Jump to content

Internet access in times of crisis


Recommended Posts

If you believe there is no role for government... than are you a proponent of eliminating your Dept of Homeland Security? Competing members within private industry are in no such position to self-monitor/regulate/control distributed data networks... in a time of national emergency under threat of compromised networks.

And you believe that government is? Homeland Security satisfies a political imperative for prevention and detection of physical threats, not martial law for data networks, redundant architecture, disaster recovery, etc.

By extension, some criticism of the proposed bill is suggesting the bills vagueness in language/authority will result in incentives for private sector improvements to existing cyber-security measures... hardly necessary if, as you suggest, "the posture has existed for several years".

Real experiences in the wake of 9/11 attacks not only created such incentives, but also created a thriving market for "security" services/products and IT protocols. We didn't wait for government legislation to act on such things.

Potentially - if it's not done properly... so it gets done properly. Or are you suggesting the myriad of network solutions from competing members within private industry will arrive at a multitude of, in themselves, competing security measures/standards to monitor/protect in the event of a declared cyber security threat to national security? And what "governing" private industry body will declare the threat? And what "governing" private industry body will action responses to the threat? And what "governing" private industry body will coordinate with your U.S. government entities? And.....

...and what government entity would competently do the same, beyond telling us red, orange, or yellow?

seriously? Obviously, this does not get done in a vacuum... it is expected that the practicalities of implementation will, of course, involve private industry participation... if not "degrees" of private industry leadership in helping to shape the necessary deployments under oversight from "government".

Remember, these are the same guys who developed "duct tape" and "polyethylene sheeting" strategies in 2001, which was actually a step backwards from more competent civil defense measures in the 50's and 60's.

Economics trumps Virtue. 

 

Link to comment
Share on other sites

Real experiences in the wake of 9/11 attacks not only created such incentives, but also created a thriving market for "security" services/products and IT protocols. We didn't wait for government legislation to act on such things.

This is a good point. Government is always lagging behind the private sector in these fields. Not to mention how crappy the process is to update, upgrade any government system. Bogged down in beaurocracy and red tape. Taxpayer money would be spent well on updating the infrastructure of government computer networks. If anything the military should have some of the best and most secure communications networks.

...and what government entity would competently do the same, beyond telling us red, orange, or yellow?

Remember, these are the same guys who developed "duct tape" and "polyethylene sheeting" strategies in 2001, which was actually a step backwards from more competent civil defense measures in the 50's and 60's.

Also good points.

Google : Webster Griffin Tarpley, Gerald Celente, Max Keiser

ohm on soundcloud.com

Link to comment
Share on other sites

And you believe that government is? Homeland Security satisfies a political imperative for prevention and detection of physical threats, not martial law for data networks, redundant architecture, disaster recovery, etc.

interesting that you would further qualify the GOP’s political lifeblood… fighting the “war on terror” to, seemingly, exclude concerns over cyber-terrorism. That somehow, it’s acceptable to have an overseeing body protecting critical infrastructures in the sectors of agriculture, food, water, energy, telecommunications, banking/finance, postal, shipping, etc., ….. yet… the distributed data networking that runs throughout all manner of these sectors, acting as a veritable ‘control infrastructure’ of the economy, should be left to remain isolated under monitoring and control of competing private industry companies. Huh!

Real experiences in the wake of 9/11 attacks not only created such incentives, but also created a thriving market for "security" services/products and IT protocols. We didn't wait for government legislation to act on such things.

absolutely – so-called “security professionals” abound… it’s a growth industry on it’s own, that by it’s nature has resulted in innovation from “security/networking” companies brought upon by the need to “build a better mousetrap”… simply competition in the market place. Except that companies fervently guard their proprietary “intellectual property”, to the detriment of managing “cyber-terrorism” across disparate systems, within disparate networks, subject to disparate industry sectors.

...and what government entity would competently do the same, beyond telling us red, orange, or yellow?

ya right… let’s leave it to, uhhh…. oh… say the “open-source” community!!! :lol:

Remember, these are the same guys who developed "duct tape" and "polyethylene sheeting" strategies in 2001, which was actually a step backwards from more competent civil defense measures in the 50's and 60's.

no – the foundations will/must include appropriate private sector participation simply to define the practicalities of the proposed bill.

whaa! BushCheney_2004 … your civil libertarian posturing over cyber-security seems at odds with your hero’s Patriot Act legislation. :lol:

Link to comment
Share on other sites

no – the foundations will/must include appropriate private sector participation simply to define the practicalities of the proposed bill.

whaa! BushCheney_2004 … your civil libertarian posturing over cyber-security seems at odds with your hero’s Patriot Act legislation. :lol:

The goverment has yet to bring it's own critical systems up to minimum standards. As an example, consider that the FAA infrastructure directly impacted by 9/11 attacks has not been upgraded to date despite decades of "government plans" to do so. We laughed as it stumbled badly on the recent "Cash for Clunkers" deployment. PATRIOT Act(s) went forward without such provisions specifically because government was/is not up to the task.

