Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will It Take a 'Cyber Pearl Harbor' To Break Congressional Deadlock?

Posted by Soulskill on from the or-perhaps-a-cybertsunami,-or-a-cyberarmageddon dept.

Hugh Pickens writes "For years lawmakers had heard warnings about holes in corporate and government systems that imperil U.S. economic and national security. Now Ward Carroll writes that in the face of what most experts label as a potential 'Cyber Pearl Harbor' threat, Republicans have stalled the Cybersecurity Act of 2012 with a Senate vote of 51–47 against the legislation. This drew a quick response from the staff of Secretary of Defense Leon Panetta: 'The U.S. defense strategy calls for greater investments in cybersecurity measures, and we will continue to explore ways to defend the nation against cyber threats,' says DoD spokesman George Little. 'If the Congress neglects to address this security problem urgently, the consequences could be devastating.' Many Senate Republicans took their cues from the U.S. Chamber of Commerce and businesses that framed the debate not as a matter of national security, but rather as a battle between free enterprise and an overreaching government. They wanted to let companies determine whether it would be more cost effective — absent liability laws around cyber attacks — to invest in the hardware, software, and manpower required to effectively prevent cyber attacks, or to simply weather attacks and fix what breaks afterwards. 'Until someone can argue both the national security and the economic parts of it, you're going to have these dividing forces,' says Melissa Hathaway, a White House cyber official in the Bush and Obama administrations. 'Most likely, big industry is going to win because at the end of the day our economy is still in trouble.'"

104 comments

  1. Yes by Anonymous Coward · · Score: 5, Funny

    Will It Take a 'Cyber Pearl Harbor' To Break Congressional Deadlock?

    Yes, when cyborgs attack Pearl Harbor, congress will probably do something about it.

    1. Re:Yes by Calydor · · Score: 1, Flamebait

      Yeah.

      They will blame Obama and come up with a way of combining 'Obama' and 'Science'. See, if only Obama had been a proper US-born Christian he would have believed in God and left well enough alone instead of allowing things like Science and Research to create the cyborgs.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    2. Re:Yes by Jeremiah+Cornelius · · Score: 1

      I'm a Cyberman, you insensitive clod!

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
  2. Ah, business calculations. by Anonymous Coward · · Score: 1

    How many burn victims will we have to compensate, versus this 25 cent piece we'll have to put on 1,000,000 cars?

  3. Patriot Act 2.0 by Anonymous Coward · · Score: 5, Insightful

    A "cyber-Pearl Harbor" would break congressional deadlock in only one sense: You'd get the online equivalent of the Patriot Act. Politicians only seem to be able to agree on conceding civil liberties for the fake perception of security.

    1. Re:Patriot Act 2.0 by Applekid · · Score: 1

      A "cyber-Pearl Harbor" would break congressional deadlock in only one sense: You'd get the online equivalent of the Patriot Act. Politicians only seem to be able to agree on conceding civil liberties for the fake perception of security.

      +1, Depressing

      I can only hope I'm killed in such an attack so I don't have to endure the new cyber police state that will be created as a result.

      --
      More Twoson than Cupertino
    2. Re:Patriot Act 2.0 by Anonymous Coward · · Score: 0

      +1 excited :)
      perhaps the cyber revolution will finally have a focus then. and since its 'cyber' i might actually do something about it without having to leave my couch

  4. Fix what breaks.... by Anonymous Coward · · Score: 0

    Lets fix stolen credit card information, users passwords, email addresses and lost data after its been stolen/lost!

  5. Sounds reasonable by Score+Whore · · Score: 4, Insightful

    While the internet had its roots in DARPA, the reality is that the "public infrastructure" is privately owned. Critical government systems should not be on it. Critical privately owned and operated services (power, telecom, etc.) should be hardened to the extent that the provider desires or the contracts that they signed with various municipalities require.

    I've worked contract gigs with the armed services and I have a lot of respect for the technical skills they have, but that's irrelevant. Companies and businesses should be able to make their own decisions and benefit from their good decision making or suffer from their poor decision making. Anywhere that government intersects with private industry, it's on the government to make sure their contracts properly spell out their requirements. End of story.

    1. Re:Sounds reasonable by Jawnn · · Score: 4, Insightful

      While the internet had its roots in DARPA, the reality is that the "public infrastructure" is privately owned. Critical government systems should not be on it. Critical privately owned and operated services (power, telecom, etc.) should be hardened to the extent that the provider desires or the contracts that they signed with various municipalities require.

      I've worked contract gigs with the armed services and I have a lot of respect for the technical skills they have, but that's irrelevant. Companies and businesses should be able to make their own decisions and benefit from their good decision making or suffer from their poor decision making. Anywhere that government intersects with private industry, it's on the government to make sure their contracts properly spell out their requirements. End of story.

      While your reasoning is seductive, it is fundamentally flawed. The reality is that "government" buys a lot of it's services from private companies. That includes utilities like electricity and water, as well as networking services. While there a few three-letter federal agencies who can justify the expense and complexity of laying their own fiber/copper from place to place. Most can do no such thing, not even close, so they buy what they need from the carriers. Yes, yes, we all all know about the ways that networking over leased media, even over the public Internet, can be made reasonably secure. We also know that "secure" is a not a state, but rather a process. Lastly, we know that many, many of the "moving parts" on the Internet are not kept as secure as they might be.

