Slashdot Mirror
White House Circulating Draft of Executive Order On Cybersecurity
New submitter InPursuitOfTruth writes with news that the Obama administration has been circulating a draft of an executive order focused on cybersecurity. This follows the recent collapse of an attempt at cybersecurity legislation in the Senate. According to people who have seen the draft, the order would codify standards and best practices for critical infrastructure. That said, it's questionable how effective it would be, since participation would be voluntary, and the standards would be set by "an inter-agency council that would be led by the Department of Homeland Security." The other agencies involved would include NIST, the DoD, and the Commerce Dept. "It would be left up to the companies to decide what steps they want to take to meet the standards, so the government would not dictate what type of technology or strategy they should adopt."
... proof positive of the existence of persistent fuck you overs.
many might say that but in reality it more factual evidence of the degradation of the government of which the Declaration of Independence has instructions by the founders for the peoples as to what to do about the failing of government of which they foresaw the probability of...... Go ahead and read it for yourselves, the instructions really are ther with real life examples too, so to be clear of their intent to communicate to the people in such a time of need..
On the other hand, the complete usurping of the very principles of enumerated and separated branches of gubmint in order to prevent abuse and provide for accountability.
Isn't it already up to companies to decide what steps to take for security?
The Government will contract crackers to hack your company using exploits inside of the limits specified by the annual security proposal. The crackers get a little something something for their effort plus a bit more if they find new and interesting ways to break people security (fixes for which will be added to next years security standard.)
If they break in, they will levee a "Fine" from your bank account, set aside for security tax and charged for non compliance (by the way this "Fine" is prededucted from the annual tax burden.) This means that every company on the country has an opportunity to save a chunk of change for complying with national security standards and they can make out like bandits year after year if they only invest in the minimum necessary for keeping black hats at bay.
On to the next problem...
Someone please put a copy of it on wikileaks.
Rule 1 of critical national infrastructure: Don't put it on the damned internet.
Rule 2: See rule 1.
Rule 3: Are you sure you saw rule 1? Quadruple check anyway.
Rule 4: Manufacture everything pertaining to the critical national infrastructure in your own country (microchips, resistors, diodes, final assembly, etc)
Rule 5: Keep it simple.
Now for big business:
Rule 1: Don't let anyone leave your office with a notebook or any form of portable media containing sensitive customer information unless it is encrypted and heading to your off-site tape storage facility.
Rule 2: Don't let anyone hook their own computers and gadgets up to your network.
Rule 3: If it needs to be on the internet, have a nice firewall between it and the internet.
Rule 4: Have your web browsers running in sandboxes.
There, now we don't need feel good, ineffective legislation.
Obama administration has been circulating a draft of an executive order
What? Obama is going to force us to do something? Hate! Hate! Hate!
participation would be voluntary
What? How is that going to be effective, then? Obama can't get anything done! Hate! Hate! Hate!
led by the Department of Homeland Security
Anything led by the DHS is bound to go from "voluntary" to mandatory (or hyper peculiar) too quickly. I can't imagine the same band of brigands doing such things as this, this , this, or that, and so on and so forth could offer anything constructive to the interweb or anything else.
Forward! -- Emperor Norton, 2012
May be I'm just looking through my tainted glasses, but here's another example of failure of congress to do it's daily job that the Obama has to step in and issue another executive order. The spirit of Checks and Balances is being broken again because the government as a whole isn't doing its job.
Well, if the right (or Reid for that matter) keep this up, may be a Romney presidency will see at least some legislation passed since they at least have convinced themselves to like him--and may be there will finally be compromise. Who knows.
I shared it before, but this Congress has passed a pittance of actual legislation. The trade off is whether to have no work or at least something that works. The separation of powers was to avoid abuses, not to obstruct the government from running itself.
Memorable quotes for
Looker (1981)
http://www.imdb.com/title/tt0082677/quotes
"John Reston: Television can control public opinion more effectively than armies of secret police, because television is entirely voluntary. The American government forces our children to attend school, but nobody forces them to watch T.V. Americans of all ages *submit* to television. Television is the American ideal. Persuasion without coercion. Nobody makes us watch. Who could have predicted that a *free* people would voluntarily spend one fifth of their lives sitting in front of a *box* with pictures? Fifteen years sitting in prison is punishment. But 15 years sitting in front of a television set is entertainment. And the average American now spends more than one and a half years of his life just watching television commercials. Fifty minutes, every day of his life, watching commercials. Now, that's power."
