S. 773: Cyber Security Act of 2009
A bill to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption, and for other purposes.
The summary is quite honest to the actual intent of the bill. It is designed to protect commerce, and global trade. An act to ensure the continued exploitation of the Internet. Just looking at the initial sponsor, and the groups represented in the findings it seems quite obvious this act has been dreamed up by businesses and government agencies as a way of soliciting additional funding in the form of contracts. Essentially using tax payer money to expand their operations while projecting the illusion of securing ‘cyberspace’. Cyberwar profiteers getting their feet in the door for more government funding. We already have the majority of intelligence work done by agencies such as the NSA being outsourced to businesses like Booz Allen Hamilton. Now we see the same people giving dire warnings of an eminent terrorist threat. The reaction to these warnings it the Cyber Security Act, and the solution is to channel more resources to the people giving the warning.
Rockefeller – Cybersecurity
Sen. John Rockefeller [D-WV] – Great-grandfather was once the worlds richest man is considered the richest person in history. Infamous for his Standard Oil monopoly.
Cosponsors [as of 2009-04-18]
Sen. Olympia Snowe [R-ME] – Daughter of a Spartan, popular Senator from Maine. Known for her ability to influence the outcome of close votes. Consider a RINO by some. She is also known as a Rockefeller Republican.
Sen. Evan Bayh [D-IN] Claims his wife’s corporate roles hold no sway over his votes. Recently formed the ‘Blue Dog’ caucus, where it is suspected he is supporting corporate agendas.
Once the church was the dominant power in society, and churches dominated the skyline. Following the church was industry, and steeples were replaced with smoke stacks. From this industry grew enormous wealth. Soon the towering bank buildings facilitated the fluidity of these corporate industrial assets, and again their structures loomed over the city. What I noticed was a transfer of power from the banking and finance sector into telecommunications. Information is the currency of today. Where you have something of value, there will always be threats against it.
Cyberspace is the marketplace of information, and just like in the physical world there is also a black market.
(1) America’s failure to protect cyberspace is one of the most urgent national security problems facing the country .
Now lets just stop the dump truck right here and let it idle for a second, because the load of bullshit it’s carrying is starting to smolder. What is “cyberspace?”
Cyberspace (from Greek Κυβερνήτης [kybernētēs] meaning “steersman”, “governor”, “pilot”, or “rudder”) is the global domain of electro-magnetics as accessed and exploited through electronic technology and the modulation of electromagnetic energy to achieve a wide range of communication and control system capabilities. The term is rooted in the science of cybernetics and Norbert Wiener’s pioneering work in electronic communication and control science, a forerunner to current information theory and computer science. Through its electromagnetic nature, cyberspace integrates a number of capabilities (sensors, signals, connections, transmissions, processors, controllers) and generates a virtual interactive experience accessed for the purpose of communication and control regardless of a geographic location. In pragmatic terms, cyberspace allows the interdependent network of information technology infrastructures (ITI), telecommunications networks—such as the internet, computer systems, integrated sensors, system control networks and embedded processors and controllers common to global control and communications.
While cyberspace should not be confused with the internet, the term is often used to refer to objects and identities that exist largely within the communication network itself, so that a website, for example, might be metaphorically said to “exist in cyberspace.” According to this interpretation, events taking place on the internet are not happening in the locations where participants or servers are physically located, but “in cyberspace”.
SEC. 23. DEFINITIONS.
(2) CYBER- The term `cyber’ means–
(A) any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and
(B) any matter relating to, or involving the use of, computers or computer networks.
How can anyone protect something that is a intangible as cyberspace? Can we occupy and defend every point in four dimensional space simultaneously? From this viewpoint it would seem that the very first finding is flawed. This could have simply been a language issue, perhaps it was just an opportunity to use a buzzword. So lets consider for a moment that by cyberspace, they were referring to the modern internet.
The Modern Internet
Today, the ‘modern’ Internet is made up of several very large commercial and government-run telecommunications carriers whose networks span the globe, or serve an entire country. No single telecommunications carrier owns the Internet. There is no single point of control and there is no single place in which all Internet traffic flows. Indeed, the entire point of the design of the Internet and TCP/IP was to distribute the nodes and decentralize network control so that no single attack or natural disaster could disable the communications network.
