Sen. Bond Disses Internet 'Kill Switch' Bill

GovTechGuy writes "Sen. Kit Bond (R-Mo.) has introduced his own cybersecurity legislation with Sen. Orrin Hatch, and he had some harsh words for a competing bill sponsored by the Senate Committee on Homeland Security. Bond said that bill, which has been criticized for allegedly giving the president a 'kill switch' over the Internet, weighs down the private sector with mandates and puts too much on the plate of the already overburdened Department of Homeland Security. Sen. Bond's bill would create a new position in the Pentagon, reporting directly to the president, in charge of coordinating all civilian cybersecurity. Any private-sector involvement would be voluntary and free from legal challenge, rather than mandated."

Stop that task in the name of the law!

[LostCluster]

We don't need a military-like "big red button" in the boss's office that shuts down all Internet systems... that would open us up to even worse problems. (Did anybody watch the recent CNN special "We Were Warned: Cyber Shockwave" about this situation exactly? If you shut down all civilian communications, how are you going to tell workers where they're needed? A simple attack somewhere along the power grid, and nobody will know where the fault is to repair it.)

But, there is something we should give over in this area. The ability to kill programs that are causing damage to other systems or the Internet structure. Basically, if food has a problem, we recall what had the problem, not all food. If MS-SQL has a problem, we have an Internet outage... what if Microsoft was able to say "You must patch to version 7.3.43... we've got a security problem with 7.3.42." Basically, if you're running a "wrong" version of an application, you shouldn't be allowed to expose that to the Internet... you're just going to spread the worm of the day once you get caught by the bad guys. Can we have some good guys shut you down first?

The difference is clear... you don't shut down the whole Internet when things go bad, you shut down the bad application. SysAdmins will notice their service is down, and hopefully will get a nice clear message that they've put off the patches for too long, and if their server wasn't already spreading the worm, it was about to before the kill switch got in the way.

This is much like the college solution where if their honeypot detects that you've sent out a worm packet, they tell the nearest network switch to cut you off. You notice your IM client can't connect and neither can your web browser, and call IT. The Internet isn't down... you're down for the safety of the computers around you. Bring your machine to IT, pay for the cleanup service and a free copy of the college's favorite anti-virus, and while you carry your machine back to the dorm they turn your port back on.

This is just basic cyber-defense. You're totally secure if you unplug everything... but then you also lose the services which are the point of having the server. We need to use the good servers to keep some level of communication going... and spread the word that the bad servers need the patch that was released a few months ago! When things go wrong, you don't throw the whole thing out without trying to fix it first!

Re:Stop that task in the name of the law!

[imthesponge]

Under this system, of course Bittorrent would end up being classified as a "bad application".

Re:Stop that task in the name of the law!

[the_humeister]

Government is fine. Keep CORPORATIONS out of my bedroom. They have no reason to be there.

I'm sure the users of KY disagree with you there...

Re:Stop that task in the name of the law!

[SupremoMan]

Not exactly sure. But I am pretty sure that the answer to every one of those questions has the word "money" in it.

Princes of Darkness

[JackSpratts]

No good news here. Bond's concerns about a cyber security bill can only mean he feels it isn't harsh enough. If he's in league with copyright's Prince of Darkness Orrin Hatch, who not too long ago wanted to scan all PCs warrantlessly and without judicial oversight automatically destroy those found with "unauthorized content" (read: entertainment), it shouldn't take too much in the way of imagination to predict his response to information he defines as threats to security.

- js.

Re:Princes of Darkness

[Inf0phreak]

If I could vote you up, I would. Any proposal even remotely technology-related co-sponsored by Orrin "Big Media's Puppet" Hatch cannot possibly be good. Sure the "Kill switch" proposal is terrible too, but whatever Orrin Hatch is thinking of is guaranteed to be worse.

Re:How about this...

[Darkness404]

Look back in the past, how did Comcast/Verizon/Time Warner/etc get so large? They basically stole your tax dollars to provide internet access and "modernize" America (and in the case of Verizon they got lots of infrastructure from the breakup of AT&T). Without governments screwing with the free market we can make sure that the corporations serve us rather than the other way around. We need a government to prevent force and fraud, as you pointed out, the majority of ISPs/Cell Companies use fraud in their marketing and should be forced to either provide what they market or provide compensation.

What we need is a definition of the internet to include all of the internet to start out. Secondly we need to stop handouts to private companies all of them to prevent this from happening in the future. Eventually, our current infrastructure will be obsolete and Comcast/Time Warner/Verizon will be as laughable of companies as Atari and AOL is today. But in the meantime, simply allow for more competition in the ISP market, allow for true free market systems where if one corporation can use public land to lay cable though any ISP who wants to should be able to within a certain window. When we solve the inequalities there, it fixes itself. If an ISP blocks YouTube and there is a choice, everyone will switch. The problem is our government has limited the choices.