Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Circulating Draft of Executive Order On Cybersecurity

Posted by Soulskill on from the do-things-if-you-want-or-not-we-don't-care dept.

New submitter InPursuitOfTruth writes with news that the Obama administration has been circulating a draft of an executive order focused on cybersecurity. This follows the recent collapse of an attempt at cybersecurity legislation in the Senate. According to people who have seen the draft, the order would codify standards and best practices for critical infrastructure. That said, it's questionable how effective it would be, since participation would be voluntary, and the standards would be set by "an inter-agency council that would be led by the Department of Homeland Security." The other agencies involved would include NIST, the DoD, and the Commerce Dept. "It would be left up to the companies to decide what steps they want to take to meet the standards, so the government would not dictate what type of technology or strategy they should adopt."

28 of 94 comments (clear)

  1. Well that means one thing... by 3seas · · Score: 4, Insightful

    ... proof positive of the existence of persistent fuck you overs.

    many might say that but in reality it more factual evidence of the degradation of the government of which the Declaration of Independence has instructions by the founders for the peoples as to what to do about the failing of government of which they foresaw the probability of...... Go ahead and read it for yourselves, the instructions really are ther with real life examples too, so to be clear of their intent to communicate to the people in such a time of need..

    1. Re:Well that means one thing... by History's+Coming+To · · Score: 2

      So what happens if everybody writes down the name of the same independent candidate? Would that carry any constitutional weight at all? I have no idea how the US ended up vendor-locked into two parties. (Not that UK politics is much better.)

      --
      Please consider this account deleted, I just can't be bothered with the spam anymore.
    2. Re:Well that means one thing... by ranpel · · Score: 4, Insightful

      So let's push a viable candidate from outside - way outside - online, right now. One of the currently eligible candidates that are not from the red or the blue. Screw the media, now. If it ends up being a completely wasted effort just what would the difference be? Exactly? Not much? I'd say so at this point. It's all bump and grind for someone, always. Throw down a vote in a conscious effort to steer hundreds of thousands of votes to the other party, the party of one person, - the one that is missing - a platform of trust. But you can't waffle, ever. And then we take better aim at Congress.

      Traditional media aims to be looking for a lock down and a wholesale information availability reset. The Justice Department seem to be helping that effort along and these appointed trade representatives, in secret no less, and not too mention a few other fronts of encroachment into what we, as citizens all of us, know as freedom.

      God damn to hell the backroom deals of governing this people, any people. There is a hideous stench in that. And that goes too for our relations with other countries, each and every one - we negotiate in public or we do not negotiate. If you're a leader with something to hide and are oppressive to your people then the natural course of things dictates that you should probably not negotiate but each and every corner of how you rule will become open for this country to see and hopefully others could follow as well. Looking for oil? Looking for water? Looking for rice, corn, weapons or weed? Then we should know. All of our people need to steer this nation, on this planet, in a direction that will enable us and not just guide us to some random (or well guided) fucking meat cleaver of an end point. Espionage? Lay it out. Is there something to fear in that? Are we going to allow a continued epic conflict between sciences that we've learned and discovered and the thing that created all of this vast thing we call the universe - all of creation? Really? The learn while you're alive VS the thing you may learn when you are dead? There's a good fucking con job in there baby. Are we going to find a room of super sophisticated heads of three companies, a handful of dictators and another of base religious driven drivel meant to blindly guide entire nations into some great and epic battle? Engage the people of the planet when and wherever you can right? This is one large conference call of potential these Internet lines. Mesh.