This has continued as service providers need to pass ever more data while minimizing expenditures on equipment and cable plant.
If this is true then the possibility of a total collapse of the Internet is highly unlikely. The very foundation on which the modern system was constructed was robust and decentralized. I will acknowledge that certain weaknesses are present in the modern internet. For example, it was never designed to handle the current load of traffic. While it is likely an attack could collapse a portion of the network, a total failure is not yet on the horizon. Some may envision a model similar to a power grid cascade failure. However I do not believe this comparison to be accurate. With each subsequent failure of networks, while some of the traffic may be re-routed, much of it would disappear. Of course when these things do happen on a smaller scale, the problem is often quickly solved. It is not the result of terrorism, and does not require the assistance of homeland security. A ‘rolling brown out’ scenario likely exists. No one is going to crash the internet, but the global weakness could be exploited to some extent, with traffic overloading some systems. Some areas of the internet would not be accessible at times, and others would be very slow to respond. In addition to legitimate traffic, there would be an end to malicious traffic from compromised equipment. Upon reflection on all of this, would it not be foolish for the attacker to disable the very avenue of their attack? Again this puts into question the very possibility of a widespread malicious attack on the global network
A second report indicates that the three cables that are out include the SEA-ME-WE 4 cable (also known as SMW4), which went out at 7:28 a.m. local time Friday morning; SEA-ME-WE 3, which went down at 7:33 a.m.; and the FLAG EA cable, which went out at 8:06 a.m. The cables were cut in the region where they run under the sea between Egypt and Italy. They carry an estimated 90 percent of all data traffic between Europe and the Middle East.
“Part of the lesson here is that there will always be outages,”
Underwood said. “This is all about money — how much money do we want to pay to make sure the network doesn’t go down? We are used to thinking of the internet as being a thing that goes down.”
The cost of having fully redundant back-ups connections that aren’t physically near each other in chokepoints like Egypt’s Suez canal is just too high for commercial operations, according to Underwood.
“We have chosen to deal with these outages to get a much much better cost,” Underwood says.
That’s not to say the outages don’t have consequences.
In December 2006, 4 major fiber optic lines were severely damaged following a major earthquake in Taiwan. Subsequent underwater mudslides damaged 9 cables laid in the Luzon Strait south of Taiwan. The cuts basically erased all eastward data routes from Southeast Asia. It took
49 days for crews on 11 giant cable-laying ships to fix all of the 21
damage points, according to the International Cable Protection Committee.
In response, telecoms shifted business away from North America-based backbone providers like AT&T, Level 3 and Savvis and towards
European carriers, according to Underwood.
But this go round, the North American carriers might gain from this outage, Underwood suggests.
The project of designing the new C&C system was granted to RAND Corporation. Paul Baran of Rand corporation first conceived the idea for a distributed, packet switching network, built on the premise that communication on the network would be unreliable. (See Paul Baran’s “On Distributed Communications” series at RAND’s website) The network was designed to be able to operate after a nuclear attack had wiped out large portions of the network. After tons of statistical analysis, Paul figured out that by breaking messages up into pieces and sending them via various redundant paths to the destination, messages would be difficult to destroy, and hard to intercept. A system with no centralized control point would be difficult to target, let alone destroy.
Even if some of the data were to be destroyed, as well as some of the communications points, the message would still get through, and the network would continue to function even when crippled.
2) Since intellectual property is now often stored in digital form, industrial espionage that exploits weak cybersecurity dilutes our investment in innovation while subsidizing the research and development efforts of foreign competitors. In the new global competition, where economic strength and technological leadership are vital components of national power, failing to secure cyberspace puts us at a disadvantage.
What is the risk and what must be defended? Investment, subsidies, competitors, economic strength, in only the second finding we can see the roots for the concerns on security. ‘Follow the Money’, as the adage goes. This case is no exception. Information is an asset, knowledge is power. In todays world the ability to control information is paramount. I am of the opinion that information security has been the front line of combat since the Poles reverse engineered the Enigma machine cipher by hand using only intercepted transmissions. Though I know cryptography has been used for a very long time. Beyond actual encrypted information there is also a sort of steganography used to obscure information contained in rituals and occult texts that dates back to the very beginning of our current civilization. Tarot cards are just one excellent example of this. On the surface the card appears to contain a simple image which is identified with text. However the image it’s self, while seeming to simply depict a graphic representation of text, actually contains much informational symbolism. This information, hidden in plain sight, can only be interpreted by someone knowledgeable of occult symbolism. The tarot reader has power over the customer who can not ‘see into the cards’. Knowledge is power, and information is a commodity.
