Slashdot Mirror
President Obama Unveils $19 Billion Plan To Overhaul U.S. Cybersecurity
erier2003 writes: President Obama on Tuesday unveiled an expansive plan to bolster government and private-sector cybersecurity by establishing a federal coordinator for cyber efforts, proposing a commission to study future work, and asking Congress for funds to overhaul dangerously obsolete computer systems. His newly signed executive orders contain initiatives to better prepare college students for cybersecurity careers, streamline federal computer networks, and certify Internet-connected devices as secure. The Cybersecurity National Action Plan also establishes a Federal Privacy Council (to review how the government stores Americans' personal information), creates the post of Chief Information Security Officer, and establishes a Commission on Enhancing National Cybersecurity.
"I only intend to improve the cybersecurity of the government while doing everything I can to undermine the security of regular peon-- er-- people."
Republicans reject it before it even comes out and refuse to read it.
Because "Obama"
love the taste, hate the texture
That the Republican Congress won't even take a look at the President Obama's final budget proposals. Nice talking point, though.
And that's just what it will take to clean up Hillary's email.
They rule encryption is a form of a weapon, with restrictions on export. Then they want to ban encryption. Pray-tell, how is the govt going to certify anything as secure without the most robust encryption technologies and practices currently available? Or does it mean, certified backdoored?
So now, when people's computers get hacked, Republicans can "Blame Obama!" for that too?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
just.... can't... stop.... spending.....
Debt to GDP at beginning of term: 84%
Debt to GDP at end of term: 103%
Debt added: 6 trillion dollars
THANKS OBAMA!
Just give me a big fucking gun, and I take care of anything. ANYTHING.
Looks like your days are numbered, black hats!!
SJW's don't eliminate discrimination. They just expropriate it for themselves.
... require providers of encryption software to include a back door for the NSA.
If you like your privacy, you can keep your privacy.
There is no God, and Dirac is his prophet.
Fleecing the taxpayer for snake oil "security" over liberty.
Taxation without representation.
Next you realize that 'unveiling a plan' and 'asking Congress for funding' have nothing to do with executive orders, and maybe, just maybe, resolve to not be such a knee-jerk when you see the name of a political figure that you regularly disagree with.
This is a tiny portion of an overall 4.1 Trillion dollar budget submitted to Congress -- a Congress, mind you that would never pass this budget because:
A) Obama is a democrat
B) Obama is black
C) The budget has more spending than previous budgets.
And frankly, even if the Congress was working with the president instead of against him, they are a bunch of arrogant incompetent do-nothings -- I personally thing our political gridlock has more to do with the likes of Louie Gohmert than with actual malice -- they are simply too stupid to pass actual legislation.
If telephones are outlawed, then only outlaws will have telephones.
Everybody on the gravy train! This is going to be 10x better than Y2K, and afterwards we'll have 2038 to cash in on.
Government: We suck at everything, but we'll excel at infosec!
Most of the "cybersecurity holes" can be tracked down to some contractor slapping in an insecure installation of -whatever- to do the bare minimum needed to keep the contract. This is what needs to be fixed -- contracts need to be monitored closely and terminated in cases of poor performance. Security is a human error thing mostly:
- Not removing default passwords and accounts
- Leaving ports open and services running that aren't necessary
- Not keeping up with product versions and patch cycles
- Leaving unencrypted disks full of data on trains or in cars that get broken into
The problem is that even big companies can't manage to get this right, let alone government agencies. Big companies fall prey to the same mentality of just hiring contractors. Even the NSA did this -- if there was ever an organization that needed to do their own in-house IT, that's definitely #1 on the list. Employees will care about security when employers start demanding it.
The solution, which is nearly impossible to implement, is to make everyone involved step their game up. Hire real, full time employees who are committed to the agencies' or companies' missions at a level slightly above "I can keep my job." Make sure everyone is trained and double-check work.
https://www.nsa.gov/about/
NSA/CSS exists to protect the Nation. Our customers know they can count
on us to provide what they need, when they need it, wherever they need it.
ABOUT NSA The National Security Agency/Central Security Service is the
Nation's cryptologic organization. Our core missions are to protect U.S.
national security systems and to produce foreign signals intelligence
information.
The NSA has been a stunning failure in protecting US national security systems. Nes't pas?
wow, thats a great way to wake up with a laugh. read the full article and try to work out how this will be done.
Firstly you need infrastructure that is secure from attacks, so it doesn't exist yet. Systems that are digitally secure are usually accessible through human error or physical tampering and with larger interconnected system like a national infrastructure there's simply no way to fully secure a system.