      So, how much longer are we going to do this? Just as long as it takes until we can no longer communicate this freely? I'm beginning to think Mr. Manning had intentions that were just. A cherry pick would have been a waste of his efforts if it is to mean anything - anything at all. People blow whistles and we allow ourselves to be blindly led into stopping the sound and not the reason. What the fuck is that? Who's scared and of what? The time to stop playing these ball twisting games that lead to things like Hitlers and Assads and any other family of horrors in charge, including the family of darkness that drives nails of control and oppression right here at home. Justice Dept., treaty makers, the court of corporate opinion and channeled funds of influence. It doesn't take money to elect our officials - it takes people. Vote for control. Collective voice, open forum, genuine good intentions for any breathing mother fucker on this planet. Stop. Not. Taking. Control. Vote. Now. Fuckin' a.

      Who's it going to be? WHO? (keep scrolling)

      --
      futility is never trying

      --
      \r
    3. Re:Well that means one thing... by sumdumass · · Score: 2

      The US isn't "vendor locked" into two parties. The problem is that the third parties do not exist with enough backing to become major players. Sure, on the whole, they might have a couple million or more devoted followers in a country that has a population of over 300 million. But they are spread out within so many places that they are more like 1 in 10 or so or even less when it comes to districts and electoral votes.

      One of the reasons this is true is because all too often the voter is in damage mode trying to protect themselves by eliminating the most evil candidate. This makes avid third party support at the ballot booth dangerous because if you don't vote against the person you like the least by voting for the person you think is most likely to win, you effectively allow the person you like the least to win. Another part of the reason is that the two major parties are big tent parties. They are not single issue parties and if an idea of concept or even grievance is popular enough, one of them (or both) will pick it up and incorporate it within their platforms.

      These two reasons ensure that even if the parties disbanded, they would eventually form into the same shape again. In other areas, the parties do not tend to be so "big tent" and often differ on just a few topics.

    4. Re:Well that means one thing... by History's+Coming+To · · Score: 2

      This is something I've been looking at here in the UK. We've hit the point where the three main parties are all far more concerned with securing donations then they are with doing what's best for the country (hell, doing what's best for humans in general), the driving forces in politics have become companies and a small number of ultra-rich individuals who have the financial backing to be "worth listening to". There's no accountability because the greatest "realistic" punishment the electorate have is voting the other guys in, which ultimately makes very little difference, the donations roll in whether you're in power and promising something or whether you're trying to get into power and promising something if you do.

      So I've been seriously considering a campaign for people to vote independent. Doesn't matter whether you're voting left, middle or right, just vote for a candidate who has no party affiliation. Multiple governments all over the world have shown that it's perfectly possible to have a stable, effective parliament without being dominated by two or three main parties. And we, as an electorate, can do that, it's not tricky, it's a simple matter of convincing everybody that it is a realistic option.

      --
      Please consider this account deleted, I just can't be bothered with the spam anymore.
  2. Executive Orders vs. Checks & Balances by ReallyEvilCanine · · Score: 5, Interesting
    On one hand, efficacy and direct, immediate action.

    On the other hand, the complete usurping of the very principles of enumerated and separated branches of gubmint in order to prevent abuse and provide for accountability.

    1. Re:Executive Orders vs. Checks & Balances by girlintraining · · Score: 5, Insightful

      On one hand, efficacy and direct, immediate action.

      No. There's been nothing efficient, fast, or direct about this. It's another power grab by the Department of Homeland Security, and pardon my french, but fuck them. They have incompetently managed every resource assigned to them, whether it's investigating domestic crime, securing airports, or anything else. They've created gulag prison camps within our borders to throw protesters in, encouraged the usurpation of local and state laws to further their interests, they irradiate their citizens and workers alike to the point that cancer clusters are now showing up in TSA screeners that are well-beyond being able to be dismissed as a statistical abnormality, and the list goes on.

      And now they want a master kill switch for the internet, to dictate terms about how all our communications infrastructure is organized, and they have deep connections with media organizations -- of which only a few need to be manipulated to suppress information at the national level. The Department of Homeland Security has become the Ministry of Truth, and thanks to clever and covert manipulation of the media and the occasional use of deadly force and questionable laws, has all but silenced dissent or even knowledge of what its activities are.