The latest revelation is that used BlackBerries are being traded, not by the value of the phone but by the value of the data contained on the phone!
It is very important to take information security seriously. Especially in matters of national defense. If the operators of the Enigma machines had done so, the result of WWII could have been much different. Though again ‘cyberspace’ is an indefensible position. It is the information transmitted through across the network that must be protected.
(3) According to the 2009 Annual Threat Assessment, `a successful cyber attack against a major financial service provider could severely impact the national economy, while cyber attacks against physical infrastructure computer systems such as those that control power grids or oil refineries have the potential to disrupt services for hours or weeks’ and that `Nation states and criminals target our government and private sector information networks to gain competitive advantage in the commercial sector.’
The Annual Threat Assessment, contains additional concerns some of which would be addressed by the Cybersecurity Act; The focus is again placed on protecting the financial institutions, and industry. Any attack on a ‘financial service provider’ could ‘severely impact the national economy’. Though it seems the ‘financial service providers’ are doing a fine job of that on their own without any outside help. Many electronic security people are aware of the threats against the physical infrastructure. I would think that for the most part these are systems that should never have been connected to a public network to begin with. Removing this connection would quickly solve the problem. Additionally while reading over the cyber threat portion of the assessment, the above quote is a bullet point in a section which sums up the foundation for their concern with the following statement:
“This information and communications revolution also is enabling an unprecedented ability to spread ideas and influence large numbers of people.”
(4) The Director of National Intelligence (Mike McConnell) testified before the Congress on February 19, 2009, that `a growing array of state and non-state adversaries are increasingly targeting-for exploitation and potentially disruption or destruction-our information infrastructure, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries’ and these trends are likely to continue.
The days of not being able to protect against bombs in buildings is making the transition towards modern electronic crime. One new twist to this is the ability to corrupt embedded hardware at the manufacturing level. This is something that has concerned me for some time. Ask yourself this; are 100% of the electronic components used by the military made by people within their own borders? Even if every chip was manufactured in domestically, is there a means to evaluate them to guard against internal sabotage? I’m going to go out on a limb and suggest that some of the critical components that make up the worlds most advanced fighting forces are produced in factories by people who may not be totally sympathetic to the cause.
Imagine purchasing a computer at a discount. Two months later, your computer crashes, wiping out your hard drive and erasing two months’ worth of work, pictures and purchased songs. When you get it checked out, you find out that the cause of the crash was a fake chip.
Thinking back, the fact that you had gotten such a good deal would make sense, and you would likely avoid such dubious discounts again. Lesson learned.
Now imagine the same scenario on a much larger scale. Instead of the chip going in your personal computer, it was installed on a F-15 jet fighter, or a Seahawk helicopter, or even an aircraft carrier. A computer failure from a counterfeit chip in midflight or in mid-sea would cause greater damage than it would to just your average PC.
Now if this really happened, you would think the Pentagon would void such discounted merchandise and pay the price for proper parts. Lesson learned, right?
Well, the problem with this scenario is that it actually is happening, and the Pentagon has not learned its lesson.
According to Business Week, a confidential Pentagon program that tracks counterfeit parts issued an alert in November 2005 that linked fake microchips to military equipment malfunctions (October 2). The report revealed that counterfeit computer parts are a growing threat to our military, making it susceptible not only to equipment failure but also espionage.
The Chinese cyber spies have penetrated so deep into the US system — ranging from its secure defense network, banking system, electricity grid to putting spy chips into its defense planes — that it can cause serious damage to the US any time, a top US official on counter-intelligence has said.
“Chinese penetrations of unclassified DOD networks have also been widely reported. Those are more sophisticated, though hardly state of the art,” said National Counterintelligence Executive, Joel Brenner, at the Austin University Texas last week, according to a transcript made available on Wednesday.
