Cybersecurity battle heads to Congress

posted at 9:00 am on March 24, 2012 by Jazz Shaw

There’s no getting around it… hackers are doing a lot more than just loading trojans into your important e-mails from Nigerian princes trying to send you money. Some of the most prominent “hacktivists” making news are from the group Anonymous, and they’ve been getting up to all sorts of mischief. Whether it’s targeting the government of Greece or going after the Pope, the threat of serious damage from this new breed of criminals is very real and a lot of industry resources are being put into trying to block them. But fear not! We’ve got just the solution which is bound to fix everything. (By which I mean, “fix nothing.”)

I’m From The Government And I’m Here To Help.

A bipartisan Senate bill to bolster cybersecurity has sparked a competing proposal from Republicans wary of new regulations for businesses, a signal that burgeoning anti-government fervor has begun shaping national-security measures.

The White House-backed proposal would require companies that own computer networks integral to key critical infrastructure like electric-power systems and nuclear reactors to meet certain cybersecurity standards. Sponsors include the chairman and ranking member of the Homeland Security panel, Sens. Joseph Lieberman (I., Conn.) and Susan Collins (R., Maine).

[...]

Much of the debate so far has focused on whether proposed new regulations would be too onerous and costly for the private sector. Business interests have played a key role in crafting both proposals.

The bipartisan bill would create a new regulatory regime. The Homeland Security Department would work with industry to determine which computer systems within companies were running infrastructure where a cyberattack would be catastrophic.

The Lieberman Collins bill takes a page from a very old and very bad book. They identify a real problem and then respond with a knee jerk reaction which dumps the entire mess on a federal agency and begins piling on regulations for private companies. Perhaps it’s time to take a different approach. Washington needs to be responsible for government computer systems, and they might need a bit more help from the private sector than they are currently allowing. Private companies are responsible for their own security needs and have to take the precautions they feel appropriate to protect themselves.

Yes, if they need help taking down the bad guys, call in Justice and just make sure they follow all constitutional protections when going after Americans. But the current plan looks like it will take private security into a realm of check box bureaucracy which will be out of date before the regulations are published. And that doesn’t even get into the question of how much this turns into an invitation for Uncle Sam to go browsing through everyone’s computer files.

The Republicans, led by John McCain, have an alternate proposal, but I’d need to see more details before I could endorse that either. It’s known as The Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act (SECURE IT), S 2151, and it seems to have the initial benefit of not turning the entire mess over to DHS. That’s a start, at least. Give it a read and see what you think.


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

Any bill co-sponsored by a RINO is still a democrat bill. This takeover of private networks has been tried before by Hussein and failed.

wildcat72 on March 24, 2012 at 9:05 AM

Any bill co-sponsored by a RINO is still a democrat bill. This takeover of private networks has been tried before by Hussein and failed.

wildcat72 on March 24, 2012 at 9:05 AM

Agreed. Any bill proposed by derpocrats should be soundly ignored and immediately fed into the flames without hesitation. Any bill proposed by a well known RINO should be, at the minimum, scrutinized under an electron microscope.

MooCowBang on March 24, 2012 at 9:11 AM

Any bill that would give Janet “The System Worked” Napolitano more power is a bad idea.

Wethal on March 24, 2012 at 9:14 AM

Fear the gov’t more than anyone. Fear the U.S. gov’t a lot.

The 4 R contenders are all inept at arguing how out of control this admin. is in their thuggery.

Schadenfreude on March 24, 2012 at 9:16 AM

It’s known as The Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act (SECURE IT), S 2151

I’m sorry, but really? It’s all a game isn’t it. Every bill Congress passes is a knee jerk reaction meant to take away or regulates our freedoms and yet, probably some intern, comes up with a cutesy name to try to fool us all into thinking we’ll be more secure with their interference.

Enough. For every bill that passes five should be taken off the books.

Fallon on March 24, 2012 at 9:20 AM

gross…

elfman on March 24, 2012 at 9:24 AM

The Republicans, led by John McCain, have an alternate proposal

“My friends, let’s just play nice. And vote for my friend Romney, if you are not voting for my friend Obama.”

davidk on March 24, 2012 at 9:29 AM

Hummmmmm… What could Go Wrong

Bwahahahahahahahahahahahahahahahahahah

Bend Over……. It’s GubRmint Good and Hard.

roflmao

donabernathy on March 24, 2012 at 9:36 AM

How about we start declaring these people terrorists and treat them as such? Send a nihilistic 19 year old nerd to a CIA black site and see how long he holds up.

Daemonocracy on March 24, 2012 at 9:38 AM

The internet is the greatest example of Anarchy and how successful the world could be without governments. And we can’t be have’n none of that….. now can we!!!!

roflmao

donabernathy on March 24, 2012 at 9:41 AM

How about we start declaring these people terrorists and treat them as such? Send a nihilistic 19 year old nerd to a CIA black site and see how long he holds up.

Daemonocracy on March 24, 2012 at 9:38 AM

I’m all for it. There is a huge level of arrogance that cheeto-fingered teenage losers can do basically anything online short of mass downloading kiddit pr0n and get away scot-free.

Haul a few key l33t d00ds in for some enhanced interrogation torture the next time they think it would be fun to “hack the man”. They’ll sing like canaries and you’ll have more than enough info to go round up the others.