      No. It's gone too far. It no longer matters to me how well-intentioned or beneficial a proposal is; If it is administered or requested by Homeland Security, my advice is to resist it in any way you reasonably can... they're a dangerous and corrupt organization, unamerican and destructive of the very means it seeks to protect. I'd rather have a hundred Osama Bin Ladens out there plotting the downfall of my country than to turn over my personal safety and security to a bunch of incompetent bureaucrats -- at least in the former case, I know who my enemies are.

      --
      #fuckbeta #iamslashdot #dicemustdie
  3. How about some basic guidelines? by Xenkar · · Score: 5, Insightful

    Rule 1 of critical national infrastructure: Don't put it on the damned internet.
    Rule 2: See rule 1.
    Rule 3: Are you sure you saw rule 1? Quadruple check anyway.
    Rule 4: Manufacture everything pertaining to the critical national infrastructure in your own country (microchips, resistors, diodes, final assembly, etc)
    Rule 5: Keep it simple.

    Now for big business:
    Rule 1: Don't let anyone leave your office with a notebook or any form of portable media containing sensitive customer information unless it is encrypted and heading to your off-site tape storage facility.
    Rule 2: Don't let anyone hook their own computers and gadgets up to your network.
    Rule 3: If it needs to be on the internet, have a nice firewall between it and the internet.
    Rule 4: Have your web browsers running in sandboxes.

    There, now we don't need feel good, ineffective legislation.

    1. Re:How about some basic guidelines? by tetrahedrassface · · Score: 2, Interesting

      You make too much sense, especially regarding the manufacturing. Our manufacturing base is dead and gone and if we are ever to regenerate economicallly it will be when we begin making things again...

    2. Re:How about some basic guidelines? by b4dc0d3r · · Score: 2

      It may be shrinking, but $230 Billion in new orders sounds quite large for July.

      http://www.census.gov/manufacturing/m3/index.html

      Do you have any backup for what you're saying, or did you just repeat something you heard?

    3. Re:How about some basic guidelines? by tetrahedrassface · · Score: 3, Insightful

      We lost 13,000 maufacturing jobs last month.. that's a drop in the bucket. Now, look where wealth is generated and it comes from manufacturing things. Here is just one article on our decline. When whomever is in charge wants to get serious about generating wealth again they'd do well to lift the burdens on U.S. manufacturers, get factories built and start building things again. Until then we are going backwards.

    4. Re:How about some basic guidelines? by jroysdon · · Score: 2

      Too many things make this not possible to not have connected (air gapped). One is OATI and in California there is the CA ISO. Both use the Internet for the agencies to connect to them and both are essential for the Energy Sector to function in an inter-connected grid. Agencies have to get SCADA information into billing/historical systems and conversely schedules have to get into SCADA systems. Both of these intermediate business networks need Internet access to OATI and CAISO. So while SCADA systems are not directly connected to the Internet, through the right amount of vulnerabilities/compromises, they can in theory be remotely accessed. Yes, there are dozens of protections that can and should be in place, but it's not the same as a true air gap.

      Can you name one router or switch vendor with which you can get 100% made in the USA. It's impossible these days.

  4. Hate! Hate! Hate! by Oh+Gawwd+Peak+Oil · · Score: 2

    Obama administration has been circulating a draft of an executive order

    What? Obama is going to force us to do something? Hate! Hate! Hate!

    participation would be voluntary

    What? How is that going to be effective, then? Obama can't get anything done! Hate! Hate! Hate!

    1. Re:Hate! Hate! Hate! by ColdWetDog · · Score: 2

      Well, for one thing you posit that Obama 'socialized our healthcare system'. By that statement, you make it abundantly clear that you have no earthly idea what you are talking about.

      Oh, now that I see your sig 'Socialism is slavery' I begin to understand. But you clearly, don't.