##
"The United States has it's own propaganda, but it's very effective because people don't realize that it's propaganda. And it's subtle, but it's actually a much stronger propaganda machine than the Nazis had but it's funded in a different way. With the Nazis it was funded by the government, but in the United States, it's funded by corporations and corporations they only want things to happen that will make people want to buy stuff. So whatever that is, then that is considered okay and good, but that doesn't necessarily mean it really serves people's thinking - it can stupify and make not very good things happen."
- Crispin Glover: http://www.imdb.com/name/nm0000417/bio
##
"It's only logical to assume that conspiracies are everywhere, because that's what people do. They conspire. If you can't get the message, get the man." - Mel Gibson (from an interview)
##
"We'll know our disinformation program is complete when everything the American public believes is false." - William Casey, CIA Director
##
"The real reason for the official secrecy, in most instances, is not to keep the opposition (the CIA's euphemistic term for the enemy) from knowing what is going on; the enemy usually does know. The basic reason for governmental secrecy is to keep you, the American public, from knowing - for you, too, are considered the opposition, or enemy - so that you cannot interfere. When the public does not know what the government or the CIA is doing, it cannot voice its approval or disapproval of their actions. In fact, they can even lie to your about what they are doing or have done, and you will not know it. As for the second advantage, despite frequent suggestion that the CIA is a rogue elephant, the truth is that the agency functions at the direction of and in response to the office of the president. All of its major clandestine operations are carried out with the direct approval of or on direct orders from the White House. The CIA is a secret tool of the president - every president. And every president since Truman has lied to the American people in order to protect the agency. When lies have failed, it has been the duty of the CIA to take the blame for the president, thus protecting him. This is known in the business as "plausible denial." The CIA, functioning as a secret instrument of the U.S. government and the presidency, has long misused and abused history and continues to do so."
- Victor Marchetti, Propaganda and Disinformation: How the CIA Manufactures History
##
George Carlin:
"The real owners are the big wealthy business interests that control things and make all the important decisions. Forget the politicians, they're an irrelevancy. The politicians are put there to give you the idea that you have freedom of choice. You don't. You have no choice. You have owners. They own you. They own everything. They own all the important land. They own and control the corporations. They've long since bought and paid for the Senate, the Congress, the statehous
Obama is a liberal? Are you nuts?
Obama is the best Republican president we've had since . . . Bill Clinton.
I predict an attempt to use executive orders to solve the whole problem of voter / house / senate participation altogether.
Of course, it will be interesting to see how the people react when the president declares himself leader for life and demands that everyone give up their guns and property. Note there is already an executive order tying just about every government agency into a machine for confiscating rural property not used in a manner agreed to by the government.
Watch for new executive orders that might tip the world into chaos in (wait for it) December of 2012.
First it's purely voluntary.
Then it's voluntary... but if you want to be a supplier to the US Government, you must implement it.
Then if you want to continue being a supplier, you MUST implement it AND your own suppliers must do it, or you can't be a supplier.
By this point since "almost everyone is doing it anyway" and "those who aren't are clearly a threat to security" it will be mandatory.
E
That said, it's questionable how effective it would be, since participation would be voluntary
That "voluntary" part is inserted to throw off people so that they can't object to this executive order
After a while, the word "voluntary" would disappear, and participation would no longer be "voluntary" and the whole thing would be run by the Homeland Security or one of the many 3-alphabet-agencies
Count on it !
Cyber-security or whatever -security it might be, they are all designed to do one thing - to take away the freedom of the ordinary people and to concentrate all the power at the top
Muchas Gracias, Señor Edward Snowden !
Isn't cybersecurity just another way of telling people how to talk on the internet?
Maybe some First Amendment concerns?
I take it that stating something that may be politically controversial is a 'troll' now on slashdot. Rather than having the decency to respond to my post with some informed criticism, you choose to mod me "-1, disagree". Undo your mod, press reply, and tell me what, exactly, you disagree with. Because while I might be full of sarcasm, I don't think I've said anything a lot of people wouldn't agree with or find a factual basis for.
#fuckbeta #iamslashdot #dicemustdie
For the high voltage part of the electric grid there are already mandatory standards, They are part of the reliability standards mandated by a 2005 law and are produced by an industry consensus standards organization. However, upon acceptance by the Federal Energy Regulatory Commission (FERC) they become mandatory with maximum penalties of a million dollars a day per violation.
The early versions of the standards mainly required asset owners to attend to cybersecurity by identifying critical assets and making and following plans to protect them. The early violations were not having the plans and not updating them. Some asset owners tried to say they didn't have any critical assets. Over the years provisions have tightened (like defining what kinds of assets are critical and requiring that the plans not only be prepared but actually followed).
