Slashdot Mirror
President Obama Unveils $19 Billion Plan To Overhaul U.S. Cybersecurity
erier2003 writes: President Obama on Tuesday unveiled an expansive plan to bolster government and private-sector cybersecurity by establishing a federal coordinator for cyber efforts, proposing a commission to study future work, and asking Congress for funds to overhaul dangerously obsolete computer systems. His newly signed executive orders contain initiatives to better prepare college students for cybersecurity careers, streamline federal computer networks, and certify Internet-connected devices as secure. The Cybersecurity National Action Plan also establishes a Federal Privacy Council (to review how the government stores Americans' personal information), creates the post of Chief Information Security Officer, and establishes a Commission on Enhancing National Cybersecurity.
"I only intend to improve the cybersecurity of the government while doing everything I can to undermine the security of regular peon-- er-- people."
Republicans reject it before it even comes out and refuse to read it.
Because "Obama"
love the taste, hate the texture
That the Republican Congress won't even take a look at the President Obama's final budget proposals. Nice talking point, though.
And that's just what it will take to clean up Hillary's email.
They rule encryption is a form of a weapon, with restrictions on export. Then they want to ban encryption. Pray-tell, how is the govt going to certify anything as secure without the most robust encryption technologies and practices currently available? Or does it mean, certified backdoored?
So now, when people's computers get hacked, Republicans can "Blame Obama!" for that too?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Overlooking the fact that George W. front loaded the debt for Obama by not paying for Medicare reform and tax cuts, and keeping two wars off the books.
Looks like your days are numbered, black hats!!
SJW's don't eliminate discrimination. They just expropriate it for themselves.
Obama budget passed during his presidency = 0
So any GDP debt would be the fault of congress.
love the taste, hate the texture
If you like your privacy, you can keep your privacy.
There is no God, and Dirac is his prophet.
Next you realize that 'unveiling a plan' and 'asking Congress for funding' have nothing to do with executive orders, and maybe, just maybe, resolve to not be such a knee-jerk when you see the name of a political figure that you regularly disagree with.
This is a tiny portion of an overall 4.1 Trillion dollar budget submitted to Congress -- a Congress, mind you that would never pass this budget because:
A) Obama is a democrat
B) Obama is black
C) The budget has more spending than previous budgets.
And frankly, even if the Congress was working with the president instead of against him, they are a bunch of arrogant incompetent do-nothings -- I personally thing our political gridlock has more to do with the likes of Louie Gohmert than with actual malice -- they are simply too stupid to pass actual legislation.
If telephones are outlawed, then only outlaws will have telephones.
I wish I had points to vote this up.
Everybody on the gravy train! This is going to be 10x better than Y2K, and afterwards we'll have 2038 to cash in on.
Government: We suck at everything, but we'll excel at infosec!
Most of the "cybersecurity holes" can be tracked down to some contractor slapping in an insecure installation of -whatever- to do the bare minimum needed to keep the contract. This is what needs to be fixed -- contracts need to be monitored closely and terminated in cases of poor performance. Security is a human error thing mostly:
- Not removing default passwords and accounts
- Leaving ports open and services running that aren't necessary
- Not keeping up with product versions and patch cycles
- Leaving unencrypted disks full of data on trains or in cars that get broken into
The problem is that even big companies can't manage to get this right, let alone government agencies. Big companies fall prey to the same mentality of just hiring contractors. Even the NSA did this -- if there was ever an organization that needed to do their own in-house IT, that's definitely #1 on the list. Employees will care about security when employers start demanding it.
The solution, which is nearly impossible to implement, is to make everyone involved step their game up. Hire real, full time employees who are committed to the agencies' or companies' missions at a level slightly above "I can keep my job." Make sure everyone is trained and double-check work.
wow, thats a great way to wake up with a laugh. read the full article and try to work out how this will be done.
Firstly you need infrastructure that is secure from attacks, so it doesn't exist yet. Systems that are digitally secure are usually accessible through human error or physical tampering and with larger interconnected system like a national infrastructure there's simply no way to fully secure a system.
Secondly, you need software and encryption systems that are not broken to allow spy success, as guess what your not the only smart people in the world so we are talking military grade encryption that is good, sadly is not good for large scale deployment as it slows down systems and information retrieval.
Thirdly, you simply cannot attract the best programmers and the private sector know how valuable they are and offer far more than you can think of for their services, student loan reduction/freebies are great but some of the best are not industry trained as out-of-the-box thinking is prized and industry learning is by rote.
to do this you would need to overhaul the entire system of security and actually set standards over securing information which the private sector has been vehemently against, even the opening salvo is doomed.