Secondly, you need software and encryption systems that are not broken to allow spy success, as guess what your not the only smart people in the world so we are talking military grade encryption that is good, sadly is not good for large scale deployment as it slows down systems and information retrieval.
Thirdly, you simply cannot attract the best programmers and the private sector know how valuable they are and offer far more than you can think of for their services, student loan reduction/freebies are great but some of the best are not industry trained as out-of-the-box thinking is prized and industry learning is by rote.
to do this you would need to overhaul the entire system of security and actually set standards over securing information which the private sector has been vehemently against, even the opening salvo is doomed.
"Obama created two new entities as part of a $19 billion budget proposal to Congress on cybersecurity: The first, a Commission on Enhancing National Cybersecurity, will be made up of business, technology, national security and law enforcement leaders who will make recommendations to strengthen online security in the public and private sectors. It will deliver a report to the president by Dec. 1."
SO a party line troup.
The second, a Federal Privacy Council, will bring together chief privacy officers from 25 federal agencies to coordinate efforts to protect the vast amounts of data the federal government collects and maintains about taxpayers and citizens.
How? its simple impossible, the sheer logistics of making a secure database that no-one can abuse and yet still allow a large number of self-governing departments with their own software and security systems, that cannot be tampered with has never been achieved in history, 19 Billion is simply not enough money, you could bankrupt the country making this a reality and still come no-where close, take a look at what trouble the military's computer system integration has wrought and they are just trying to make a unified payroll system.
Seems more like pork to me. The problem with cybersecurity right now mainly comes from basically anybody and everybody running old shit that is vulnerable. A classic example is Android 2.3 devices that people still carry around. And of course, large companies that have obsolete OSes still running on the public internet.
This whole IoT mess is only going to make it much worse. What's needed are rules establishing a minimum standard to raise the bar for longer term security updates. I.e. rules to the effect of requiring manufacturers to provide security updates for no less than 7 years after first product general availability to market. Also provide some kind of source escrow so that if the company folds the firmware can be released as completely open source, complete with signing keys where applicable.
Also something needs to be done about the DDoS as a service situation. The primary target should be end users who harbor compromised systems connected to a broadband ISP. For example, if they're found to be participating in a DDoS attack, whether they are a willing participant or not, they are to have their internet connection throttled to 128kbit until they have cleaned their systems.
Update all PCs with the free Win10 upgrade offer, spend the remaining on cost overruns and oversight committees.
He's a lame duck, and Trump is just gonna undo anything he signs into law, so what's the point? Might as well just brush up on his golf game. Fore!
Trump? The entire Republican Party has been attempting to undo everything Obama ever did since the day he took office. I wouldn't be surprised if they declared him an unperson before they're done.
I understand that the Replublicans and Democrats have different philosophies, but this wholesale eradication crusade that they've adopted is beyond reason.
He's part of the executive branch, not legislative. This is literally not his job.
...and justifying the largest budget possible.
How else can they continue the endless expansion of government? By cutting costs? (LOL.)
An Executive Order != Law
Indeed cool.
He must mean pest control, since over 90% of the internet access ruptures were rats (Sacramento), squirrels and termites.
To bury all those cables underground like a normal nation naturally doesn't come to mind, too expensive apparently, but 10s of thousands of power, internet and phone outages each year are apparently also ok.
And I don't even mention storms, snow, ice rain and drunks.
As long as anybody can just walk to a wisely chosen wooden post with an axe those billions are just pork. And if you remember, there are even people digging up fiber cables to cut them or install their own devices. And also submarines seem to camp around the cables as well.
Since Homeland security and the FBI can't even protect their mailing list from teens, this won't matter at all.
All he has to do is get the NSA to work for good instead of evil. Problem solved with no additional money spent.
Oops, there's the problem. "No additional money spent" means a program will never get off the ground in Washington.
Prediction - On - Monday 18th of January 2038 10:14:07 PM - the internal clock on many PC will change from 0x7fffffff to 0x80000000 and depending on how the software treats the number it may change the time to - Friday 13th of December 1901 03:45:52 PM - or not. Hopefully by that time all real computes will be 64bit and the issue goes away. But beware for 32 bit computers this is going to be a much bigger problem than the Y2K issue! And yes Y2K did have some major fallout - NORAD was blind for hours! Some NSA computers were down for days!
So. If Obama was for Keystone the Republicans would be against it?
If Obama enforced the border the Republicans would be against it?
If Obama used Executive Privilege to relinquish Federal lands and give them back to the states the Republicans would be against it?
I don't think so.
However the Democrats passed Obamacare - how's it gone for them since then?
