to stop you from being able to get and discuss any information that may end up hurting their agenda, and they have plenty of agenda.
You can't handle the truth.
Most sites are running off of crappy shared hosting services, and the guy actually running the site has no idea how the server was configured, and whether current (or any!) security patches have been applied. He can do things like call phpinfo() to make sure that's at least current and intelligently configured, but he has no idea if the server itself is set up well, and more importantly, no way to fix it if it isn't.
This creates a huge problem if the server is pulled. Suddenly, all the shared hosting accounts go dark, and no one can even retrieve their site. Even assuming the site owner has a reasonably current backup, things like forum posts get lost, and the site operator is forced to send off a mass email explaining the problem (if he even knows what happened!) and then frantically try to rebuild the site elsewhere. Oh, and the hosting company usually owns the domain, so when it does come back up, he's still missing a huge chunk of his userbase.
I don't think it's an exaggeration to estimate that 90% of websites are on shared hosting accounts. Granted, it's the 90% that don't get much traffic, but every site has to start somewhere, and many simply aren't intended to be for more than a handful of users.
"Kill it!"
Um, what?
How about instead funding some free-to-all open source antivirus, anti-spyware, etc. programs to hinder the spread of malware and botnets? And kill spammers while you're at it. Yes, those you can kill.
We are all God's parents.
puts too much on the plate of the already overburdened Department of Homeland Security
Uh-huh. Like we already knew; say hello to the new boss, same as the old boss.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Let us not be confused by suggestions that just because Sen. Kit Bond criticised the previous proposal, his proposal is any good.
IMO there is absolutely no reason to put a cyber security czar in the pentagon.
In America, as in any free country the military should do nothing but armed conflict with other nations, and civilian agencies should provide internal security.
But hopefully the existence of multitude of bills will result in no bill being passed, which would probably be the best outcome.
... that government shouldn't have emergency powers over Internet, or power grid or industries or transportation? If so, I think we need a new government, not a total repudiation of the concept of a government. Yes, enforcement should be practical, keep up to date with technology, not go overboard and be safeguarded against broad witch hunts for real or imaginary non-emergency wrong doing. But if we are under a massive cyberattack by a foreign government or terrorist organization, we do want the government to be able to shut down all channels for malicious traffic to affect critical utility/information/medical/commercial infrastructure - or try to as much as technologically possible to implement without serious hardship to legitimate users.
And of course that would stop them once the technology is in place.
For all of ten seconds.
It wouldn't just do that. Think about the enforcement mechanism that would be required to make this operate : all computers in the world would need to answer to a single, global command authority. This authority would immediately be used to "end piracy", for obvious reasons. Even unconnected operation would have to be subject to government approval (or else you could use that to sabotage the system when it gets reconnected).
And given that unless this is implemented globally, it would be a financial disaster. If the US implements this but China doesn't, that gives anyone else 2 major advantages : all spam income would go to them, all spam costs would go to the US. Furthermore, get 1 spy close to the kill switch, and ... And God forbid we try to get other countries to cooperate with this. What will it take ? A global "the taiwanese king cannot be criticized" policy would seem to be required. And what about the "islam requires women cannot access the internet", a Saudi and Egyptian policy ? Doubtless the UN would consider that entirely reasonable and demand we become "culturally tolerant", you know just like you can no longer say that it was muslims who massacred americans in 2001, for the sole reason that "islam demands it", according to the terrorists themselves (and quite frankly when a barbarian is swinging an axe into your face shouting "you shouldn't have insulted ...", you can generally assume he's not lying. The only correct reaction, of course, is to swing a bigger axe into his face)
And that's ignoring what happens when the first politician realizes he can hide that pesky little detail about him that he raped 3 girls a few years back (and 5 more since, but the FBI doesn't yet have that on record) ...