      All that said, I don't expect the federal government, much less Congress, to "get it right" when it comes to regulations regarding "cyber security". And I am seriously loathe to let those bastards write a blank check to their favorite campaign donors from the "cyber security" industry, but at some point we are going to have to spend serious money to make sure that the lights stay on, the cell towers still work, and that emergency services communications still function. The expertise to "properly spell out their requirements" does not come cheaply. It will have to be bought. The Republicans are blocking this because the right barrels aren't going to get enough pork, not because they don't appreciate the problem. Nor do they give a shit about our privacy. I just hope like hell that the debate is vigorous and involves people who actually know what they're talking about. Yeah, I know. I'm a dreamer.

    2. Re:Sounds reasonable by cyberchondriac · · Score: 1

      The Republicans are blocking this because the right barrels aren't going to get enough pork, not because they don't appreciate the problem. Nor do they give a shit about our privacy. I just hope like hell that the debate is vigorous and involves people who actually know what they're talking about. Yeah, I know. I'm a dreamer.

      ...Aaand you think the Democrats won't be doing the same thing, making sure that certain palms get crossed with silver? What if the RIAA and MPAA has something to say about it?

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
    3. Re:Sounds reasonable by lister+king+of+smeg · · Score: 1

      Wasn't Chris (sopa acta pipa now head of mpaa) Dode a former dem senator?

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    4. Re:Sounds reasonable by Jeremiah+Cornelius · · Score: 2

      A quibble. Once it's wireless, these are the PUBLIC airwaves, in the US. These are leased, for the COMMON BENEFIT of the public. They are not the private, rent-domain of telco corporations, no matter how they behave.

      That said, yes. Why the f*ck is a powerstation or auto assembly plant bridging their private control nets to their needed Internet infrastructure?

      CLUE! Don't solve this by adding police controls to the Internet part of this arrangement!

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    5. Re:Sounds reasonable by Score+Whore · · Score: 1

      You apparently missed the bit where I said:

      ...it's on the government to make sure their contracts properly spell out their requirements.

      If an agency is going to use a service provider of any kind and they have special requirements, those requirements need to be put in the RFP and the government employees need to make sure that the contracts they are accepting actually meet those requirements. There's no constitutional basis for the government to say that because they are using "lots" of private providers, those providers are now de facto government agencies in their own right and under the control of government workers and bureaucrats. Government employees and politicians don't get to do a shitty job and fix it by seizing private property.

    6. Re:Sounds reasonable by Xipher · · Score: 1

      I think the point is not that these entities shouldn't have connectivity to the Internet, but the network they use to monitor and operate the critical infrastructure components should be segregated from any network accessible from the Internet. How they are segregated is up for discussion.

      --
      I don't know everything.
    7. Re:Sounds reasonable by Spazmania · · Score: 1

      Companies and businesses should be able to make their own decisions and benefit from their good decision making or suffer from their poor decision making.

      Then we need a standing government red team to continuously and creatively attack these infrastructure providers with large penalties any time an infrastructure system is sufficiently penetrated to have permitted the red team attacker to disable it. The price of failure is too high to wait until a foreign entity attacks: the company must suffer for poor decision making much earlier.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    8. Re:Sounds reasonable by Billly+Gates · · Score: 1

      Well if CEOs and PHBs at these beloved powerplants and other critical and potentially dangerous places didn't have PLC logic controllers and equipment to the live internet for their report generations and slick marketing videos by Allen Bradley we wouldn't need regulation!

      They are not acting in the best interest of the public, but for their jobs getting reports to management. Not for the greater good. Yes, an attack is needed sadly to change this.

      --
      http://saveie6.com/
    9. Re:Sounds reasonable by perceptual.cyclotron · · Score: 1

      That reading isn't necessarily implied. The parent is merely pointing out that, in this instance, the republicans probably blocked because their supporters weren't on the handouts list. Presumably the dem supporters were. If that situation were reversed, then it would be the dems trying to block. The party is interchangeable in this setup. Parent merely highlighted republicans in this instance because that's how the cards fall in this instance... No need to get all partisan. It's politics after all.

    10. Re:Sounds reasonable by Jawnn · · Score: 1

      Quite right. Thanks for clarifying what I should have. Big legislation is driven by those who buy it, and those buyers have their whores on both sides of the aisle. It has always worked that way, pretty much, so don't look for that to change until the electorate wakes up and insists on instant run-off elections, public campaign financing and a Constitutional amendment that reverses "Citizens United". Meanwhile, the best we can hope for is that such dangerous legislation is argued over long and hard, so the media is forced to cover and more importantly, understand it, and the issues are made clear to the citizenry. It happened that way with SOPA. Let's hope it happens that way again.

    11. Re:Sounds reasonable by Jawnn · · Score: 1

      You apparently missed the bit where I said: it's on the government to make sure their contracts properly spell out their requirements

      Didn't miss that part at all. You apparently missed the part where I said that the expertise to do exactly that will not come cheaply. It must be bought.

  6. Laws mean compliance, not security. by khasim · · Score: 4, Insightful

    The problem with legislating "security" is that you end up with "compliance" instead. The companies get a checklist and fill it in with the cheapest "solutions" possible that will allow them to check off each item.

    It's a start. Right now, most companies have no idea how to handle anything other than "run anti-virus software" on as many machines as can be conveniently handled.