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
I have already designed and partially built a system that will help solve the problem. I just need some cash to finish it. $1 Billion will be more than enough.
Try disobeying an Executive Order. Then you'll realize that they are considered "law".
Now, if what you're saying is that we can ignore them without consequences, then I'm in full agreement (in principle). But we all know that laws aren't meant for the rich and powerful, only us serfs.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
No doubt this will turn into the F-35 of IT security: badly designed, poorly implemented, over budget, behind schedule, and ultimately ineffective.
Try disobeying an Executive Order. Then you'll realize that they are considered "law".
Unless they are challenged in court and found to be unconstitutionally out of bounds for the president to have issued in the first place. Obama has lost in court multiple times on that front so far.
Don't disappoint your bird dog. Go to the range.
Because past Presidents have never proposed budgets before.
Here's a hint, they do it pretty much every year. Congress doesn't have to listen to it, of course, though they sometimes do.
This will probably be good for me and for people I know, since I'm in the information security field.
That said, I hope the republicans take a look at what exactly he wants to spend yet another $19 billion on each year (assuming none of it goes over budget). Another healthcare.gov type government IT project isn't what we need, obviously. Even liberals could probably come up with better uses for those billions of dollars than cybercare.gov. ;)
We'll see what all he wants to do. Hiring a CSO for the federal government might be a good idea. If he wants Brian Harrison and Chris Gronet to run it, each with a $20 million / year salary, that's probably a bad idea.
Republicans reject it before it even comes out and refuse to read it.
Because "Obama"
Oh, be fair now...
Remember that Obamacare website? How high quality was that?
How about Obamacare itself? Did cementing health insurance companies into federal law fix any problems?
How about closing Gitmo? How did that work out?
Hell, how about his stance on telecom immunity? How's that working out for us?
Or making up new immigration law by executive order?
Or ordering the assassination of a US citizen? (With no trial, and by authority of a secret law.)
Really. If you want to blame gridlock on the merits of the situation, then do so.
Otherwise, to the casual observer it would appear that "because Obama" is a perfectly valid reason to oppose something.
Because, you know, "good and evil".
APK Hosts File Engine 9.0++ SR-4 32/64-bit http://start64.com/index.php?o...
-
FREE, not 'souled-out' to advertisers, adds speed, security & reliability.
Does far more w/ far less more efficiently vs. addons (clarityray blockable, redundant + RAM/CPU wasteful & 'souled-out' crippled by default) & local DNS servers @ home.
Fixes DNS' security issues & stops tracking @ webpage + DNS levels via 1 file you NATIVELY have!
(Firewalls do rest on FAR less used IP address trackers/threats vs. host-domain names).
-
Obtains data vs. online threats & ads via 10 reputable security community sites - easily edited by you using my program.
-
SPEEDS YOU UP 2 ways:
Adblocking ALL ads + local RAM cached favorite sites @ TOP of hosts for faster resolution vs. remote DNS (for reliability + speed) vs. other "so-called security 'solutions'" SLOWING YOU!
-
All via what you already have vs. illogically "bolting on browser addons 'MOAR'" (clarityray detected/blockable + usermode slow & increased messagepassing, cpu + ram overheads)
-
MalwareBytes' hpHosts Admin (MalwareBytes employee verified it's source as safe http://forum.hosts-file.net/vi... ) hosts & recommends it -> http://hosts-file.net/?s=Downl...
&
MalwareBytes = BEST antivirus per a VERY recent testing of them all http://www.av-test.org/en/news...
&
It's safe proven by 57 antivirus programs in BOTH its 64-bit model https://www.virustotal.com/en/...
+
32-bit model https://www.virustotal.com/en/...
&
Installer-> http://f.virscan.org/APKHostsF...
-
* "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend".
APK
P.S.=> By "yours truly" - "The Lord of Hosts" so-to-speak:
"The image this title brings to mind is a mighty military commander who can at a mere word summon rank upon rank of protective power" -> https://answers.yahoo.com/ques... & THE WORD = hosts!
(Accept NO substitutes)
...apk
He's part of the executive branch, so giving "executive orders" is literally his job. Those EO's are to direct the rest of the executive branch how to uphold the law. So if there's a need for an overhaul of cybersecurity to maintain compliance with a law, and that overhaul is going to cost $whatever, then it absolutely, literally is his job to make an EO to spend $whatever to get it done, as long as the overall budget can handle the expenditure of $whatever. And if it can't, then he has to ask Congress to rubber-stamp a funding project that is likely to be an enormous source of pork for everyones' districts while providing a feel-good national security angle. (Not a tough sell, politically.)
