Internet access in times of crisis

[GostHacked]

http://news.cnet.com/8301-13578_3-10320096-38.html

This kind of thing has more reach that just the US. It can affect a good portion of the internet and how informtation flows. The Internet is more or less a mesh of all networks, but disrupt a few key networks and the rest can adversely be affected. I am not sure how it can effectively be accomplished.

Essentially, the US government can take over private sector networks in times of crisis. When that happens, they have access to all the information the company has as well. Annexed by the US gov in a nutshell.

This paragraph (and the last scentence in particular) really stand out for me.

The Rockefeller proposal plays out against a broader concern in Washington, D.C., about the government's role in cybersecurity. In May, President Obama acknowledged that the government is "not as prepared" as it should be to respond to disruptions and announced that a new cybersecurity coordinator position would be created inside the White House staff. Three months later, that post remains empty, one top cybersecurity aide has quit, and some wags have begun to wonder why a government that receives failing marks on cybersecurity should be trusted to instruct the private sector what to do.

http://news.cnet.com/DHS-scores-F-on-cyber..._3-6050520.html

The more things get connected and interconnected the more problems we can see with these networks. It makes it easier for hacking and remote hijacking of any network. And can you count on an agency to protect you and resolve issues, that has consistantly failed in their role to do just that?

The Pentagon gets a few smacks now and then from the Chinese and I would assume the Russians (the list can go on to, iran, North Korea (if they have computers !!)). If the Pentagon is not secure from these attacks how can you effectively use the Pentagon to secure and control private corp networks, or ISP networks?

Not to mention the TCP/IP protocol was developled by the US Military. If anyone knows anything about how to control it, the US military should.

Thoughts?

[bush_cheney2004]

....Not to mention the TCP/IP protocol was developled by the US Military. If anyone knows anything about how to control it, the US military should.

Thoughts?

Yes...two:

1) If President Bush and the Republicans had tried this, there would be blood in the cyber streets.

2) The US Pentagon (vis various contractors and embedded exploits) is probably the world's most feared "cyber" threat. When China thought they were making excellent pirate copies of Cisco gear, they hadn't a clue.

[Guest American Woman]

A Senate source familiar with the bill compared the president's power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection. link

Doesn't sound like anything to get all worked up about.

[moderateamericain]

A Senate source familiar with the bill compared the president's power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection. link

Doesn't sound like anything to get all worked up about.

Freedom of Information dear. Grounding airplanes does not violate the 1st amendment of the Constitution.

[Guest American Woman]

Freedom of Information dear. Grounding airplanes does not violate the 1st amendment of the Constitution.

The president of the United States has always had the constitutional authority, and duty, to protect the American people and direct the national response to any emergency that threatens the security and safety of the United States. The Rockefeller-Snowe Cybersecurity bill makes it clear that the president's authority includes securing our national cyber infrastructure from attack. The section of the bill that addresses this issue, applies specifically to the national response to a severe attack or natural disaster. This particular legislative language is based on longstanding statutory authorities for wartime use of communications networks.

Sounds as if there's always been this type of authority regarding communication networks in place; this bill just makes the internet included.

I used the example of grounding airplanes because it was done for security reasons, and therefore it was a necessity under the circumstances; the same type of circumstances that this bill would apply to. So again, I find nothing to get worked up about should this legislation pass.

[moderateamericain]

The president of the United States has always had the constitutional authority, and duty, to protect the American people and direct the national response to any emergency that threatens the security and safety of the United States. The Rockefeller-Snowe Cybersecurity bill makes it clear that the president's authority includes securing our national cyber infrastructure from attack. The section of the bill that addresses this issue, applies specifically to the national response to a severe attack or natural disaster. This particular legislative language is based on longstanding statutory authorities for wartime use of communications networks.

Sounds as if there's always been this type of authority regarding communication networks in place; this bill just makes the internet included.

I used the example of grounding airplanes because it was done for security reasons, and therefore it was a necessity under the circumstances; the same type of circumstances that this bill would apply to. So again, I find nothing to get worked up about should this legislation pass.

I dont think its a case of getting worked up its a case of its borderline infringment of the right to free speech and therefore simply on principle should be shot down. Many things start with good intent and disolve into uglier things. Why give it an opportunity to become Wiretaps without warrants? Far from being worked up.

[BubberMiley]

Freedom of Information dear. Grounding airplanes does not violate the 1st amendment of the Constitution.

Actually, the first amendment grants freedom of association, which has been interpreted to include the right to travel. But making temporary interventions in the operation of recent technologies that happen to enable these rights wouldn't, I believe, stand up as a constitutional violation in court---whether it be airplanes or interwebs. Especially when it's done to maintain security and the proper functioning of these technologies.

[smac972]

Actually, the first amendment grants freedom of association, which has been interpreted to include the right to travel. But making temporary interventions in the operation of recent technologies that happen to enable these rights wouldn't, I believe, stand up as a constitutional violation in court---whether it be airplanes or interwebs. Especially when it's done to maintain security and the proper functioning of these technologies.