The asset owners have some legitimate concerns. For example, if the standards give discretion to auditors in reviewing the quality of their cybersecurity protections, they are worried about auditors who don't really understand the technology, see an actually inapplicable "best practice" somewhere and downrate the cybersecurity protections if the practice isn't followed. For example, the general practice in IT is to routinely install vendor patches. However, the proper practice in electric grid control systems is to individually test the patches to ensure that they don't cause system instability or equipment misoperation. You don't routinely install vendor patches if your job is to keep the lights on.
Mandating of cybersecurity has to be done carefully with sensitivity and attention to details in the application domain. But it does need to be done.
But you're already getting a good reaming from Obama. You're just too stupid to realize it, fool.
You do realize that most of the "socialized healthcare" law came straight out of the Republican recommendations of less than 10 years ago and, with the exception of providing vouchers(!) for those who are lower income to buy commercial insurance, is nearly identical to the right's plan as a counter to the Democrats call for a single payer system?
You obviously have never heard of Keyens, either, or remember that in 1929, Herbert Hoover actually implemented many of the Tea Party recommendations in an attempt to prevent the national debt from growing as the federal government's income revenue shrank. Not only did it spiral the unemployment rate to 20%, but even when FDR implemented (effectively) Keyensian economics by leveraging the US governnment to create jobs it took 6 more years for the economy to stabilize. In 80 years we haven't had as wild a bubble burst, and yet the current presidents approach to stopping the hemmoraging - which worked almost immediately - is considered a failure? You do realize that the previous 6 years of growth was based solely on margin spending of consumers based on inflated values of their homes - and now that the market has corrected there is no more real estate to leverage in the same way, and nobody else in the world has any consumer money to spend either?
Did you miss the part about BHO getting rid of Don't Ask, Don't Tell? Did you miss how he promised health care reform and - even though you clearly don't need it - actually passed it? Did you miss how he promised to re-regulate the Financial industry, and put forth and passed legislation to do so, only to have the Republican held congress refuse to enact, fund, or appoint people to run it? Did you miss the part where he planned to pull us out of Iraq, and to draw down the surge in Afghanistan.
Has is been so long - 3-1/2 years - that you forget that the rest of the world hated us so fucking much that they gave him the Nobel prize for simply not being GW Bush? No, of course he didn't deserve it, but the whole rest of the world hated Bush and Cheney so much they gave hi a medal and a million dollars just for not being them. Let me repeat that - our allies don't hate our guts any more. Even the neutral states think we're okay now. Did you notice that, when Egypt and Libya went apeshit we didn't have to mobilize ground troops. Hell, we were barely involve. Our allies took that over and we didn't have to put on our cowboy boots and lead the charge.
As for corporate value, I'm not sure where you've been hiding where the Dow Jones doesn't get reported, but from when GWB took office in 2001 to when the bubble burst in 2008 - the peak!- the market went up by 32%, and then fell crashing down for a NET LOSS OF VALUE UNDER G W BUSH of nearly 23%, start to finish. That was my God damned 401k retirement fund. Holy shit that sucks. Since Obama took office, the market is up...sit down for this...62%. That's right, and that doesn't count the low spot - that's from the day they swore him in. In 3.5 years he did DOUBLE for the value of the market what GW Bush did right before the bubble burst. We just had the worst market crash in 80 years, and in 40 months the market is back to within spitting distance (5%, if you're counting) of the all time high.
Are you worried about gas prices? Ever wonder when gas has been the most expensive? Yup G W Bush - mid 2008. Even higher than right now. And do you know why gas is so high? It's not because we're dependent on foreign oil - our dependence has gone DOWN under Obama. It's because we're EXPORTING most of our gas to other countries who are willing to pay more! Gasoline was the #1 (total, top, more than anything else) US EXPORT last year. We're making money hand over fist on it. Are you going to fault Obama for not restricting exports to keep gas prices down, because that would do it. And you know that pipeline through PA Romney is going to build the day he gets into office? It's not for keeping domestic oil in the US, it's to get oil to the gulf where is can be refined and exporte
Is it just my observation, or are there way too many stupid people in the world?
I got it all the time, my friend.
In fact, if you scroll up, you'd see that the brownshirts had already modded my comment down
Now Slashdot is crawling with many brownshirts, and some of them are said to have unlimited mod points.
Muchas Gracias, Señor Edward Snowden !
That guy doesn't even qualified as an "economist" -
Shrimp - China does _NOT_ export shrimps
The amount of shrimps China produces (from shrimp farms and caught from the sea) is not sufficient for China's own consumption
In fact, China IMPORTS shrimps from many South East Asian countries, from Australia, and even from Africa !!