"Obama created two new entities as part of a $19 billion budget proposal to Congress on cybersecurity: The first, a Commission on Enhancing National Cybersecurity, will be made up of business, technology, national security and law enforcement leaders who will make recommendations to strengthen online security in the public and private sectors. It will deliver a report to the president by Dec. 1."
SO a party line troup.
The second, a Federal Privacy Council, will bring together chief privacy officers from 25 federal agencies to coordinate efforts to protect the vast amounts of data the federal government collects and maintains about taxpayers and citizens.
How? its simple impossible, the sheer logistics of making a secure database that no-one can abuse and yet still allow a large number of self-governing departments with their own software and security systems, that cannot be tampered with has never been achieved in history, 19 Billion is simply not enough money, you could bankrupt the country making this a reality and still come no-where close, take a look at what trouble the military's computer system integration has wrought and they are just trying to make a unified payroll system.
Seems more like pork to me. The problem with cybersecurity right now mainly comes from basically anybody and everybody running old shit that is vulnerable. A classic example is Android 2.3 devices that people still carry around. And of course, large companies that have obsolete OSes still running on the public internet.
This whole IoT mess is only going to make it much worse. What's needed are rules establishing a minimum standard to raise the bar for longer term security updates. I.e. rules to the effect of requiring manufacturers to provide security updates for no less than 7 years after first product general availability to market. Also provide some kind of source escrow so that if the company folds the firmware can be released as completely open source, complete with signing keys where applicable.
Also something needs to be done about the DDoS as a service situation. The primary target should be end users who harbor compromised systems connected to a broadband ISP. For example, if they're found to be participating in a DDoS attack, whether they are a willing participant or not, they are to have their internet connection throttled to 128kbit until they have cleaned their systems.
He's a lame duck, and Trump is just gonna undo anything he signs into law, so what's the point? Might as well just brush up on his golf game. Fore!
Trump? The entire Republican Party has been attempting to undo everything Obama ever did since the day he took office. I wouldn't be surprised if they declared him an unperson before they're done.
I understand that the Replublicans and Democrats have different philosophies, but this wholesale eradication crusade that they've adopted is beyond reason.
Yet he continues to drive up the national debt and seems to have no plains on how to pay back what we owe.
That's because no politician wants to raise taxes. The problem is only going to get worse in the next 20 years when the baby boomers retire and fewer workers are paying taxes. Social security and Medicare will take two-thirds of the federal budget. Everything else will have to come out of one-third of the budget and/or more deficit spending.
An Executive Order != Law
Indeed cool.
He must mean pest control, since over 90% of the internet access ruptures were rats (Sacramento), squirrels and termites.
To bury all those cables underground like a normal nation naturally doesn't come to mind, too expensive apparently, but 10s of thousands of power, internet and phone outages each year are apparently also ok.
And I don't even mention storms, snow, ice rain and drunks.
As long as anybody can just walk to a wisely chosen wooden post with an axe those billions are just pork. And if you remember, there are even people digging up fiber cables to cut them or install their own devices. And also submarines seem to camp around the cables as well.
Since Homeland security and the FBI can't even protect their mailing list from teens, this won't matter at all.
All he has to do is get the NSA to work for good instead of evil. Problem solved with no additional money spent.
Oops, there's the problem. "No additional money spent" means a program will never get off the ground in Washington.
Prediction - On - Monday 18th of January 2038 10:14:07 PM - the internal clock on many PC will change from 0x7fffffff to 0x80000000 and depending on how the software treats the number it may change the time to - Friday 13th of December 1901 03:45:52 PM - or not. Hopefully by that time all real computes will be 64bit and the issue goes away. But beware for 32 bit computers this is going to be a much bigger problem than the Y2K issue! And yes Y2K did have some major fallout - NORAD was blind for hours! Some NSA computers were down for days!
So. If Obama was for Keystone the Republicans would be against it?
If Obama enforced the border the Republicans would be against it?
If Obama used Executive Privilege to relinquish Federal lands and give them back to the states the Republicans would be against it?
I don't think so.
However the Democrats passed Obamacare - how's it gone for them since then?
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
I have already designed and partially built a system that will help solve the problem. I just need some cash to finish it. $1 Billion will be more than enough.
Try disobeying an Executive Order. Then you'll realize that they are considered "law".
