Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawmaker Proposes Cyberthreat Sharing Group

Posted by Soulskill on from the planned-uselessness dept.

alphadogg writes "A proposal in the House of Representatives would set up a new semi-independent organization allowing the U.S. government and private companies to share information about cyberthreats, but some critics questioned whether the group would be too removed from congressional scrutiny. The draft proposal (PDF), from Representative Dan Lungren, a California Republican, would create a nonprofit National Information Sharing Organization (NISO) that would serve as the collection and distribution point for cyberthreat information shared among the federal government, state and local governments, private companies and education institutions. NISO would also fund cybersecurity research and development."

41 comments

  1. Cyberthreat by Anonymous Coward · · Score: 1

    This post has been reported as a cyberthreat.

  2. congressional scrutiny by Anonymous Coward · · Score: 0

    "but some critics questioned whether the group would be too removed from congressional scrutiny"

    And that would be bad why?

    1. Re:congressional scrutiny by Ethanol-fueled · · Score: 5, Insightful
      That's what I wondered. We already have have Fusion Centers that are information hubs for Local, State, and Federal law enforcement. We already have "community outreach" urban snitch partrols sponsored by the police and FBI. We already have private security and P.I.-types doing the "intelligence gathering" and fishing expeditions and typical law enforcement can't get away with doing(yet).

      My best guess is that it's all bullshit to take that 15% DHS funding and funnel it directly into the private members. From the article:

      The proposal is a "positive step" toward a national cybersecurity policy, said Cheri McGuire, vice president of global government affairs and cybersecurity policy at Symantec.

      There you go.

    2. Re:congressional scrutiny by rtp · · Score: 2

      "take that 15% DHS funding and funnel it directly into the private members"

      Mod that comment up.

      America (and others users globally benefiting from the Internet) will be much more secure with a distributed ecosystem with many independent groups each working toward assuring their own independent, autonomous security, rather than attempting to pass the buck to yet another outsourced committee operating as a puppet for the federal government. DHS is moving us toward dystopia with all of the federal intelligence and secret police agencies under one roof, rather than distributed to provide the necessary distrust and competition to keep the organizations healthy.

      Federal backing for a clique of "trusted, private-vendor partners" isn't going to raise the bar any better than Darwin's principles will continue to prove out.

      FTA, "Congress needs to act to improve our cyber defenses." Congress should focus on getting their job done, such as managing the federal budget, rather than trying to do the job of others.

      We all need to act to improve our cyber defenses. Congress isn't going to secure your company's server, nor your home PC, nor your data in the cloud.

    3. Re:congressional scrutiny by stiggle · · Score: 1

      Because if it has congressional scrutiny then the congressmen on the oversight committees can get kickbacks and campaign donations from the companies involved.

      Seems a whole lot of effort to set up a few mail lists & phone auto attendant message system :-)

    4. Re:congressional scrutiny by Anonymous Coward · · Score: 0

      Agreed. While my thanks goes to slashdot-poster Alphadog for posting this piece of news for us, I'm skeptical that anyone will benefit significantly from this except for the occasional odd defense contractor.

      For one, this department is redundant with several other organizations as stated in other posts.

      For another point, computer security is one arena where government regulation has almost no opportunity to help. I'm not saying this out of any ideological sentiments, rather I feel that the American Government has traditionally struggled with computer security. It would be the blind leading the blind. If it were some of the smart guys from DARPA leading the effort things would be different.

      Remember to be skeptical of anyone using the word "cyber" to describe computer security.

  3. Silly noob, welcome to our world. by subreality · · Score: 3, Insightful

    We've had CERT for a long time.

    1. Re:Silly noob, welcome to our world. by Anonymous Coward · · Score: 0

      We've had CERT for a long time.

      uh, have you been following the news? CERT has been a joke for a long time, which is why I am in business. Government can't do what business can (and already do) for twice the price...so this clearly shows why we don't need more government in this sector, but we do need LE doing the right things (bank fraud LE is not what their lobbyists are paid for, but the record industry could (ab)use this resource too)

    2. Re:Silly noob, welcome to our world. by PopeRatzo · · Score: 2

      We've had CERT for a long time.

      Of course.

      And who wants to bet that "cyberthreat" will soon include protection of "intellectual property"? It's no accident that "educational institutions" will also be included in the groups that "benefit" from this new national cyber police force. Will "cyberthreat" include groups of protestors that organize civil disobedience online?