You know, I entirely agree that this not only necessary, but a "must-have" defense for the USA and indirectly Canada, as we are connected in so many grids. What surprises me is the alarmist reaction to this by some Americans, calling it an attempt for the Democrats (Obama) to control the internet, censor speech and so on. However, I take it as no surprise. At the risk of a tangent, I have a feeling this hyperbole, like death panels, like "birthers" are simply symptoms of not accepting that they lost the election.

Edited August 29, 2009 by smac972

[bush_cheney2004]

.... At the risk of a tangent, I have a feeling this hyperbole, like death panels, like "birthers" are simply symptoms of not accepting that they lost the election.

At the risk of extending the tangent, then I'm sure you support American attempts at digital copyright protections in Canada. Or are these just symptoms of Canadians wanting free entertainment media and intellectual property?

[Topaz]

Yes...two:

1) If President Bush and the Republicans had tried this, there would be blood in the cyber streets.

2) The US Pentagon (vis various contractors and embedded exploits) is probably the world's most feared "cyber" threat. When China thought they were making excellent pirate copies of Cisco gear, they hadn't a clue.

Bush did try it right after 9/11. He had everyone e-mail monitor, chatrooms etc until some told him it wasn't a good idea and he closed it down.

[GostHacked]

At the risk of extending the tangent, then I'm sure you support American attempts at digital copyright protections in Canada. Or are these just symptoms of Canadians wanting free entertainment media and intellectual property?

Meh,we can ignore copyright infringement, illegal content downloads and the such for this. This is really just about taking over private networks in times if crisis and the control of widely available information. If the possibility is there of the US gov taking over ISP networks, then that is all you really need to do, in order to control the flow of information. It's by no far an easy task, but it is easier than one thinks. It's going into turtle mode.

You can restrict even what countries have access to your networks by modifying key items in networks to block those IP addresses from abroad. Mind you with everything being so interconnected, I am failing to see how effective that really would be. Proxy through a few networks and get in that way. There always a back door somewhere.

I agree the Pentagon is secure, there are very few actual instances where someone got into their networks. But like anything if you want to control the most sensitive data, that system/network should be offline and isolated.

[bush_cheney2004]

Bush did try it right after 9/11. He had everyone e-mail monitor, chatrooms etc until some told him it wasn't a good idea and he closed it down.

Nonsense....domestic and international intelligence gathering like this predates Bush by many years. Google "Echelon".

[Riverwind]

This is really just about taking over private networks in times if crisis and the control of widely available information.

I see no evidence that taking control of networks gives the government access to information that I wish to keep private because giving someone access to my router does not mean they have access to my databases nor could they argue that they need access to my databases in order deal with a cyber attack. In the worst case scenario I disconnect my critical computers from the Internet which would automatically exclude them from the scope of the proposed law.

[waldo]

If President Bush and the Republicans had tried this, there would be blood in the cyber streets.

well of course... because Bush's Patriot Act... and Bush's National Strategy to Secure Cyberspace don't, uhhh... count - apparently. All rightee!

Bush unveils final cybersecurity plan

[waldo]

If President Bush and the Republicans had tried this, there would be blood in the cyber streets.

well of course... because Bush's Patriot Act... and Bush's National Strategy to Secure Cyberspace don't, uhhh... count - apparently. All rightee!

Bush unveils final cybersecurity plan

crickets bump

[bush_cheney2004]

crickets bump

....Congress passed the PATRIOT Act...twice....chirp...chirp.

[smac972]

crickets bump

Well, Bush and his "team" were suspect for reasons that followed their administration. Wiretapping and the Patriot Act are a far cry from a national plan for defending the country that's as benign as the "Emergency Broadcasting System."

However, Glenn Beck, who's rivalling H.G. Wells for his doomsday scenarios has a knack for hyperbole that seems to undermine America's national interests.

[smac972]

crickets bump

Well, Bush and his "team" were suspect for throughout their entire administration. Wiretapping and the Patriot Act are a far cry from a national plan for defending the country that's as benign as the "Emergency Broadcasting System."

However, Glenn Beck, who's rivalling H.G. Wells for his doomsday scenarios has a knack for hyperbole that seems to undermine America's national interests.

[eyeball]

I dont think its a case of getting worked up its a case of its borderline infringment of the right to free speech and therefore simply on principle should be shot down. Many things start with good intent and disolve into uglier things. Why give it an opportunity to become Wiretaps without warrants? Far from being worked up.

That said, its a little late for ordinary Canadians to complain about governmental control of the Internet given that our very own government helped China's government build its Great Firewall.

[GostHacked]

That said, its a little late for ordinary Canadians to complain about governmental control of the Internet given that our very own government helped China's government build its Great Firewall.

Actually that is a good example about the Great China Firewall. You want to see how control of a country's Internet is done, you look at China. Not much gets in, and not much gets out. Tight control all over the boards. It can be done.