    1. Re:Laws mean compliance, not security. by Anonymous Coward · · Score: 0

      You do sometimes have to take an honest look at the state of things, and realise that even compliance is a step up. Whether legislation is appropriate depends on the kind of culture you're dealing with.

      If things are so bad that people don't even realise they're supposed to be doing anything, and resent the idea that security even exists, then forcing compliance on many of the basics is a huge step towards having the real problems taken seriously.

      Alternatively, when things are good, you can afford to relax the strict details and just require some kind of system to be in place. You can start replacing "Thou shalt do X, Y, and Z" with "X, Y, and Z are standard approaches. Demonstrate that you have a system to manage these risks."

  7. Deadlock? by phantomfive · · Score: 5, Insightful

    It isn't deadlock every time a bill is voted down. Sometimes it's just a bad bill and SHOULD be voted down.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Deadlock? by Anonymous Coward · · Score: 0

      Indeed, as the Cybersecurity Act of 2012 should be voted down. It's just latest variant of fear mongering for political means

    2. Re:Deadlock? by Anonymous Coward · · Score: 0

      EFF website blocked by the office firewall... WTF?

    3. Re:Deadlock? by bill_mcgonigle · · Score: 2, Informative

      It isn't deadlock every time a bill is voted down

      sometimes it's seen to be desirable to have a crisis so that more power can be seized during the emotional response than would be possible at any other time.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    4. Re:Deadlock? by phantomfive · · Score: 1

      Clearly that is what Leon Panetta is hoping, since he keeps talking about getting a Cyber Pearl Harbor.

      He'd be a lot more believable if he talked about what real measures he was planning on taking, so we could see them, and evaluate them. The reason he doesn't is because the measures he plans on taking won't really help the situation very much.....

      --
      "First they came for the slanderers and i said nothing."
    5. Re:Deadlock? by Mitreya · · Score: 1

      sometimes it's seen to be desirable to have a crisis so that more power can be seized during the emotional response than would be possible at any other time.

      Sadly, it seems like "terrorists are out to get us" is a catch-all condition that works on anything now.

      Drone bombing programs in various countries and "kill list" were deployed simply because of the teh evilz terorrizst, with no particular event to back that up. A crisis is no longer necessary.

    6. Re:Deadlock? by Anonymous Coward · · Score: 0

      http://it.slashdot.org/comments.pl?sid=3256049&cid=42003073

    7. Re:Deadlock? by neonKow · · Score: 1

      It seems like the EFF is estatic about this latest bill getting voted down.

      The bill is well over a hundred pages long and includes many components other than sections about sharing data with the government.
      ...

      Under the bill, the provisions for “monitoring” are very broad. Companies (“any private entity”) are granted “affirmative authority” to “monitor information systems” and “information that is stored on, processed by, or transiting the information systems” for cybersecurity threats. A company could also monitor someone else’s network if it has been granted authority to do so, for example an outside consulting firm hired to help with network security.

      Data collected under the Cybersecurity Act can be shared with law enforcement for non-cybersecurity purposes if it “appears to relate to a crime” either past, present, or near future.

      TFA is very misleading as far as discussing the actual issues at hand.

    8. Re:Deadlock? by Larryish · · Score: 1

      Don't worry, Team America has got it covered.

      The abbreviated agencies will hire some Israelis with things similar in size to commercial airplanes and crash them into large buildings on a Second Life server, and then blame it on "cyber-Arabs".

      The FOX News trash will get all Twitter-pated and the open Internet will become illegal.

      We will then see wide support for a new, improved, network called "The InterNot" which will be used to deliver media content and infomercials to Joe Sixpack and his obese family.

      The InterNot won't actually be more secure than the previous open Internet, but the FOX News and American Idol crowd will think it is very secure because they have to take off their shoes before using it.

      Haliburton will supply the hardware.

    9. Re:Deadlock? by PickyH3D · · Score: 1

      Not to mention that the submission fails to note that Republicans cannot block anything in the Senate when done by a vote shy of a filibuster. They are the minority party in the Senate--both before and after the election--and anything that goes by party lines will always fall in favor of the Democrats in that case. Therefore, a 51-47 vote means that one person didn't even vote, and that some Democrats agreed with the Republicans that it was a bad bill.

      Besides, anyone that thinks creating a new, major bureaucracy during the Lame Duck session is simply asking for trouble. And, furthermore, why Congress and the President are focusing on anything other than the looming tax increases and sequestration is beyond me, but the latest Slashdot poll made it clear that it will always be the Republican's fault. There's one month to left to do it; whether or not this bill had passed, nothing would have changed within that month anyway, which means that it could have waited until next year.

      This Bill would have put the same people in charge of cybersecurity as are in charge of the TSA: the DHS. There's a winning group of government bureaucrats with a proven track record of incompetence. But, I suppose based on the rest of the poster's sentiments that the Republicans can likely be blamed for that as well (rather than the shocking reality that the DHS came about through the same issue proposed to break Congressional deadlock).

  8. Yes, and when the deadlock is broken... by Anonymous Coward · · Score: 1

    ...the Congress is guaranteed to make the wrong decision, in response.

  9. Pentagon Topology by Penurious+Penguin · · Score: 2

    The Pentagon wants its Internet back, and Central Planning works -- just look at how efficiently it drained the Aral Sea. I think a nice Star topology could work very well for the great tubes.