Flat Screen TV - Many LCD TeeVee sold in the USA may have been assembled in China, but the crucial parts - the LCD panels, the electronics, - are made in Korea, Japan and Taiwan
China does made their own LCD panels, but the internal consumption of LCD TVs in China is so large that China actually imports LCD panels, rather than exports them
Shirt on your back - There exists a quota limit on clothing import from any one country, including China
Even if you bought your shirt in Walmart - the traditional "made in China supermarket" - the shirts most probably have "Made in Bangladesh" or "Made in Pakistan" or even "Made in Romania" / "Made in Ethiopia" labels on them, because the unskilled labor in Bangladesh and Pakistan are much cheaper than those from China
Muchas Gracias, Señor Edward Snowden !
I don't understand. The legislature declined to pass the legislation, so Obama is just going to dictate it? I guess Obama fancies himself a king?
Manufacturing in general is losing jobs. Not only in the US but in third world countries like China and Mexico because of efficiency increases.
http://www.bloomberg.com/apps/news?pid=newsarchive&sid=aRI4bAft7Xw4
It's a reprise of what happened 50 years earlier when farms became mechanized. It is an inexorable inevitable trend that machines will replace humans in routine tasks.
The fact is that manufacturing as an economic sector in the US is doing fine. To paraphrase Mark Twain, rumors of demise are much exaggerated.
The US is easily the world's most productive manufacturing nation in terms of output value per hour, and also has the largest manufacturing economy in the world.
http://www.nam.org/Statistics-And-Data/Facts-About-Manufacturing/Landing.aspx
http://www.seeitmarket.com/u-s-still-in-the-business-of-making-things/
http://business.time.com/2011/03/10/can-china-compete-with-american-manufacturing/
The United States of America achieved the highest Output Value Per Hour of all countries in the world by doing one thing - making super high valued items - like Stealth Fighter planes, Nuclear Submarines, Super-computers, and CPUs.
Except for the last item, which is produced by the millions, the rest of those super-high-valued items are not mass-produced - at least not mass produced to achieve the economy of scale.
That lies the problem.
The USA may be the biggest exporters of the world because there is still a great demand for those super-high-valued items - especially the weapons
And others are catching up.
Take the CPUs - Intel has been raking in truckloads of $$$ by producing CPUs that are worth much more than their weight in gold, since the 1980's.
Nowadays, however, Intel is increasing feeling the heat - competition is heating up. No, not from AMD, but from other companies which made ARM chips, and there are a lot of them - From TI of USA to Samsung of Korea to Nvidia of Taiwan to Allwinner of China
There _are_ competitors to other super-high-value items produced by USA, but fortunately, for the time being, the competitors aren't very well financed or don't have the required technology yet.
But that doesn't mean the competitors don't play catch up. They do, and they are catching up, fast.
Nowadays USA is not the only one capable of producing stealth fighters. Russia, Japan, Europe and China all have their own versions of stealth fighters.
What does that leave USA, then?
To innovate? Or to destroy their competitors, before they can play catch up?
If USA were to be run by those who is running Apple, Inc., no doubt the choice would be the latter.
Fortunately, the USA government hasn't yet completely relinquished its sovereignty to Cupertino.
Muchas Gracias, Señor Edward Snowden !
Bill fails to pass Congress, so president says "screw that, I'll just make it an executive order."
The memo starts:
Too little. Too late. And too much.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
...in the NIST SP-800 series of publications. Federal (US) agencies are already expected to abide by the standards described in that series, as well as other NIST/FIPS publications, e.g.FIPS 140-2 for cryptographic modules,or FIPS 200 for establishing minimum security requirements for specific systems.
Having had to study several of those publications for work-related tasks, I don't see where there should be any level of pushback from the corporate IT world, since a great many of them already have security measures in place that meet or exceed the requirements described in the NIST and FIPS publications. Individuals' systems, or SOHO systems and networks, would be a bit more problematic; a retailer throwing together an office network of four or five off-the-shelf boxes from (picking a name at random) Dell would likely have no idea where to start in trying to meet all the various technical specifications described just in NIST 800-59, if they even know that publication exists.
Bottom line...there's a great deal of education that will be required, not only with individuals and small-shop operators, but with network designers and custom-system builders. The days of ordering up a laundry list of parts from (again, grabbing names out of midair) NewEgg, throwing them together and delivering a completed machine to a customer with a pat on the back and a "have fun" are gone. Especially if the customer falls into one of the more ticklish areas of electronic security, such as a doctor's office or a law firm.
Just my 2p worth.
All the world's an analog stage, and digital circuits play only bit parts.
to abbrogate the rule of law and the rights of the people.
Care to back that up with some actual facts and reason.
Or are you just a cowards who only know how to repeat things told to you by Colbert and Matt Lauer?
Go ahead punk, make my day.