Listing out some of the examples of Chinese cyber spy penetration, he said: “We’re also seeing counterfeit routers and chips, and some of those chips have made their way into US military fighter aircraft.. You don’t sneak counterfeit chips into another nation’s aircraft to steal data. When it’s done intentionally, it’s done to degrade systems, or to have the ability to do so at a time of one’s choosing.”
There is simple start to solving this problem. Stop outsourcing the production of critical industries.
(5) John Brennan, the Assistant to the President for Homeland Security and Counter terrorism wrote on March 2, 2009, that `our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated.’.
John O. Brennan is the Deputy National Security Advisor for Homeland Security under United States President Barack Obama. He was interim director of the National Counter terrorism Center immediately after its creation in 2004 through 2005, and since 2005 has served as CEO of The Analysis Corporation. He advised Democratic presidential candidate Barack Obama on foreign policy and intelligence issues. Since 2007, Brennan has served as Chairman of the Intelligence and National Security Alliance. It was assumed early on by some that Brennan would be appointed next Director of the Central Intelligence Agency by Obama. Brennan withdrew his name from consideration in November 2008, however, over concerns that his nomination would be a distraction, due to his previous associations with controversial harsh CIA interrogation techniques. Brennan’s responsibilities as Deputy National Security Advisor include overseeing plans to protect the country from terrorism and respond to natural disasters.
The Analysis Corporation, subsidiary of a British-owned international provider of security and risk mitigation strategies (GLOBAL), will likely receive over thirty million dollars in government contract money this year, in addition to the massive amount of funding its parent receives. Most of this from the FBI for ‘Automatic Data Processing Systems Development Services’. How much additional funding would they receive in order to be compliant with new regulations, and facilitate the compliance of their existing client base? Could they be looking at double or triple the amount of contract income? I know that landing certain government contracts can guarantee income for the life of a corporation.
Federal Contracts to THE ANALYSIS CORPORATION, FY 2006
THE ANALYSIS CORPORATION
Parent company: THE ANALYSIS CORPORATION
Total dollars: $30,673,977Top 5 Products or Services Sold
ADP Systems Development Services $29,536,181
Other ADP and Telecommunications Services (includes data storage on tapes, compact disks, etc.) $735,752
ADP Facility Operation and Maintenance Services $402,043
Top 5 Agencies Purchasing from Contractor
Federal Bureau of Investigation $29,536,181
STATE, Department of $735,752
Office of Policy, Management and Budget/Chief Financial Officer $402,043
So of course `our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated.’ So does Mr. Brennan’s job security.
(6) Paul Kurtz, a Partner and chief operating officer of Good Harbor Consulting as well as a senior advisor to the Obama Transition Team for cybersecurity, recently stated that the United States is unprepared to respond to a `cyber-Katrina’ and that `a massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between government and the private sector.’.
I’ve been hearing terms like ‘cyber-Katrina’, and ‘cyber-9/11‘ with increasing frequency. Judging the governments failures during those events, I would be vary skeptical about their ability to defend ‘cyberspace’. With both incidents there is an evident failure to act on prior knowledge which resulted in massive human casualties. Is this the sort of coordination of cybersecurity efforts we should come to depend on in the future?
“The bottom line is, is there a FEMA for the Internet? I don’t think there is,” Kurtz told an audience of security professionals at a Feb. 18 Black Hat security conference in Virginia.
Kurtz’ solution: A trio of key agencies – the Defense Department, the Department of Homeland Security, and the Federal Communications Commission – but overseen by a new national cybersecurity center.
What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety.
…there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over
(7) The Cyber Strategic Inquiry 2008, sponsored by Business Executives for National Security and executed by Booz Allen Hamilton, recommended to `establish a single voice for cybersecurity within government’ concluding that the `unique nature of cybersecurity requires a new leadership paradigm.’.
Business Executives for National Security hope to`establish a single voice for cybersecurity within government’. Again follow the money. Keep an eye on the Carlyle Group, which owns intelligence agency contractor Booz Allen Hamilton. Along with all of the other interests who would love to be the single voice of cybersecurity within government. Theres a word for this, its called monopoly, and we’ve all played the game. Booz Allen will likely get around 3 billion dollars this year in government contracts, primarily from the Air Force, but also the Army, Navy, and the Department of Homeland Security. Seems like everyone is putting their hands out for the next round of contracts that will come with the new bill.