      --
      Faster! Faster! Faster would be better!
  5. No DHS by Penurious+Penguin · · Score: 4, Insightful

    led by the Department of Homeland Security

    Anything led by the DHS is bound to go from "voluntary" to mandatory (or hyper peculiar) too quickly. I can't imagine the same band of brigands doing such things as this, this , this, or that, and so on and so forth could offer anything constructive to the interweb or anything else.

    --
    Forward! -- Emperor Norton, 2012
  6. vs. Nothing by noobermin · · Score: 4, Insightful

    I shared it before, but this Congress has passed a pittance of actual legislation. The trade off is whether to have no work or at least something that works. The separation of powers was to avoid abuses, not to obstruct the government from running itself.

    1. Re:vs. Nothing by clarkkent09 · · Score: 4, Insightful

      Oh I see, so in your opinion if you can't get the people's elected representatives to agree with your law, the just pass it without them. That's what the executive orders are for, right? Have you ever considered a possibility that passing new legislation is not automatically a good thing. Government is not a law factory where the progress is measured by the number of new laws produced.

      --
      Negative moral value of force outweighs the positive value of good intentions.
    2. Re:vs. Nothing by davester666 · · Score: 2

      Any legislation including something that "would be led by the Department of Homeland Security", unless that something is the dissolution of the Department of Homeland Security, probably won't be particularly effective. It will look effective, and make excellent use of phrases such as:

      terrorist threat
      safety
      completely secure
      information security

      It will not be effective at it's plain-text task, but it will enable Homeland Security complete access to all information these private businesses have.

      --
      Sleep your way to a whiter smile...date a dentist!
  7. Obama is a LIBERAL?? by Oh+Gawwd+Peak+Oil · · Score: 4, Insightful

    Obama is a liberal? Are you nuts?

    Obama is the best Republican president we've had since . . . Bill Clinton.

    1. Re:Obama is a LIBERAL?? by Mashiki · · Score: 2

      Hah. I'm from Canada and a conservative that makes me on average more "liberal" than most democrats. In truth I'm more libertarian than anything else. But Obama is a liberal, even by Canadian's leftwing standards.

      --
      Om, nomnomnom...
  8. Voluntary - Mandatory by gavron · · Score: 4, Insightful

    First it's purely voluntary.

    Then it's voluntary... but if you want to be a supplier to the US Government, you must implement it.

    Then if you want to continue being a supplier, you MUST implement it AND your own suppliers must do it, or you can't be a supplier.

    By this point since "almost everyone is doing it anyway" and "those who aren't are clearly a threat to security" it will be mandatory.

    E

    1. Re:Voluntary - Mandatory by supremebob · · Score: 2

      It will get even more interesting once you get lobbyists from the various hardware and software manufacturers involved. I could easily see this getting into a situation where companies need to switch from Vendor X to Vendor Y for their antivirus or firewall software to get that government contract, because only the latest version of Vendor Y's product is on the "Homeland CyberSecurity Approved" list.

      Companies like Microsoft and Oracle will love this, because it's one more way they can lock out smaller open source competitors that can't afford whatever fees Homeland Security might charge to certify their products.

  9. Voluntary ? by Taco+Cowboy · · Score: 5, Insightful

    That said, it's questionable how effective it would be, since participation would be voluntary

    That "voluntary" part is inserted to throw off people so that they can't object to this executive order
     
    After a while, the word "voluntary" would disappear, and participation would no longer be "voluntary" and the whole thing would be run by the Homeland Security or one of the many 3-alphabet-agencies
     
    Count on it !
     
    Cyber-security or whatever -security it might be, they are all designed to do one thing - to take away the freedom of the ordinary people and to concentrate all the power at the top
     

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Voluntary ? by benjamindees · · Score: 3, Insightful

      NSA's illegal wiretapping was "voluntary" when they approached all major telecom providers about it. And when Qwest opted out, they cut their government contracts, prosecuted their CEO on trumped-up charges, and ultimately bankrupted them.