    --
    Forward! -- Emperor Norton, 2012
  10. Any compliance should be outsourced to the Chinese by Anonymous Coward · · Score: 0

    Obviously, there are not enough Americans at a low enough wage to handle this major upgrade in our security infrastructure so we should make sure to outsource it to the lowest levels of IP services hell in some foreign country or another. China would be a good bet, or how about Russia or Eastern Europe.

  11. needs tag: outbreakofpoliticalinsanity by PurplePhase · · Score: 0

    As always: an outbreak of political insanity.

    Yay Republicans - looking out for the corporate overlords /sarcasm

  12. Oh god no by identity0 · · Score: 4, Insightful

    I guess we didn't learn anything from when 9-11 happened and we created the TSA, a group of intrusive busybodies at best and molestors at worst.

    Or organized all federal law enforcement under the DHS without actually thinking about how it would coordinate things so we have another layer of government that is busy trying to justify their existence by going after random stuff. I hear they do copyright enforcement now?

    I suppose we are set to see a Cybersecurity Agency with powers to monitor everything and permaban people from the internet based on anonymous accusations like the no-flight lists? What's the worst that could happen?

    1. Re:Oh god no by Mitreya · · Score: 1

      I suppose we are set to see a Cybersecurity Agency with powers to monitor everything and permaban people from the internet based on anonymous accusations like the no-flight lists? What's the worst that could happen?

      Imagine how useful they would be with proper inter-agency information sharing rules!
      Now, if FBI wants to bust that file sharer and can't get access to their information, they could just ask the CyberAgency to help them out.
      After all, the majority of the PATRIOT act provisions are often applied to anti-drug busts since PATRIOT provisions are just easier to use than regular laws. Who cares if it was developed as a response to terrorists...

    2. Re:Oh god no by perceptual.cyclotron · · Score: 1

      Cybersecurity Agency with powers to monitor everything and permaban people from the internet based on anonymous accusations like the no-flight lists? What's the worst that could happen?

      People might start going outside again...

  13. Of Course, Stupid. by hduff · · Score: 1

    That's how politicians work.

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
    1. Re:Of Course, Stupid. by rwa2 · · Score: 2

      Yes, it will take a cyber Pearl Harbor. Congress is reactive, not proactive. Otherwise, they'd be called "Progress".

      So just be happy that they're doing nothing now. Because after cyber Pearl Harbor, we're in for all kinds of pain. The internet kill switch will happen. They'll destroy that which they don't understand.

      On the plus side, we'll finally be forced to implement the distributed p2p mesh network to get around it. Go set up your openmesh now... while it's still publicly available ;-)

  14. Not so much deadlock or gridlock by ackthpt · · Score: 2

    It's the Lagislature.

    --

    A feeling of having made the same mistake before: Deja Foobar
  15. Yup ... by Anonymous Coward · · Score: 0

    the 'cybercrime' industry has vested interest in this happening.

  16. This is a fix? by Anonymous Coward · · Score: 0

    Really. What is next? Legislation for locked doors?

    1. Re:This is a fix? by CanHasDIY · · Score: 2

      Really. What is next? Legislation for locked doors?

      Hate to break it to ya, AC, but...

      http://www.allbusiness.com/glossaries/attractive-nuisance/4949344-1.html

      Yea, some places are that fucked up.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    2. Re:This is a fix? by Anonymous Coward · · Score: 0

      In College Park, Georgia, USA, they have a law on the books that says it is against the law to leave your car running (to warm up on winter mornings,) even if it is locked. Because, in my opinion, they (people who want warm car seats) are easier to catch and prosecute that car theives.

      Don't put any kind of insanity past any government.

  17. Why assume "Government will SAVE US!" by Anonymous Coward · · Score: 0

    Why is there a basic unstated assumption that action by the government is what's needed to save us from some hypothetical situation?

    It sure as hell can't be the track record of that government.

    1. Re:Why assume "Government will SAVE US!" by Anonymous Coward · · Score: 0

      If by 'US' you mean well-connected corporations, then yes, you can bet your last taxpayer dollar that the government will save them.

    2. Re:Why assume "Government will SAVE US!" by ZouPrime · · Score: 2

      There's no "basic assumption", it's just the only real good way we know how to do these things. The industry, as a rule, is only interested in information security if they are forced to. In my experience, 99% of organisation won't lift a finger about security without a legal threat, ideally backed by a big fine in case of non-compliance. We are far, far away from any hope of seeing the industry self-regulate over something like this.

  18. this tidbit says it all by geekoid · · Score: 2

    " absent liability laws around cyber attacks "

    Not only do they not want to have security they don't want to be held liable when someone gets all the users personal information.

    Don't want that law? Fine.
    You get fined $100,000 or 1% of your revenue(which ever is lower) for each breach, and you must pay each user whose information was compromise 10,000 dollars.

    You bet you ASS corporate security would tighten up, and corporation would put pressure on MS to improve their security.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    1. Re:this tidbit says it all by sgt_doom · · Score: 0

      This entire conversation is nonsensical. Korporate Amerika has offshored too many jobs, too much investment, too much technology (including sensitive military tech during the Clinton and Bush administrations, and probably still?), etc. And since it's been chiefly the Chinese hackers (and Russky criminal types) who are doing the cracking, while the rest of us are continuously given the pinko slip by the criminal corporations who then offshore the jobs (while bringing in more foreign visa workers), the subject is moot.