[waldo]

If President Bush and the Republicans had tried this, there would be blood in the cyber streets.

well of course... because Bush's Patriot Act... and Bush's National Strategy to Secure Cyberspace don't, uhhh... count - apparently. All rightee!

Bush unveils final cybersecurity plan

crickets bump

....Congress passed the PATRIOT Act...twice....chirp...chirp.

and exactly what's in the Obama admin proposal that distinguishes itself... over and above the specifics and implications of anything found within Bush's Patriot Act and Bush's National Strategy to Secure Cyberspace? What's just so significant that you'd measure it to, as you say, a "blood in the cyber streets" response?

[bush_cheney2004]

and exactly what's in the Obama admin proposal that distinguishes itself... over and above the specifics and implications of anything found within Bush's Patriot Act and Bush's National Strategy to Secure Cyberspace? What's just so significant that you'd measure it to, as you say, a "blood in the cyber streets" response?

Sen John Rockefeller's bill would add government control of privately owned networks, service providers, and the very definition of critical infrastructure with mandated security standards. Distributed networks are both a strength and weakness of "cyberspace". I suppose ham radio operators are next.

[waldo]

Sen John Rockefeller's bill would add government control of privately owned networks, service providers, and the very definition of critical infrastructure with mandated security standards. Distributed networks are both a strength and weakness of "cyberspace". I suppose ham radio operators are next.

... in the interest of national security and subject to a "declared cybersecurity emergency", are those owners of private networks in a position to monitor and protect the critical infrastructure... following some premise of accepted security standard... and are they willing to do so?

in a national security would/should the government move to protect telecommunications infrastructure and transportation infrastructure... "distributed networks in their own right"? And if so, and if distributed data networks were under attack, would one not desire an encompassing monitoring and protection means to secure those data networks so they were not compromised (further)?

do the data privacy concerns of civil libertarian types outweigh the economic and civil disasters that could arise from compromised distributed data networks? Most of the criticism of the bill I read centers on the bill lacking a complete definition of a critical information network or a cybersecurity emergency... that the bill purposely intends those definitions to be left to your president. I would expect more refinements would come forward as the bill works it's way through Congress and the practicalities of deployment/implementation are recognized.

[bush_cheney2004]

... in the interest of national security and subject to a "declared cybersecurity emergency", are those owners of private networks in a position to monitor and protect the critical infrastructure... following some premise of accepted security standard... and are they willing to do so?

Yes, and have been in such a posture for several years, depending on the industry. Government has actually lagged behind such standards, practices, and disaster recovery drills.

in a national security would/should the government move to protect telecommunications infrastructure and transportation infrastructure... "distributed networks in their own right"? And if so, and if distributed data networks were under attack, would one not desire an encompassing monitoring and protection means to secure those data networks so they were not compromised (further)?

Not necessarily, as any uniform security standard would in and of itself be a weakness to be exploited universally.

do the data privacy concerns of civil libertarian types outweigh the economic and civil disasters that could arise from compromised distributed data networks? Most of the criticism of the bill I read centers on the bill lacking a complete definition of a critical information network or a cybersecurity emergency... that the bill purposely intends those definitions to be left to your president. I would expect more refinements would come forward as the bill works it's way through Congress and the practicalities of deployment/implementation are recognized.

My "president" and his offices are specifically unqualified to define critical infrastructure. The US government has proven to be particularly inept at such things, lagging both technological advancement and threat assessments in any such legislation.

[waldo]

Yes, and have been in such a posture for several years, depending on the industry. Government has actually lagged behind such standards, practices, and disaster recovery drills.

If you believe there is no role for government... than are you a proponent of eliminating your Dept of Homeland Security? Competing members within private industry are in no such position to self-monitor/regulate/control distributed data networks... in a time of national emergency under threat of compromised networks. By extension, some criticism of the proposed bill is suggesting the bills vagueness in language/authority will result in incentives for private sector improvements to existing cyber-security measures... hardly necessary if, as you suggest, "the posture has existed for several years".

Not necessarily, as any uniform security standard would in and of itself be a weakness to be exploited universally.

Potentially - if it's not done properly... so it gets done properly. Or are you suggesting the myriad of network solutions from competing members within private industry will arrive at a multitude of, in themselves, competing security measures/standards to monitor/protect in the event of a declared cyber security threat to national security? And what "governing" private industry body will declare the threat? And what "governing" private industry body will action responses to the threat? And what "governing" private industry body will coordinate with your U.S. government entities? And.....

My "president" and his offices are specifically unqualified to define critical infrastructure. The US government has proven to be particularly inept at such things, lagging both technological advancement and threat assessments in any such legislation.

seriously? Obviously, this does not get done in a vacuum... it is expected that the practicalities of implementation will, of course, involve private industry participation... if not "degrees" of private industry leadership in helping to shape the necessary deployments under oversight from "government".