Now, if what you're saying is that we can ignore them without consequences, then I'm in full agreement (in principle). But we all know that laws aren't meant for the rich and powerful, only us serfs.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
No doubt this will turn into the F-35 of IT security: badly designed, poorly implemented, over budget, behind schedule, and ultimately ineffective.
Try disobeying an Executive Order. Then you'll realize that they are considered "law".
Unless they are challenged in court and found to be unconstitutionally out of bounds for the president to have issued in the first place. Obama has lost in court multiple times on that front so far.
Don't disappoint your bird dog. Go to the range.
Because past Presidents have never proposed budgets before.
Here's a hint, they do it pretty much every year. Congress doesn't have to listen to it, of course, though they sometimes do.
This will probably be good for me and for people I know, since I'm in the information security field.
That said, I hope the republicans take a look at what exactly he wants to spend yet another $19 billion on each year (assuming none of it goes over budget). Another healthcare.gov type government IT project isn't what we need, obviously. Even liberals could probably come up with better uses for those billions of dollars than cybercare.gov. ;)
We'll see what all he wants to do. Hiring a CSO for the federal government might be a good idea. If he wants Brian Harrison and Chris Gronet to run it, each with a $20 million / year salary, that's probably a bad idea.
Republicans reject it before it even comes out and refuse to read it.
Because "Obama"
Oh, be fair now...
Remember that Obamacare website? How high quality was that?
How about Obamacare itself? Did cementing health insurance companies into federal law fix any problems?
How about closing Gitmo? How did that work out?
Hell, how about his stance on telecom immunity? How's that working out for us?
Or making up new immigration law by executive order?
Or ordering the assassination of a US citizen? (With no trial, and by authority of a secret law.)
Really. If you want to blame gridlock on the merits of the situation, then do so.
Otherwise, to the casual observer it would appear that "because Obama" is a perfectly valid reason to oppose something.
Because, you know, "good and evil".
He's part of the executive branch, so giving "executive orders" is literally his job. Those EO's are to direct the rest of the executive branch how to uphold the law. So if there's a need for an overhaul of cybersecurity to maintain compliance with a law, and that overhaul is going to cost $whatever, then it absolutely, literally is his job to make an EO to spend $whatever to get it done, as long as the overall budget can handle the expenditure of $whatever. And if it can't, then he has to ask Congress to rubber-stamp a funding project that is likely to be an enormous source of pork for everyones' districts while providing a feel-good national security angle. (Not a tough sell, politically.)
And to save money, Wall Street stooge, President Obama, will be using only foreign visa replacement workers!
.
You go, Obama, you go . . .
Recommended reading:
Sold Out, by Michelle Malkin and John Miano
Outsourcing America, by Ron Hira
Great, yet another federal bureaucracy (actually, two) to get in the way and generally screw things up.
Really, it's just another way to feed taxpayer funds to political friends, all under a "feel good" title.
Enjoy life! This is not a dress rehearsal.
So. If Obama was for Keystone the Republicans would be against it?
If Obama enforced the border the Republicans would be against it?
If Obama used Executive Privilege to relinquish Federal lands and give them back to the states the Republicans would be against it?
I don't think so.
However the Democrats passed Obamacare - how's it gone for them since then?
Pretty fucking bad:
Democrats have sacrificed a lot for ObamaCare. The party that rode two anti-GOP waves to unqualified power has been decimated. In 2009, Democrats controlled 62 of 99 legislative chambers, 29 governorships, and substantial majorities in both chambers of Congress. Today, the GOP controls 70 percent of all legislative chambers and 32 governorships. Nearly half the population of the United States lives under total Republican control. In the Congress, Republican majorities in the lower chamber appear nearly impossible to oust in this decade and the project of retaking the Senate in 2016 now seems a daunting task despite the number of exposed GOP members in traditionally Democratic states. If Democrats were to lose the presidency in 2017, they would no longer be able to avoid taking stock of the full scale of the party’s decimation. Obama’s hold on the White HoOuse has masked the scope of the party’s truncation.
Who votes Democrat other than sheltered white liberals and the "gimme free stuff!" crowd?
If step one of his plan is not to fire all the idiots in charge and replace every single one with someone that has a MINIMUM 10 years experience on the ground with cybersecurity, then it's a failure.
Law enforcement people are idiots when it comes to Cyber security, you need real people that know what the hell they are doing in order to be smart enough to make decisions and direct properly.