      These people are criminal scum. They have an agenda. They are pushing it through, and eliminating anyone who gets in their way.

      --
      "I assumed blithely that there were no elves out there in the darkness"
  10. Mandatory already for electric power by grandpa-geek · · Score: 2

    For the high voltage part of the electric grid there are already mandatory standards, They are part of the reliability standards mandated by a 2005 law and are produced by an industry consensus standards organization. However, upon acceptance by the Federal Energy Regulatory Commission (FERC) they become mandatory with maximum penalties of a million dollars a day per violation.

    The early versions of the standards mainly required asset owners to attend to cybersecurity by identifying critical assets and making and following plans to protect them. The early violations were not having the plans and not updating them. Some asset owners tried to say they didn't have any critical assets. Over the years provisions have tightened (like defining what kinds of assets are critical and requiring that the plans not only be prepared but actually followed).

    The asset owners have some legitimate concerns. For example, if the standards give discretion to auditors in reviewing the quality of their cybersecurity protections, they are worried about auditors who don't really understand the technology, see an actually inapplicable "best practice" somewhere and downrate the cybersecurity protections if the practice isn't followed. For example, the general practice in IT is to routinely install vendor patches. However, the proper practice in electric grid control systems is to individually test the patches to ensure that they don't cause system instability or equipment misoperation. You don't routinely install vendor patches if your job is to keep the lights on.

    Mandating of cybersecurity has to be done carefully with sensitivity and attention to details in the application domain. But it does need to be done.

  11. I'd like what you're smoking by Overzeetop · · Score: 5, Informative

    You do realize that most of the "socialized healthcare" law came straight out of the Republican recommendations of less than 10 years ago and, with the exception of providing vouchers(!) for those who are lower income to buy commercial insurance, is nearly identical to the right's plan as a counter to the Democrats call for a single payer system?

    You obviously have never heard of Keyens, either, or remember that in 1929, Herbert Hoover actually implemented many of the Tea Party recommendations in an attempt to prevent the national debt from growing as the federal government's income revenue shrank. Not only did it spiral the unemployment rate to 20%, but even when FDR implemented (effectively) Keyensian economics by leveraging the US governnment to create jobs it took 6 more years for the economy to stabilize. In 80 years we haven't had as wild a bubble burst, and yet the current presidents approach to stopping the hemmoraging - which worked almost immediately - is considered a failure? You do realize that the previous 6 years of growth was based solely on margin spending of consumers based on inflated values of their homes - and now that the market has corrected there is no more real estate to leverage in the same way, and nobody else in the world has any consumer money to spend either?

    Did you miss the part about BHO getting rid of Don't Ask, Don't Tell? Did you miss how he promised health care reform and - even though you clearly don't need it - actually passed it? Did you miss how he promised to re-regulate the Financial industry, and put forth and passed legislation to do so, only to have the Republican held congress refuse to enact, fund, or appoint people to run it? Did you miss the part where he planned to pull us out of Iraq, and to draw down the surge in Afghanistan.

    Has is been so long - 3-1/2 years - that you forget that the rest of the world hated us so fucking much that they gave him the Nobel prize for simply not being GW Bush? No, of course he didn't deserve it, but the whole rest of the world hated Bush and Cheney so much they gave hi a medal and a million dollars just for not being them. Let me repeat that - our allies don't hate our guts any more. Even the neutral states think we're okay now. Did you notice that, when Egypt and Libya went apeshit we didn't have to mobilize ground troops. Hell, we were barely involve. Our allies took that over and we didn't have to put on our cowboy boots and lead the charge.