MelonCollie on March 24, 2012 at 9:42 AM

I’m happy to hear that the Nigerian Princs are using Trojans when they try to screue you.

katy the mean old lady on March 24, 2012 at 9:48 AM

Any bill co-sponsored by a RINO is still a democrat bill. This takeover of private networks has been tried before by Hussein and failed.

wildcat72 on March 24, 2012 at 9:05 AM

And when was that? Oh, I see, you just imagined it.

lester on March 24, 2012 at 9:49 AM

Any bill co-sponsored by a RINO is still a democrat bill. This takeover of private networks has been tried before by Hussein and failed.

wildcat72 on March 24, 2012 at 9:05 AM

And when was that? Oh, I see, you just imagined it.

lester on March 24, 2012 at 9:49 AM

You don’t read much do you lester? Do some research, you will find that wildcat didn’t imagine it.

Conservative4Ever on March 24, 2012 at 10:06 AM

It’s known as The Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act (SECURE IT), S 2151

One of the most important requirements any bill has to have is a snappy acronym. /

PatriotGal2257 on March 24, 2012 at 10:34 AM

The problem with congresscritters passing BS tech legislation is real and extant. These people have ZERO idea about what they are dealing with. Most of them barely lack the competence to turn on their laptops.

Their first urge, which they always indulge, is to rush in and pass a raft of ill-advised regulations.

The same applies to their knowledge of finance, of which the overwhelming majority have zero experience. Maybe one or two have watched CNBC but that’s it.

Liberman and Collins have as much knowledge of technology as Dodd and Frank have of banking. That is to say ZERO.

CorporatePiggy on March 24, 2012 at 10:36 AM

Another mandate on the private entity. Term limits and repeal the seventeenth amendment

AH_C on March 24, 2012 at 10:42 AM

…and before you know it, numerous posts you make to Hot Air…will disappear into thin air!

KOOLAID2 on March 24, 2012 at 10:44 AM

The section in that bill that gives me concern is the Title III – Criminal Penalties section. The language sounds like it’s very much geared towards establishing harsher penalties for people who violate intellectual property laws.

MadisonConservative on March 24, 2012 at 11:08 AM

Send a nihilistic 19 year old nerd to a CIA black site and see how long he holds up.

Daemonocracy on March 24, 2012 at 9:38 AM

.
He would probably break on the car trip to “the site” and be babbling all kinds of details through the front door. They act all tough until the first time you show them a fist and pound on the table.
.
This reads like another barrier to entry and participation by new, entrepreneurial startups. That’s not what we need right now. Go back to the drawing board, regulators!

ExpressoBold on March 24, 2012 at 11:33 AM

:sigh: another case of tail wags dog.

Government is too damn big sometimes…I mean doesnt the Computer/IT industry already have security requirments in place? And more of those standards have been from private industry TO Gov, instead of vice versa.

Besides, *why* push this to DHS? Wouldn’t the NSA & DoD be more geared towards Foreign & DoJ for the doemestic side?

More layers & stovepiping. All it does is put more bricks in the knapsack instead of less.

Daemonocracy on March 24, 2012 at 9:38 AM

MelonCollie on March 24, 2012 at 9:42 AM

I am under the impression that those things probably are behind the scenes if for no other reason there are some credible threats out there.

Do not underestimate these groups: Not all of them are 19 yo Script Kiddies (but more than you think) living in the basement.

BlaxPac on March 24, 2012 at 11:40 AM

Perhaps Lieberman’s response (federal regulation) is the result of the industry itself not having done ANYTHING to prevent the creation of hordes of bots.

From a national security standpoint, those bots are a formidable weapon — they can be used to cripple significant portions of our information superstructure. They can be used to anonymize information warfare attacks of every type.

We are watching from the sidelines as Anonymous and their minions build things capable of taking down the DNS root servers — a core capability of the internet — and they are able to do this because there’s no central reportinghouse of compromised network nodes, and no requirement that ISPs isolate those nodes from their networks — or even from the internet at large.

And, whatever Anonymous can do, you can bet that the Chinese government can do far better.

The response to these criminals is fractured and uncertain. If you view your internet connectivity as your property, and you want that property to be protected from criminals, the only organization capable of doing a good job is the Government.

The ISPs have already proven that they are incapable of coordinated action, and some have proven that they could care less about even unilateral action. Somebody has to be the drum major and get the band moving in the right direction.

unclesmrgol on March 24, 2012 at 12:25 PM

The section in that bill that gives me concern is the Title III – Criminal Penalties section. The language sounds like it’s very much geared towards establishing harsher penalties for people who violate intellectual property laws.

MadisonConservative on March 24, 2012 at 11:08 AM

Yep – lots of special interests tied to that piece of it. The regulations for protection of critical facilities make a lot of sense.
What should happen is for the government to put more responsibility on the ISPs so that levels of risk could be identified for all ranges of users. Big companies who want more protection pay for it so that the ISPs use their networks to protect at a more stringent level. Regular users not too concerned about more than basic privacy and protection pay very little.
The reality is that unless the ISPs create a barrier that controls what goes to users in terms of vulnerabilities people and businesses are getting charged out the nose for stovepipe solutions, many of which are not effective.

Bradky on March 24, 2012 at 12:30 PM

The idea that critical infrastructure is somehow connected to the broader Internet network is a complete MYTH. Nobody is going to take down the electric grid or a nuclear power plant by hacking into a computer system. Its simply a non-existent fantasy.

Needless to say, there is no need for federal legislation to address a non-existent problem.

Trust me, that kind of infrastructure is built on 1950s and 1960s technology that came before even the existence of computers themselves, let alone the internet.

deadrody on March 24, 2012 at 1:28 PM

deadrody on March 24, 2012 at 1:28 PM

What you don’t take into account is the fact that many of these older technologies have added modern IT to some components of the systems. That is why there is a real risk to the infrastructure.

Bradky on March 24, 2012 at 3:52 PM

How about they don’t hook up critical infrastructure to the web?

profitsbeard on March 25, 2012 at 1:15 PM