Instead we get Executives that barely know how to lock a door properly put in charge and they make stupid decisions that are ineffective. OR worse a FBI/CIA director that can't even check email put in charge because it has the word "security" in it.
Do not look at laser with remaining good eye.
My older brother's name is Timmy. So what?
For yet another big government pork project!
Fuck Obama.
Chas - The one, the only.
THANK GOD!!!
the crumbling utilities, bridges and free ways that are nearly 50-40 years old?
Meh, it's only money not counting what we already spend in this area. Hey, here's a nifty idea. With all the loopholes and private e-mails flying around with secure information, why not admit we failed and start over? That means get rid of the so called "experts" from Booze Allen et al. and at the NSA and replace it with the kind of infrastructure we need to protect our National Security. Oh and enforce the fucking espionage laws including those faux pas of those elected and un-elected officials who decide that Security isn't their problem.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
My objection is that they are assumed "law" but never having been through the Legislature, cannot be "law" ... by definition. So the assumption should be "these aren't laws, more like guidelines".
The problem isn't executive orders, it is that they aren't really laws, but are still treated as laws.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
And you are how many $millions poorer in order to fight for your obvious rights? And the government lawyers starting and continuing these knowingly unconstitutional cases get disbarred, fined or sanctioned how often? Power will get abused as long as there are no consequences to abusing that power.
Heh, even more to the point, congress retains power of the purse, so any deficits are specifically their responsibility.
Another Executive Order? Is that the only way that things get done these days? Did Obama even bother to try to work with Congress? I think not. The only thing coming out of the Oval Office these days are EO's so the process is obviously being abused.
I think we should change the rules on what Executive Orders are and how they can be used. Currently they are being used as a way to push forward whatever the President wants - regardless of what Congress votes on or what the majority of American citizens want. If Congress cannot come to an agreement on a bill then it should not become a law.
If we are going to have a system of government where the President passes all the laws (and, by the way, an EO is NOT a law) then we should just abolish the Congress and have a King. Welcome to Indonesia West.
Don't we need to invent replicators first? I hope we all end up as Star Trek predicted and not as Half-Life predicted :)
You know whenever I hear "cyber" used, I know it is some US Government flunky who is using the term. Nobody calls it "cyberspace" anymore unless you're talking to senior citizens or the government. It's as jarring as listening to actors trying to sound "hip" on some 1960s filmstrip in school.
Huh? Bank and corporation CEOs now vote democrat? Really?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I’m confused. TFA says new entities created by executive order. Then says they're part of budget proposal to congress. Then says they're "driving our executive authority to the limit." Suddenly making more sense why no one reads TFA.
He once inserted random mutations into his code, just so he could have the experience of debugging.
" and student loan forgiveness to help recruit top technical talent." Well, even if the next POTUS does roll this back, hopefully some of us can get into this program first and get some benefit from it.
Not.
Sigh. I mean I like how we're not wasting $ on F-35A in the Too Big To Afford mil budget, but this is not where we have the problem in cybersecurity.
Our problem is we let things be open that should never be open, we trust "secure clouds" that are by design insecure, and we waste a lot of time on counter measures that any trained monkey knows don't work.
But, hey, let's throw money at the problem and see if it goes away.
-- Tigger warning: This post may contain tiggers! --
So easily people forget that the Republicans were unable to do the exact same thing in 2006 when they had control and a Republican in the White House. And by forget I mean purposely ignore so they can say the same thing to the other side.
"Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
Most of those cases were brought by well funded organizations acting on behalf of large constituencies. They exist exactly for this purpose.
Don't disappoint your bird dog. Go to the range.
Yes - it's been that way for a decade
http://www.ijreview.com/2014/0...
It's starting to change. I guess companies do get tired of being made the target of blame for all of our countries woes
http://thehill.com/blogs/blog-...
I'm wondering what country's citizens will be getting the benefit of the work that comes from this.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
And this is why we will be in the same mess as Greece in 20 years. And like Greece, no one will want to fix the things that need to be fixed: federal retirement age, medicare, taxes, military spending.
Brilliance without wisdom, power without conscience. Ours is a world of nuclear giants and ethical infants.
First build a time machine and a killer robot and send it back to kill these two for crimes against the cybernet: Bill Gates & Steve Ballmer Night at the Roxbury theme
That and have the backbone providers throttle (or better yet, outright drop) foreign originated DDoS traffic, since obviously the US can't set rules for other countries' broadband providers.
He's going to visit Hillary?
Weird how the only place you hear the word "cyber" anymore is from our government.
--- wad