    As for corporate value, I'm not sure where you've been hiding where the Dow Jones doesn't get reported, but from when GWB took office in 2001 to when the bubble burst in 2008 - the peak!- the market went up by 32%, and then fell crashing down for a NET LOSS OF VALUE UNDER G W BUSH of nearly 23%, start to finish. That was my God damned 401k retirement fund. Holy shit that sucks. Since Obama took office, the market is up...sit down for this...62%. That's right, and that doesn't count the low spot - that's from the day they swore him in. In 3.5 years he did DOUBLE for the value of the market what GW Bush did right before the bubble burst. We just had the worst market crash in 80 years, and in 40 months the market is back to within spitting distance (5%, if you're counting) of the all time high.

    Are you worried about gas prices? Ever wonder when gas has been the most expensive? Yup G W Bush - mid 2008. Even higher than right now. And do you know why gas is so high? It's not because we're dependent on foreign oil - our dependence has gone DOWN under Obama. It's because we're EXPORTING most of our gas to other countries who are willing to pay more! Gasoline was the #1 (total, top, more than anything else) US EXPORT last year. We're making money hand over fist on it. Are you going to fault Obama for not restricting exports to keep gas prices down, because that would do it. And you know that pipeline through PA Romney is going to build the day he gets into office? It's not for keeping domestic oil in the US, it's to get oil to the gulf where is can be refined and exporte

    --
    Is it just my observation, or are there way too many stupid people in the world?
    1. Re:I'd like what you're smoking by Anonymous Coward · · Score: 2, Interesting

      in 1929, Herbert Hoover actually implemented many of the Tea Party recommendations in an attempt to prevent the national debt from growing as the federal government's income revenue shrank.

      That's absolutely false. Hoover never cut taxes (which is Keynesian incidentally), spending, or the deficit. He increased all three. In 1932, he proposed increases in spending. Roosevelt mocked him and ran on a balanced budget platform. In 1932, Roosevelt was the Tea Party candidate. Once elected, Roosevelt rebranded Hoover's programs as the New Deal and implemented them, abandoning his campaign promises of a balanced budget.

      It's true that the economy showed some signs of recovery at that time. It is not clearly established that the New Deal programs were helping rather than hurting. Another thing that Roosevelt did at the same time was to drop the gold standard. This helped compensate for the Fed's massive decrease in the money supply in the 1929-33 period, which caused deflation and unemployment. Our understanding of economics is not advanced enough to clearly say what the effects of each were. There are wildly differing estimates of how each change affected the economy. Some economists believe that the Hoover/Roosevelt fiscal policy helped and some that it hurt. Same thing for dropping the gold standard.

      Personally, I believe that it was the monetary policy change that was positive. Roosevelt continued Hoover's fiscal policies. It was in monetary policy that he made changes. Therefore, I think that it makes more sense to credit positive results to the monetary policy changes than to the ongoing fiscal policy.

  12. The standards already exist by TVmisGuided · · Score: 3, Insightful

    ...in the NIST SP-800 series of publications. Federal (US) agencies are already expected to abide by the standards described in that series, as well as other NIST/FIPS publications, e.g.FIPS 140-2 for cryptographic modules,or FIPS 200 for establishing minimum security requirements for specific systems.

    Having had to study several of those publications for work-related tasks, I don't see where there should be any level of pushback from the corporate IT world, since a great many of them already have security measures in place that meet or exceed the requirements described in the NIST and FIPS publications. Individuals' systems, or SOHO systems and networks, would be a bit more problematic; a retailer throwing together an office network of four or five off-the-shelf boxes from (picking a name at random) Dell would likely have no idea where to start in trying to meet all the various technical specifications described just in NIST 800-59, if they even know that publication exists.

    Bottom line...there's a great deal of education that will be required, not only with individuals and small-shop operators, but with network designers and custom-system builders. The days of ordering up a laundry list of parts from (again, grabbing names out of midair) NewEgg, throwing them together and delivering a completed machine to a customer with a pat on the back and a "have fun" are gone. Especially if the customer falls into one of the more ticklish areas of electronic security, such as a doctor's office or a law firm.

    Just my 2p worth.

    --
    All the world's an analog stage, and digital circuits play only bit parts.