      Any time somebody in Congress comes up with a solution to combat some "threat", my radar goes off. Too many of the "threats" that these people see tend to include us.

      Too much of the national police budget is already focused on things that most of us would not consider "threats" at all. We've got local police forces that are gearing up like Delta Force and collecting information that goes way beyond what most people would consider "law enforcement". I get shivers when I see the kind of heavy armor that is being brought to deal with groups that are much less threatening than your average post-college football game crowd.

      --
      You are welcome on my lawn.
    3. Re:Silly noob, welcome to our world. by Anonymous Coward · · Score: 0

      We've had CERT for a long time.

      Not only do we have USCERT, but now we have US Cyber Command too! USCYBERCOMs main function is to bring threat information in from around the globe so all government agencies can collaborate and coordinate cyber-based efforts. Looking over this proposed draft, it seemed that a lot of the verbiage for functions of this new organization is VERY similar to agencies we already have in place in our government today.

      What I think this really is - a ploy for NISO members to get rich off of doing work that is already being done. Yay for efficient use of tax payers dollars!

    4. Re:Silly noob, welcome to our world. by Anonymous Coward · · Score: 1

      The FBI also has Infragard, which is designed to extend the CERT model to include other industries (thnk chemical, utility, public transportation, etc.)

      Oh, and the ISACs (REN-ISAC, MS-ISAC, etc.)

      Seriously, WTF are these people doing with our tax dollars if they can't hire an intern to spend an hour Googling what's already out there before going off half-cocked? Or, I don't know, ASK IT Security people what we want/need?

      This is why so many intelligent, well-informed and thoughtful people (as opposed to conspiracy-theory crackpots) dislike and distrust the government.

  4. Ok, this looks alright by Baloroth · · Score: 4, Insightful

    Well, this was supposed to be an angry rant about government forming yet another stupid and unnecessary organization, probably designed to crack down on copyright all in the name of "protect the children". Then I read the draft (or, rather skimmed a large part of it), and it actually seems focused an preventing wide-scale attacks on infrastructure and creation of more secure Internet protocols. Seems... alright, although this is, of course, just a draft. Also, it'll never live up to it's promises, but hey, I suppose trying to secure the nation against computer-based attack is laudable.

    It's probably still stupid and redundant, but at least it seems redundant in the right direction, anyways.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    1. Re:Ok, this looks alright by Anonymous Coward · · Score: 0

      Every time the government does something right I get confused.

      Who am I supposed to be angry at?

    2. Re:Ok, this looks alright by Anonymous Coward · · Score: 0

      It's probably still stupid and redundant, but at least it seems redundant in the right direction, anyways.

      Isn't there a budget problem?

      How about not creating new departments of money destruction until after that is solved first?

    3. Re:Ok, this looks alright by Anonymous Coward · · Score: 0

      SCADA Threats threats posted on pastebin.
      https://isc.sans.edu/diary.html?storyid=12088 - 'Shock' legislation can't fix this. Am i wrong to compare Adobe vendor lock in with SIEMENS?

    4. Re:Ok, this looks alright by Wildclaw · · Score: 1

      Isn't there a budget problem?

      Yup. The currency issuer (federal government) is not issuing enough money (running a high enough "deficit") to match private+foreign sector aggregate savings rates. This is directly evidenced by current unemployment rates.

      There is also a secondary problem of mis-allocation of resources in the federal government, in other words, the federal government is spending money on the wrong things. But that doesn't change the fact that the current deficit is too low.

  5. What about international cyber harassment? by Anonymous Coward · · Score: 0

    I'm choosing to post this anonymously and you'll soon see why. For the past year (off and on) I've been the target of an Internet stalker. She's convinced that I'm the made-up identity of "B" (not putting the real names in so this won't come up in any Google searches), that B is really in love with her (despite the real-life B being married... as am I), and that God talks to her. And I don't mean it in the usual "I think God wants me to do this" sense but in the sense that she claims to be a prophet from God and that God really talks to her. She's claimed that pictures I post on my blog (under a pseudonym) aren't of my actual family and my refusal to acknowledge the "truth" (as told to her by God again) means that I need to feel God's wrath (doled out by her, of course). I contacted the FBI and filled out a form but never heard back from her. B even filled out a report via Interpol, but it doesn't seem to stop her. (She's in Canada, I'm in the US and B lives in New Zealand.)