And to save money, Wall Street stooge, President Obama, will be using only foreign visa replacement workers!
.
You go, Obama, you go . . .
Recommended reading:
Sold Out, by Michelle Malkin and John Miano
Outsourcing America, by Ron Hira
Great, yet another federal bureaucracy (actually, two) to get in the way and generally screw things up.
Really, it's just another way to feed taxpayer funds to political friends, all under a "feel good" title.
Enjoy life! This is not a dress rehearsal.
So. If Obama was for Keystone the Republicans would be against it?
If Obama enforced the border the Republicans would be against it?
If Obama used Executive Privilege to relinquish Federal lands and give them back to the states the Republicans would be against it?
I don't think so.
However the Democrats passed Obamacare - how's it gone for them since then?
Pretty fucking bad:
Democrats have sacrificed a lot for ObamaCare. The party that rode two anti-GOP waves to unqualified power has been decimated. In 2009, Democrats controlled 62 of 99 legislative chambers, 29 governorships, and substantial majorities in both chambers of Congress. Today, the GOP controls 70 percent of all legislative chambers and 32 governorships. Nearly half the population of the United States lives under total Republican control. In the Congress, Republican majorities in the lower chamber appear nearly impossible to oust in this decade and the project of retaking the Senate in 2016 now seems a daunting task despite the number of exposed GOP members in traditionally Democratic states. If Democrats were to lose the presidency in 2017, they would no longer be able to avoid taking stock of the full scale of the party’s decimation. Obama’s hold on the White HoOuse has masked the scope of the party’s truncation.
Who votes Democrat other than sheltered white liberals and the "gimme free stuff!" crowd?
If step one of his plan is not to fire all the idiots in charge and replace every single one with someone that has a MINIMUM 10 years experience on the ground with cybersecurity, then it's a failure.
Law enforcement people are idiots when it comes to Cyber security, you need real people that know what the hell they are doing in order to be smart enough to make decisions and direct properly.
Instead we get Executives that barely know how to lock a door properly put in charge and they make stupid decisions that are ineffective. OR worse a FBI/CIA director that can't even check email put in charge because it has the word "security" in it.
Do not look at laser with remaining good eye.
For yet another big government pork project!
Fuck Obama.
Chas - The one, the only.
THANK GOD!!!
the crumbling utilities, bridges and free ways that are nearly 50-40 years old?
Meh, it's only money not counting what we already spend in this area. Hey, here's a nifty idea. With all the loopholes and private e-mails flying around with secure information, why not admit we failed and start over? That means get rid of the so called "experts" from Booze Allen et al. and at the NSA and replace it with the kind of infrastructure we need to protect our National Security. Oh and enforce the fucking espionage laws including those faux pas of those elected and un-elected officials who decide that Security isn't their problem.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
My objection is that they are assumed "law" but never having been through the Legislature, cannot be "law" ... by definition. So the assumption should be "these aren't laws, more like guidelines".
The problem isn't executive orders, it is that they aren't really laws, but are still treated as laws.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
...at some point in the not-too-distant future.
And you are how many $millions poorer in order to fight for your obvious rights? And the government lawyers starting and continuing these knowingly unconstitutional cases get disbarred, fined or sanctioned how often? Power will get abused as long as there are no consequences to abusing that power.
Another Executive Order? Is that the only way that things get done these days? Did Obama even bother to try to work with Congress? I think not. The only thing coming out of the Oval Office these days are EO's so the process is obviously being abused.
I think we should change the rules on what Executive Orders are and how they can be used. Currently they are being used as a way to push forward whatever the President wants - regardless of what Congress votes on or what the majority of American citizens want. If Congress cannot come to an agreement on a bill then it should not become a law.
If we are going to have a system of government where the President passes all the laws (and, by the way, an EO is NOT a law) then we should just abolish the Congress and have a King. Welcome to Indonesia West.
Don't we need to invent replicators first? I hope we all end up as Star Trek predicted and not as Half-Life predicted :)
Investing in the development of sane architectures would radically reduce the scope of the problem. Securing x86 is a near hopeless cause; it is like trying to seal a volcano with band-aids. A better architecture can eliminate the vast bulk of exploits possible on x86 by design, while enabling more efficient and secure operating systems. On the other hand, our current government probably appreciates how Intel has effectively back-doored all current x86 systems.
1. Maintain integrity of confidential US Federal Government
2. Ensure no publicity exists for anything that violates #1
a. Snowen
b. Hillary's top-secret emails on a private server box in somebody's back room
c. General Petraeus [oh wait, that's been pled, spanked, and done]
d. DHS employee data release in the wild because Palestine (?!?)
e. FBI employee data release in the wild because Palestine (?!?)