    2. Re:this tidbit says it all by Anonymous Coward · · Score: 0

      No, all they would do is make sure that none of the information is stored in locations that are under the jurisdiction of that law. (and they would be right to do it because it is completely impossible to make a system both completely secure and usable.)

    3. Re:this tidbit says it all by lister+king+of+smeg · · Score: 1

      Korporate Amerika

      You use Kde don't you?

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    4. Re:this tidbit says it all by Anonymous Coward · · Score: 0

      You got it backwards. Corporations are worried now about the liability issues of giving the government our data.

      This law releases them from liability over such issues.

    5. Re:this tidbit says it all by Anonymous Coward · · Score: 0

      Clever fellow, how'd you ever guess???
      sgt_doom

  19. I smell a new trend by jeffmeden · · Score: 2

    'Most likely, big industry is going to win because at the end of the day our economy is still in trouble.'

    Is "our economy is still in trouble" the new "we are at WAR with terror"? Mr Pickens is accurate and timely but this line just feels a little too canned. Are we going to have to spend the next 5 to 7 years hearing "butbutbut RECESSION!" any time something hard to swallow makes a headline?

    1. Re:I smell a new trend by Anonymous Coward · · Score: 0

      well, butbutbut Bush was getting a little long in the tooth.

  20. The minority party gets blamed for stalling? by El+Cubano · · Score: 5, Insightful

    Republicans have stalled the Cybersecurity Act of 2012 with a Senate vote of 51-47 against the legislation

    So, I am not an expert on politics, but in the current congress, there 51 democratic senators, 47 republican senators, and 2 independents (both of whom caucus with the democrats). By my count, if every single senate republican voted against this, that still only comes to 47 votes. That means that the other 4 would have had to break ranks with the democratic party. So, just who is at fault here?

    Just saying.

    1. Re:The minority party gets blamed for stalling? by Anonymous Coward · · Score: 0

      We are at fault.

      We voted these bozos in who vote party line (notice both sides mostly did it with a few strays). It is like this almost every single time.

      Deadlock? I swear people are just starting to notice this? It has been like this for ages.

      Basically these guys are not bothering to do their jobs. Which is *read* the bills and vote on it if is good for their people they represent. They instead skim the summary (if we are lucky) and look to whomever is majority/minority leader for what to do. So instead of 600+ people who represent the people. We have 10 or so who represent their parties and keep 'the rank and file in line'.

    2. Re:The minority party gets blamed for stalling? by Anonymous Coward · · Score: 1

      But the Republicans are EEEEVIL and they want to eat your children and legalize rape.

      Get with the program.

    3. Re:The minority party gets blamed for stalling? by CaptSlaq · · Score: 1

      Republicans have stalled the Cybersecurity Act of 2012 with a Senate vote of 51-47 against the legislation

      So, I am not an expert on politics, but in the current congress, there 51 democratic senators, 47 republican senators, and 2 independents (both of whom caucus with the democrats). By my count, if every single senate republican voted against this, that still only comes to 47 votes. That means that the other 4 would have had to break ranks with the democratic party. So, just who is at fault here?

      Just saying.

      This. It's not just "one party". It's The Hill in general.

      Not that I've read the legislation that they're voting on to ensure it's at least moderately sane. Most of it isn't.

    4. Re:The minority party gets blamed for stalling? by Anonymous Coward · · Score: 0

      I get what your saying, and i get that maybe this was flawed legislation and maybe it should be voted down. But what you are "just saying" is bullshit. so 4 democratic (or democratic voting)senators voted against it, all 47 republican voted against it. What is more likely, that all 47 republican senator are voting the way they think is best for the people or that they are all voting against as some sign of solidarity against the president (whoh as asked for this legislation), when they have made it perfectly clear they are willing to vote against anything the president wants. Its more likely that no one here was voting there conscience because they know that all it takes is one senator t0 filibuster and stop the whole thing dead no matter the vote count, unless you can get to 60 votes (not 51). Then the people who stopped this bill is not likely the 4 (i) or (d) senators that voted against it nor is it the 47 that voted against it, it lies with the those that would stop the bill in it entirety if they though it was likely to pass with 51 votes. Which was most likely any number of the in the 47 republicans that voted against it, maybe not all, but it only takes one.

    5. Re:The minority party gets blamed for stalling? by Anonymous Coward · · Score: 0

      It's only "bipartisan" when one Republican votes with the Democrat majority - not the other way round.

    6. Re:The minority party gets blamed for stalling? by Anonymous Coward · · Score: 0

      Not that I've read the legislation that they're voting on...

      Sadly, that makes you absolutely no different than the vast majority of Congress (both in the House and Senate).

    7. Re:The minority party gets blamed for stalling? by Anonymous Coward · · Score: 0

      But the Republicans are EEEEVIL and they want to eat your children and legalize rape.

      Get with the program.

      But only the illegitimate rape. Legitimate rape will still be illegal.

    8. Re:The minority party gets blamed for stalling? by medv4380 · · Score: 1

      You should look up how the Senate works. Those 47 Republicans can block each and every single piece of legislation. The Senate Requires a Two Thirds Majority is the Minority group wants to throw a fit.

    9. Re:The minority party gets blamed for stalling? by Mitreya · · Score: 1

      So, I am not an expert on politics, but in the current congress, there 51 democratic senators, 47 republican senators, and 2 independents (both of whom caucus with the democrats). By my count, if every single senate republican voted against this, that still only comes to 47 votes. That means that the other 4 would have had to break ranks with the democratic party. So, just who is at fault here?