    Any suggestions from the Slashdot community? Ignoring her doesn't seem to work and denying that I am who she thinks I am obviously doesn't work (because "god" said otherwise and you can't argue with the "prophet of god").

    1. Re:What about international cyber harassment? by Anonymous Coward · · Score: 0

      give her a fake address, let her come over the border and shoot her ? problem solved.

  6. Infragard? by el_tedward · · Score: 1

    Yeah, they don't do any of that.

  7. The usual question... by englishknnigits · · Score: 1

    Why does this need to involve government? Let the industries and individuals interested help fund and found the organization. If the organization works well and is beneficial then it will likely stick around. If it is useless then companies/supporters will lose interest and it will go away. If the concept was useful but the implementation was terrible then alternatives will spring up. If the government founds it/runs it/supports it then it will never go away no matter how useless or poorly run it may turn out to be. There would obviously be no problem with the government itself using the organization (aka being a customer) but that is all it should potentially do.

    1. Re:The usual question... by yourmommycalled · · Score: 0

      You mean let the invisible hand of the free market work it's magic?

    2. Re:The usual question... by rtb61 · · Score: 1

      This involves government for the most obvious reason of all. Private industry is always focused on profits even to the insane level of profits on economic and environmental collapse. When it comes to establishing a government authority the focus is on savings, the money saved by avoiding conomic and environmental collapse.

      Government authorities also help to avoid copyrights and patents from blocking the universal adoption of highly beneficial technologies.

      Privatisation is proving to be nothing but a bottomless pit of lobbyist corrupted contracts, billions lost in blatant kickbacks for campaign contributions.

      --
      Chaos - everything, everywhere, everywhen
    3. Re:The usual question... by Mr.+Shotgun · · Score: 1

      Why does this need to involve government? Let the industries and individuals interested help fund and found the organization.

      Lmao, oh you must be kidding! Private enterprise be interested in secure coding? No my friend, they be all about the latest product they can pimp out, they will never, ever, ever be interested in secure code. To paraphrase notion put forth: cheap, fast, secure...pick two. To get fast and secure you have to hire someone who knows his way around a project, who's been around the block a few time and who has seen more than one block of unsecure code. And they do not come cheap, so that is out. For fast and secure you need some kids fresh out of school who will eventually write some secure code, think million monkey paradigm. This will of course take time so that is not good, gotta get those bullet points out to the clients you know? Press release drive sales and sales it what it is all about. For cheap and fast, well same scenario. Hire a bunch of green gills and code the latest and greatest, screw security. Gotta make quota is what I am saying.

      So no, private enterprise is never, ever, EVER, going to be interested in anything beyond the next quarters bottom line. And that includes investing in secure code.

      --
      Of all tyrannies, a tyranny sincerely exercised for the (supposed) good of its victims may be the most oppressive
    4. Re:The usual question... by englishknnigits · · Score: 1

      I'm trying to decide if that post is sarcastic or not...I hope it is because I can't imagine you actually believe anything you just typed. I'll try my hand at some sarcasm. Yes, the government is run on rainbows and gumdrops and people who love their fellow man and are not power hungry, greedy, or self serving. Have you ever heard of a rich politician? Don't think so! That's because they are only interested in saving people money and protecting the environment! Creating huge bureaucracies helps protect business and consumers from themselves cause businesses and consumers are made up of flawed humans whereas politicians aren't humans and see the truth and know what is best for everyone! :D

    5. Re:The usual question... by englishknnigits · · Score: 1

      That is true as long as their customers don't care about it. If their customers don't care about it then why should the government step in and decide what is important for customers? I know what I want, why do you think the government knows what I want better than I do? This of course assumes there isn't a government supported monopoly/oligopolies running an industry. In that case you have two choices, stop supporting and protecting monopolies/oligopolies so there is actually competition or create another probably useless and hard to get rid of government agency. I know which one I would pick.

    6. Re:The usual question... by englishknnigits · · Score: 1

      We may need to take off the handcuffs, apply some burn cream, add some finger splints, and give it a pep talk first though.