3. Give speeches
a. Going dark
b. Silicon valley is unreasonable -- encryption can be made to only be used by "good guys"
c. The NSA are good guys. Come on. Don't we all love the NSA?
d. Palestinian hackers who release DHS and FBI employee lists are bad
e. But the other Palestinian hackers, they must be good because #antiIsrael #antiJewish #proTerrorism #islamForPeace
and finally
4. Go into the private sector
a. Sell underwear
c. Profit
He can start by forbidding the use of private email servers.
You know whenever I hear "cyber" used, I know it is some US Government flunky who is using the term. Nobody calls it "cyberspace" anymore unless you're talking to senior citizens or the government. It's as jarring as listening to actors trying to sound "hip" on some 1960s filmstrip in school.
It is a good thing that we are no longer bothered by a Constitution and need Congress to approve such spending and our benevolent King can now do it all himself. But we should be careful, the American public isn't too bright and someday an America hating person, maybe one who wasn't even born in this country, might try to take over and destroy this country by making bad decisions that he isn't legally entitled to make.
I'm an American. I love this country and the freedoms that we used to have.
Huh? Bank and corporation CEOs now vote democrat? Really?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
" and student loan forgiveness to help recruit top technical talent." Well, even if the next POTUS does roll this back, hopefully some of us can get into this program first and get some benefit from it.
Not.
Sigh. I mean I like how we're not wasting $ on F-35A in the Too Big To Afford mil budget, but this is not where we have the problem in cybersecurity.
Our problem is we let things be open that should never be open, we trust "secure clouds" that are by design insecure, and we waste a lot of time on counter measures that any trained monkey knows don't work.
But, hey, let's throw money at the problem and see if it goes away.
-- Tigger warning: This post may contain tiggers! --
Most of those cases were brought by well funded organizations acting on behalf of large constituencies. They exist exactly for this purpose.
Don't disappoint your bird dog. Go to the range.
Yes - it's been that way for a decade
http://www.ijreview.com/2014/0...
It's starting to change. I guess companies do get tired of being made the target of blame for all of our countries woes
http://thehill.com/blogs/blog-...
For example, if they're found to be participating in a DDoS attack, whether they are a willing participant or not, they are to have their internet connection throttled to 128kbit until they have cleaned their systems.
I think that every ISP/backbone provider needs to adopt this policy towards any incoming DDoS whether it be from individual subscribers or from a peered network. If every network throttled connections from which it was receiving a DDoS, then the incentive to resolve the DDoS would quickly flow back to the host networks who suddenly find themselves effectively isolated from the Internet.
I'm wondering what country's citizens will be getting the benefit of the work that comes from this.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Political theater to channel funds to cronies... do you not know how this works yet?
Nothing the government does is for you, everything is either theft or a power grab.
Democracy is a farce because the people are stupid.
First build a time machine and a killer robot and send it back to kill these two for crimes against the cybernet: Bill Gates & Steve Ballmer Night at the Roxbury theme
For those too young to remember, in Bill's last year in office, he proposed all sorts of stuff he himself never tried to actually do while in office (and which, even if passed, would not kick-in until he was long gone) solely for the purpose of creating all sorts of phony political arguments in the election year. One of the big examples was Clinton's "clean water" bill that lowered thresholds for lead and arsenic in water to insanely-low and unaffordable trace levels (below what occurs in nature). During the election year, any time a Republican argued against the proposal he/she was accused of wanting arsenic in drinking water. It was totally dishonest (arsenic at those levels has always been present in much of the naturally-occuring fresh water in the US). That stupid bill would have required a bunch of cities in the US to purify their sewage outflow to higher standards than the water they were getting from natural sources and pumping into homes - it was a political, rather than scientific, bill.
Look for BOTH parties to propose all sorts of phony budgets and bills this year which they will all argue loudly about even knowing most of it is rubbish. The only possibility that ANY of this will make it near a presidential signature into law will be if Ryan and McConnell double-down in full-RINO mode and do Obama's bidding on something like "criminal justice reform" as they have done in previous years and pass a bit of it to prove they are being "bi-partisan" - but that's politically dangerous to them in this election year.
That and have the backbone providers throttle (or better yet, outright drop) foreign originated DDoS traffic, since obviously the US can't set rules for other countries' broadband providers.
Weird how the only place you hear the word "cyber" anymore is from our government.
--- wad
But the president can give executive orders only during war times? As written in constitution?