      Uhm... the party that supplied MOST OF 51 against vote is largely responsible. Certainly if it is 47 Republicans + 4 Democrats are voting against, then it is Republicans who are actually blocking the bill? How else can you interpret it?

      Also, everything needs a supermajority nowdays. Republicans block things with less-than-50 votes just fine. Democrats had 58 votes for veterans jobs bill and that amounted to nothing.

    10. Re:The minority party gets blamed for stalling? by Alien+Being · · Score: 1

      They already raped the children, the grandchildren and several yet unborn generations.

  21. 24 Pearl harbor CIP device by WaffleMonster · · Score: 1

    "Critical infustructure" has always been vulnerable to attack... countless thousands of miles of unguarded rail, transmission lines, hundreds of thousands of square miles of unguarded lands with easy access to aquifers, Ignition hazards around all manner of unguarded hydrocarbon storage facilities. Little furry creatures enjoying unfettered access to carry out suicide missions inside of transmission facilities. Construction operators and sailors accidently knocking out communications to entire cities and countries.

    If you just follow common sense and keep your control shit off the net then external state actors who wish to damage your critical infustructure will need to try just a little bit harder than some made for TV scheme you heard about on 24 and therefore assume must be real.

    Operational security against insider stupidity and bad actors is always a good thing but only in as much as it is done in the context of realization security of a system is only as good as its weakest link.

    At the end of the day infustructure protection is a physical issue not a cyberspace issue and it does not deserve special attention above and beyond the considerations made for physical infustructure.

    Any cyber doomsday scenarios by coordinated takeover of command and control can be avoided by keeping shit offline and using local interlocks which do not answer to C&C..hey that thing aint phase matched I don't think I will connect it up just yet... hey I'm overheating...I think I'll just shut down rather than melt into a pile of goo...tanks full...I'm going to stop pumping now... shit that should exist anyway and would go a long way to saving critical infustructure from the accident prone humans who operate it regardless of their intentions.

    1. Re:24 Pearl harbor CIP device by Anonymous Coward · · Score: 0

      As has been pointed out many times on Slashdot, computers that control critical infrastructure are connected to the Internet more often than not, due to factors ranging from operator's creating unauthorized connections for personal convenience, to management wanting flashy real time reports to government regulations requiring offsite backup of process parameter data history.

  22. Good idea by gmuslera · · Score: 1

    Is jut easier to do it the attack and blame whoever in the world, as it all digital and at the reach of any owned computer anywhere. Even to build up the vulnerability to get attacked and be sure that it affects something in a visible way, if wasn't available before.

    Its time for the TSA to extend its reach to go from just the people that board planes in US, to the entire world. They already proved how trustable are.

  23. A problem? Yes. The biggest? No. by pla · · Score: 2

    The US has not passed a proper federal budget since NINETEEN-FUCKING-NINETY-SEVEN. We sit on the edge of a "fiscal cliff" not because the government can't work together today to undo the one functionally useful compromise they made last year, but rather, because they haven't managet to work together in decades.

    Yes, eventually a foreign enemy will take advantage of our weak stance on cybersecurity. Yes, it will take a "Pearl Harbor" moment to make anyone recognize the problem (to which they'll respond by enacting tougher copyright laws, of course). But cybersecurity falls so far down the list of real problems we face as a country that, even as an IT professional, I honestly can't get all that worked up about it.

    When we have our house in order; when we have a balanced budget; when we stop fighting our grandfathers' wars; when we stop worrying about legislating in time with the "news cycle"; when we have a stable economy and don't wonder what our tax rates next year will look like; when the losers in Washington start acting in the public interest instead of demanding we buy chastity belts for all our generals - Then perhaps we can worry about beefing up our national network security.

    Until then - Quit bailing with teaspoons and grab a godamned bucket!

  24. You mean a "Cyber 9-11" in the staged sense by Anonymous Coward · · Score: 0

    There is no text

  25. Don't give them ideas... by detritus. · · Score: 1

    We don't need a digital Reichstag Fire false-flag attack to justify surrendering our freedoms for security.

  26. Don't worry by Anonymous Coward · · Score: 0

    Governements know where to order Pearl Harbor-like events when needed.

  27. Re:Cue All Conspiracy Nuts by Jeremiah+Cornelius · · Score: 2

    Yeah. When it doesn't need to be "false flag".

    Collateral damage to your own industrial infrastructure is enough to make the risk of escalating "cyber warfare" a lose-lose proposition.

    Cyber Weapon Friendly Fire: Chevron Stuxnet Fallout

    In the end, this will be used as the basis to kill your free Internet, that with all its warts and pitfalls, is far more valuable than the heavily-policed alternatives.

    That sub-genius Richard Clarke has been squawking this kind of lame bullshit since Clinton was not having-sex-with-that-woman. :-)

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  28. Define "proper federal budget" by Anonymous Coward · · Score: 0

    Define "proper federal budget", because they have passed federal budgets since then - mind you the last time a budget was passed by both houses of congress was 2009 (the democrat controlled senate has refused to pass a budget since then)

    1. Re:Define "proper federal budget" by pla · · Score: 1

      Define "proper federal budget", because they have passed federal budgets since then - mind you the last time a budget was passed by both houses of congress was 2009 (the democrat controlled senate has refused to pass a budget since then)

      I mean passing an actual, complete federal budget. The 2009 "budget" only contained an omnibus spending bill, not an actual budget.