Spies for Hire, US pays Carlyle Group to spy-1/3
Those impish Chinese government cyber-saboteurs we last saw posing as 20-foot high trees to trigger the 2003 northeast power outage have returned in an all new adventure, this time in the pages of the Wall Street Journal.
In this episode, the clever hackers have teamed with the Russians to penetrate the U.S. electrical grid from coast-to-coast, planting diabolical malware designed to let them plunge portions of America into darkness with a few keystrokes, the paper reports.
The real authors of this tale are unnamed “U.S. intelligence officials,” perhaps the same ones who claimed last year that the Chinese government may have caused the 2003 blackout that cut off electricity to 50 million people in eight states and a Canadian province.
Sadly, this new installment doesn’t contain the kind of juicy details that made the previous one so easy to debunk. In fact, it contains almost no details at all. The attacks are “pervasive,” and yet not a single utility company is named as a victim. Even better, the blackout-triggering malware hasn’t been spotted by the companies — which explains perfectly why this is the first we’ve heard of it. Only America’s intelligence community has seen the code. They could show us, but then they’d have to kill us.
The unspoken lesson here is obvious: Chinese Super hackers Are Our Superiors. No, wait. That’s not it. I know … Only the intelligence agencies are equipped to protect us from foreign cyber attacks.
It’s an unusually opportune time for this revelation, since the NSA is at this very moment jockeying to take over cyber security from DHS, which lacks the wholesale warrantless-wiretapping capabilities needed to detect Chinese hackers. What a lucky coincidence of timing that this exciting, if uncheckable, story should emerge now.
(8) Alan Paller, the Director of Research at the SANS Institute, testified before the Congress that `the fight against cybercrime resembles an arms race where each time the defenders build a new wall, the attackers create new tools to scale the wall. What is particularly important in this analogy is that, unlike conventional warfare where deployment takes time and money and is quite visible, in the cyber world, when the attackers find a new weapon, they can attack millions of computers, and successfully infect hundreds of thousands, in a few hours or days, and remain completely hidden.’.
Alan Paller is a smart guy, he went to MIT and Cornell. SANS is owned by the ESCAL Institute of Advanced Technologies Inc, which makes over thirty million dollars a year. They are paid to train the FBI, Air Force, Navy, Defense Logistics, and NASA. The FBI spent over four-hundred thousand dollars sending people to SANS 502 in 2007. 502 is the Perimeter Protection class, so rest assured the FBI is well trained. So far as I can tell ESCAL does not even have a web presence, and does business as the SANS institute. SANS also receives millions of dollars in government contracts.
I see this cyber arms-race situation as similar to middle age siege warfare. The attackers on the outside have access to nearly unlimited resources and manpower when compared to the defenders who are trapped within, and forced to defend the castle. The defenders are limited to what resources they already have on hand at the time of the attack. The attackers are not constrained by the bureaucratic factors that govern the castle. They have much more freedom in their actions and given enough time will always be successful regardless of the strength of the fortifications.
(9) According to the February 2003 National Strategy to Secure Cyberspace, `our nation’s critical infrastructures are composed of public and private institutions in the sectors of agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking finance, chemicals and hazardous materials, and postal and shipping. Cyberspace is their nervous system–the control system of our country’ and that `the cornerstone of America’s cyberspace security strategy is and will remain a public-private partnership.’.
Again with the ‘cyberspace’. They keep using that word. I do not think it means what they think it means.
If every sector is dependent on inter-networks, maybe part of the problem was the speed at which they adopted the new technology and abandoned what they had been using. If cyberspace is the control system of our country, then we are all indeed in serious trouble. Obviously the cornerstone is a public-private partnership, and the security strategy must reflect that as government, public, and private systems all share the same ‘cyberspace’. After looking over the National Strategy to Secure Cyberspace, I’m having doubts that the people who are pushing this bill even have a clue about information security. Most likely they are acting on behalf of special interest groups under pressure from corporations such as TAC and BAH. Honestly the information security world is so full of buzzwords, technical data, and bullshit. If you are not one of the ‘initiated’ then it might as well be gibberish. The results of this report tie into the suggestions for the new bill, which for the most part sum up the expectations created by the legislation. Information security is like the emerald city, it seems like magic but “pay no attention to the man behind the curtain.”