    7. Re:The usual question... by gtall · · Score: 1

      Yep, the FAA does nothing for airline safety. NIH does nothing of consequence in combating disease outbreaks from those friendly listeria farming operations. OSHA hasn't lifted a finger for workplace safety. The nerve of NSF funding fundamental research, don't they know research grows on trees to be cherry picked by Business School Product for the good of Americans? If only America could be returned to the people....like the housing crisis. People have a G-d-given right to sign contracts they are too stupid to understand, flip houses, suck the equity out of their houses. If all the telecom companies want to coalesce into a giant blood-sucking Ma Bell, well, let no federal bureaucrat stand up and say know. Monopolies worked so well before the 1930s, the American People have a right to try them again.

      This abhorrent list of faceless and unrecognized federal bureaucrats goes on and on trying keep your ass safe from...well...you.

    8. Re:The usual question... by englishknnigits · · Score: 1

      Monopolies aren't something the American people "try". Monopolies can only exist in the presence of government blocking competition through regulation, propping up the company through subsidies, and not enforcing basic laws (such as "don't break the legs of competitors"). Monopolies and big government go hand in hand, they are not opposites. The main point you don't understand is that these faceless bureaucrats are drawn from the same crowd of helpless people you think they protect. The helpless, short sighted, ignorant people you want protected become bureaucrats! I'm not saying all federal agencies are useless, many of them do make positive contributions. The question is, how much more effective, efficient, and useful could they be if they actually faced competition?

    9. Re:The usual question... by rtb61 · · Score: 1

      The insane marketing view of the corporate race to the bottom. Corporations where the executives are not legally and criminally liable for all acts of that corporations are fabrications of the sociopathicaly insane and a current reality. No wonder modern corporate public relations and marketing agencies are will known for their drug use, that could be the only excuse for the continual stream of mendacities that flows from them. I only hope that should you suffer a severe illness that your relatives put the cure out to open tender and give the responsibility for curing you to the lowest fly by night unregulated corporate bidder, let's see how that works out for you ;DDD.

      --
      Chaos - everything, everywhere, everywhen
    10. Re:The usual question... by englishknnigits · · Score: 1

      I agree that corporate heads are currently not held adequately accountable for the repercussions of their decisions, particularly where there is negligence. That is the governments job and they are failing miserably at it. When a corporation fails or does something wrong the government typically gives them money and writes regulations to punish all of that corporations competitors who were actually doing the right thing. As to your illness point, I would gladly accept treatments risen from the innovations of a free market place and regulated by customers want for effective treatments with minimized side effects. What the government mainly does (via the FDA) is to ensure that only expensive, patent-able treatments are legal and smaller firms and innovators can't contribute to the progression of modern medicine.

  8. Why are only corporations allowed to share info by Anonymous Coward · · Score: 0

    Why can'r regular 'plebeians' like us share info to the task-force/agency?

  9. ren-isac and friends? by Cmdr-Absurd · · Score: 1

    Are we proposing something like the various ISAC groups such as ren-isac? These have been around for quite a few years.

  10. Because it lets them pick winners and loosers. by Ungrounded+Lightning · · Score: 1

    Why does this need to involve government?

    Because it lets the government pick winners and losers. Winners are given early information about cyber threats. Losers are not.

    Winners tend to correlate well with campaign contributors.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    1. Re:Because it lets them pick winners and loosers. by englishknnigits · · Score: 1

      That's the "How appropriate, you fight like a cow" to my "You fight like a dairy farmer" :(

    2. Re:Because it lets them pick winners and loosers. by gtall · · Score: 1

      Yeah, like the interstate highway system. Boy, they made out like bandits on that one.

    3. Re:Because it lets them pick winners and loosers. by Ungrounded+Lightning · · Score: 1

      Yeah, like the interstate highway system. Boy, they made out like bandits on that one.

      Yep. A lot of nephews and cousins of politicians (and members of their political machines) "won" the construction contracts and made out like bandits.

      Still are, too. Especially with large amounts of gas tax money diverted from road construction to "alternative transport" projects to "get people out of their cars". Lots of graft to go around there.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  11. Drafts cost money to make by Anonymous Coward · · Score: 0

    Just find out who sponsors a draft and you'll find the motive

  12. So.. The US Cert? by Anonymous Coward · · Score: 0

    Seriously though, how is this significantly different than what the US CERT already accomplishes?

    Maybe lawmaker's should be more focused on learning and improving their existing agency portfolio instead of creating new civil organizations.