      You may call that picking nits, but it has both a constitutional and a practical basis. Constitutional, because Article I requires congress to enact a federal budget. Practical, for the same reason you make a personal budget - And the federal government has much more complicated finances than you or I do.

  29. Re:A problem? Yes. The biggest? No. by Anonymous Coward · · Score: 0

    And if pigs had wings...

    You need to handle multiple problems at the same time, not just one at a time.

    That said, I don't think that the government should produce mandates in this area, except for utility companies. Let all other companies make their own decisions about whether to harden themselves or go naked and deal with shit after it happens. One suspects that the price of insurance and the risk-averseness of the executives will dictate which approach any given company will take.

  30. bias much? by slew · · Score: 3, Insightful

    Republicans have stalled the Cybersecurity Act of 2012 with a Senate vote of 51–47 against the legislation.

    Last I heard, the democrats had a majority (and the tie-break vote) in the senate. Why blame this on the republicans?

    Many Senate Republicans took their cues from the U.S. Chamber of Commerce and businesses that framed the debate not as a matter of national security, but rather as a battle between free enterprise and an overreaching government. They wanted to let companies determine whether it would be more cost effective — absent liability laws around cyber attacks — to invest in the hardware, software, and manpower required to effectively prevent cyber attacks, or to simply weather attacks and fix what breaks afterwards.

    Not that I advocate waiting can cleaning up the mess later, I fear that all we would be doing is creating a safe harbor for companies by the proposed approach (basically I did the government recommendations, still got hacked, no problem). It would be much better to clarify what companies would be liable for and how much. I think better tradeoffs could be made rather than with a proscriptive government approach. See Section 706 of the bill: http://www.govtrack.us/congress/bills/112/s2105/text .

    Even if this doesn't pass, for federal infrastructure and infrastructure deemed important to national security, Obama can unilateral impose most of these things as an Executive order for government entities and contractors.

    As written the bill attempts to force IT that causes the interruption of life-sustaining services, catastrophic economic damage (vs just severe degradation of national security or national security capabilities) which is a much wider scope. You might argue as written, this bill is so vague that could be construed to apply to Amazon, or Google, or even a small airline or bus or telephone company that has the only service for an isolated area. Also as with many bills, it comes with its share of government overhead (appropriations for national education and awareness programs, recruiting for various government agencies, etc)...

    I guess it's still divided government, and very few people want to write a good bill, but just try to force their bill and blame the other side for not being able to pass them... Sigh...

  31. Filibuster and Supermajority by happyhamster · · Score: 1

    In case you truly don't know and are not trolling, the U.S. Senate has filibuster procedure [http://en.wikipedia.org/wiki/Filibuster]. It allows a minority to hold any legislation hostage. It requires super-majority of 60 votes to break filibuster [http://en.wikipedia.org/wiki/Supermajority#Three-fifths_majority]. Filibuster used to be an exception, but republicans made it mainstream in the last two decades blocking many Democratic legislations.

    So yes, "Republicans have stalled the Cybersecurity Act of 2012 (using or threatening to use filibuster) with a Senate vote of 51-47 against the legislation".

    1. Re:Filibuster and Supermajority by El+Cubano · · Score: 1

      I am familiar with both the filibuster and supermajority. However, neither was mentioned in the summary or even the linked article.

    2. Re:Filibuster and Supermajority by Anonymous Coward · · Score: 0

      They didn't filibuster it. It got to a vote. Please think before you try to blame [insert party here] for all the ills of the world.

    3. Re:Filibuster and Supermajority by mvdwege · · Score: 1

      Neither does the weather forecast mention that the Sun will rise in the morning.

      --
      "I know I will be modded down for this": where's the option '-1, Asking for it'?
    4. Re:Filibuster and Supermajority by PickyH3D · · Score: 1

      That logic is unbreakable.

      The threat of a filibuster is only necessary when your side doesn't have more votes. People can blame Republicans for it all they want, but it was Democrats that didn't vote for the Bill.

      Not to mention the obvious by adding that it's a good thing that a Lame Duck session did not grant more power to one of the most incompetent bureaucracies in the US: the DHS. The last thing that anyone needs is the DHS knocking on every business' door while making inane requirements that protect nothing.

      It would be analogous to how they oversee the TSA, which we all clearly believe makes us totally-super-duper safer.

  32. This. I teach cybersecurity for DHS by raymorris · · Score: 4, Informative

    I'm involved with teaching cybersecurity for DHS. Our network, that we use to develop cybersecurity classes, is about as secure as the "lock" on a bathroom stall. But we sure are in compliance with a lot of regulations! A coworker and I were just discussing the fact that agency "security" regulations prevent us from making things secure. Example "anything hashed must be hashed with MD5". MD5 is broken, so we were going to use SHA-256, but regulations don't allow SHA-256. The other end refuses to use MD5 since it's broken, so we have to send the data in clear. With no"security" regulation it would be SHA-256 hashed. To comply with the "security" rules, we have to send it in the clear, out in the open. Such is government regulation.

    1. Re:This. I teach cybersecurity for DHS by advantis · · Score: 1

      So wait... let me get this straight... broken MD5 is not acceptable because it's... well... broken, but clear text is OK? I guess no one cracked clear text yet...