Contrast this with any competent business which has not only identified critical systems many years ago, but has also implemented redundant architectures, contingencies, backup power, off-site disaster recovery, etc. In the end, government would end up letting contracts to private enterprise to define critical infrastructure and solutions, only to fumble the implementation. With government we also get "Gun Registry" type fiascos.....I knew I could squeeze that in somewhere. :P

Economics trumps Virtue. 

 

Link to comment
Share on other sites

Contrast this with any competent business which has not only identified critical systems many years ago, but has also implemented redundant architectures, contingencies, backup power, off-site disaster recovery, etc. In the end, government would end up letting contracts to private enterprise to define critical infrastructure and solutions, only to fumble the implementation. With government we also get "Gun Registry" type fiascos.....I knew I could squeeze that in somewhere. :P

yup - that government/private enterprise partnership will need to step it up to realize a practical solution... accepted standards and a successful deployment will be the order of the day.

you do know the Gun Registry is a successful working system - right? :lol:

Link to comment
Share on other sites

you do know the Gun Registry is a successful working system - right? :lol:

Sure...and so is the Hubble Space Telescope.....Perkins-Elmer and government partnership missteps notwithstanding. Here is a typical state level network security "standard" in the USA.....(with errors)

http://74.125.95.132/search?q=cache:QHboVc...=clnk&gl=us

...this approach is individually replicated by thousands of institutions, corporations, etc. Government imperatives would only add oversight initiatives largely targeted at political issues and perceptions, not unlike the Gun Registry, regardless of technical merit(s). ISMS standards such as ISO 27001/2 approaches such issues with typical frameworks often compromised by private and government objectives that are at conflict with each other.

Edited by bush_cheney2004

Economics trumps Virtue. 

 

Link to comment
Share on other sites

Here is a typical state level network security "standard" in the USA.....(with errors)

http://74.125.95.132/search?q=cache:QHboVc...=clnk&gl=us

...this approach is individually replicated by thousands of institutions, corporations, etc. Government imperatives would only add oversight initiatives largely targeted at political issues and perceptions, not unlike the Gun Registry, regardless of technical merit(s). ISMS standards such as ISO 27001/2 approaches such issues with typical frameworks often compromised by private and government objectives that are at conflict with each other.

right… in regards national security interests subject to a declared “cybersecurity emergency", you’re expressing your concerns with government management/oversight in establishing standards for that “cybersecurity emergency” … by showing ‘typical’ government level network security “standards” and advising they’re, as you state, “an approach individually replicated by thousands of institutions, corporations, etc.”

the proposed Rockefeller/Snowe bill includes specific reference to establishing enforceable cybersecurity standards… requiring the National Institute of Standards and Technology (NIST), a non-regulatory federal agency within the U.S. Department of Commerce, to establish measurable and auditable cybersecurity standards that would be applicable both to government and the private sector.

today, the Computer Security Division of NIST is extensively involved in U.S. national security matters as it’s mandated to provide standards and guidance to agencies under the Patriot Act, the Federal Information Security Management Act, the Enhanced Border Security Act and the Computer Security Research and Development Act.

… do you have a problem… with accepting that NIST has the capability to “establish measurable and auditable cybersecurity standards?”

Link to comment
Share on other sites

....the proposed Rockefeller/Snowe bill includes specific reference to establishing enforceable cybersecurity standards… requiring the National Institute of Standards and Technology (NIST), a non-regulatory federal agency within the U.S. Department of Commerce, to establish measurable and auditable cybersecurity standards that would be applicable both to government and the private sector.

NIST is only one of many such organizations who have contributed to such frameworks, in typical, predictable ways. Other aspects of US infrastructure already have such standards and protocols adopted in similar, political fashion. I personally welcome the business opportunity, regardless of (questionable) efficacy.

… do you have a problem… with accepting that NIST has the capability to “establish measurable and auditable cybersecurity standards?”

No, but I do have a problem with this oh so predictable approach by government. As we see in other such efforts, passing audits and keeping certifications becomes the ultimate end, instead of tangible improvements to threat assessment, detection, prevention, and response. But the bad guys will have an even better, widely adopted road map.

Edited by bush_cheney2004

Economics trumps Virtue. 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Tell a friend

    Love Repolitics.com - Political Discussion Forums? Tell a friend!
  • Member Statistics

    • Total Members
      10,801
    • Most Online
      1,403

    Newest Member
    AlexaRS
    Joined
  • Recent Achievements

    • Old Guy went up a rank
      Enthusiast
    • Mathieub earned a badge
      Reacting Well
    • Chrissy1979 earned a badge
      Posting Machine
    • Mathieub went up a rank
      Apprentice
    • Mathieub earned a badge
      Collaborator
  • Recently Browsing

    • No registered users viewing this page.
×
×
  • Create New...