      And lest I say something stupid, I went to Wikipedia to figure out who uses MD5 as a block cipher and came up empty. MD5 doesn't appear to be a block cipher in any usage, but something that you attach to data (either plain or encrypted) to verify integrity/identity. NIST seems to still like 3DES for block encryption just fine. NIST also like SHA and things. If DHS says NIST is pants, well... Are you sure those limitations aren't just for the purposes of your teaching, lest students leave with state secrets on their mobile phones?

      There are so many ways I can't wrap my head around your post, it makes my head spin, so I'll stop. All I can safely do is ask: did I pass your class? :)

      --
      Question for religious people: where do unrepentant masochists go when they die?
  33. Overblown by hemo_jr · · Score: 1

    I know there are a lot of people who make their livings out fear mongering and over-hyping threats. And like Y2K, cyber attacks is one of them. So stop it.

    1. Re:Overblown by Anonymous Coward · · Score: 0

      What a bullshit post. At least in part. The ONLY reason Y2K wasn't a problem was because businesses had already spent millions working on the issue before the media picked up on it. Y2K was a big and expensive deal.

    2. Re:Overblown by Billly+Gates · · Score: 1

      I disagree. Intelligence reports to Iran utilizing PLCs with nuclear powerplants and energy on the the internet. If the reports are true they are insecure for PHBs and run non patched XP SP 2 then with horrible to no encryption then yes it is an easy target

      --
      http://saveie6.com/
  34. It's okay by neonKow · · Score: 1

    Schwarzenegger will save us.

  35. DROP all -- *.cn 0.0.0.0/0 by Anonymous Coward · · Score: 0

    Done!

    Captca: armored!

  36. When they mention "needing a new Pearl Harbor" by Anonymous Coward · · Score: 0

    in order to implement a policy they desire, we know what happens;

    The same was lamented in the document "Rebuilding America's Defenses" published in september 2000 by a thinkthank named "Project for the New American Century" that then had amongst its members: Rumsfeld, Wolfowitz, and Cheney. A year later their whish came true.
    http://www.newamericancentury.org/RebuildingAmericasDefenses.pdf

  37. Re:Cue All Conspiracy Nuts by icebike · · Score: 1

    Exactly.

    When government itself can't even harden its own systems and air-gap critical systems from the wild and woolly web, putting them in charge of controlling the internet in general is simply the TSA all over again.

    The Cyber Security act was and is simultaneously too broad and to toothless. It would be necessary to prop it up with all sorts of invasive regulations. It would inevitably lead to internet police, and digital pat-downs of every aspect of internet usage.

    I wish people would stop couching things in Republican/Democrat terms and actually LOOK at the legislation.

    --
    Sig Battery depleted. Reverting to safe mode.
  38. Cyber Bullshit .. by dgharmon · · Score: 1

    "For years lawmakers had heard warnings about holes in corporate and government systems that imperil U.S. economic and national security"

    --
    AccountKiller
  39. TAKE THE PLCs OFF THE INTERNET by Billly+Gates · · Score: 1

    What is sad is an attack by Iran or anonymous will be needed and government intervention because the PHBs are stupid and retarded with their internet enabled report generations from the marketing videos.

    PLCs and not website hacking is the biggest threat in which Iran wants to do out or revenge for Stuxnet.

    --
    http://saveie6.com/
  40. Re:Mod parent up by Billly+Gates · · Score: 1

    As has been pointed out many times on Slashdot, computers that control critical infrastructure are connected to the Internet more often than not, due to factors ranging from operator's creating unauthorized connections for personal convenience, to management wanting flashy real time reports to government regulations requiring offsite backup of process parameter data history.

    Those PLCs on unpatched XP boxes are not secured on purpose due to retarded management. Sadly we need laws and an attack on the US wont be on websites but by these PLCs from the likes of Iran or someone else.

    --
    http://saveie6.com/
  41. What is the threat? by nilbog · · Score: 1

    How much of this is legitimate worry and how much of it is the military industrial complex kicking up fear in order to get more money?

    --
    or else!
  42. Well, "Perl" Harbor, maybe. by Kaz+Kylheku · · Score: 1

    :)

  43. Re:Yes and No and Maybe So Fore-sense nonsense by TheRealHocusLocus · · Score: 1

    The attack on Perl Harbor is now in phase 5.16.2, see our live coverage on CPAN.

    I've never been able to grok this 'Pearl Harbor' metaphor thing, it is used to point out something no one could have possibly foreseen before it happens, which is a form of fore-seeing so whatever is being discussed could not ever later have been un-foreseen. Does that make any fore-sense?

    Not to mention that unlike the ThisGATE ThatGATE AnythingGATE headline absurdity which is for fun and entertainment purposes only -- during the Pearl Harbor attack many men died defending their country and to a certain extent casual banal use of the term -- especially for things that are no-brainer fore-seeable, dishonors their memories.

    --
    <blink>down the rabbit hole</blink>
  44. Re:A problem? Yes. The biggest? No. by Mitreya · · Score: 1

    The US has not passed a proper federal budget since NINETEEN-FUCKING-NINETY-SEVEN.

    Ooh, yeah, I like the fact that wars have managed to stay off the budget completely. What's up with emergency supplemental appropriations bills that funded Iraq/Afganistan? Where were the budget-conservative Republicans when those passed?
    (I know that both parties are the same, blah blah... but Republicans _are_ running on "no more taxes/no more debt" platform)