The National Strategy to Secure Cyberspace
identifies five national priorities that will help
us achieve this ambitious goal. These are: (1) a
national cyberspace security response system;
(2) a national cyberspace security threat and
vulnerability reduction program; (3) a national
cyberspace security awareness and training
program; (4) securing governments’ cyberspace;
and, (5) national security and international
cyberspace security cooperation. These five
priorities will serve to prevent, deter, and
protect against attacks. In addition, they also
create a process for minimizing the damage and
recovering from attacks that do occur.
Within the federal government DHS will play a
central role in implementing the National
Strategy to Secure Cyberspace. In addition to
executing its assigned initiatives, the
Department would also serve as the primary
federal point-of-contact for state and local
governments, the private sector, and the
American people on issues related to cyberspace
(10) According to the National Journal the former Director of National Intelligence, told President Bush in May 2007 that if the 9/11 attackers had chosen computers instead of airplanes as their weapons and had waged a massive assault on a U.S. bank, the economic consequences would have been `an order of magnitude greater’ than those cased by the physical attack on the World Trade Center. Mike McConnell has subsequently referred to cybersecurity as the `soft underbelly of this country.’.
Now here is a guy that knows security. Former vice admiral, Director of the NSA, and Director of National Intelligence, which oversees all of the intelligence agencies. A career intelligence officer. After serving a few days under President Obama, he rejoined Booz Allen Hamilton as senior vice president. This is a likely indicator of who will continue to get the big contracts.
(11) The Center for Strategic and International Studies report on Cybersecurity for the 44th Presidency concluded that (A) cybersecurity is now a major national security problem for the United States, (B) decisions and actions must respect privacy and civil liberties, and (C) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure. The report continued stating that the United States faces `a long-term challenge in cyberspace from foreign intelligence agencies and militaries, criminals, and others, and that losing this struggle will wreak serious damage on the economic health and national security of the United States.’.
I’m not sure what makes it now a new major national security problem for President Obama, the same vulnerabilities were present under the previous administrations. I read the second part about privacy and civil liberties as the decisions made must ‘appear’ to respect them. After all privacy is dead, and civil liberties are privileges that can be revoked at any time ‘for our own good’. How exactly do they suppose to secure hardware outside of the territories of the nation? There are major locations which route large amounts of internet traffic that might not be willing to accept interference from outside governments or agencies. I imagine it would be very tough to overtly reclaim international ‘cyberspace’. There is no victory on this front. Security is a never ending battle, they would be better to assume defensible positions and shoot from cover rather then trying to seize and maintain control of the battlefield from well armed mercenaries and insurgents.
(12) James Lewis, Director and Senior Fellow, Technology and Public Policy Program, Center for Strategic and International Studies, testified on behalf of the Center for Strategic and International Studies that `the United States is not organized and lacks a coherent national strategy for addressing’ cybersecurity.
Mr. Lewis is a very prolific in his writing on the subject of security. I would have to agree that `the United States is not organized and lacks a coherent national strategy for addressing’ cybersecurity.
The Center for Strategic and International Studies (CSIS) of Washington was created in 1962 by the initiative of the CIA director of Investigations. It became soon the favorite institution of the Cold War analysts who worked for Henry Kissinger and Zbigniew Brzezinski. In the 80’s, Ronald Reagan recruited there his main Defense advisers, and in the early 90’s, it was just right there where Bush senior found Dick Cheney, minister of Defense during his term. By reviewing the reports on the coming energy crisis, CSIS developed during the last few years under the leadership of Senator Sam Nunn, and focused on the war against the emergence of nuclear powers, oil strategies and civil war.
(13) President Obama said in a speech at Purdue University on July 16, 2008, that `every American depends–directly or indirectly–on our system of information networks. They are increasingly the backbone of our economy and our infrastructure; our national security and our personal well-being. But it’s no secret that terrorists could use our computer networks to deal us a crippling blow. We know that cyber-espionage and common crime is already on the rise. And yet while countries like China have been quick to recognize this change, for the last eight years we have been dragging our feet.’ Moreover, President Obama stated that `we need to build the capacity to identify, isolate, and respond to any cyber-attack.’.
Is President Obama praising the methods of control used in China? Maybe not, but he is making a comparison where they have recognized this change. Continuing on to state for the last eight years we have been dragging our feet. Which this is obviously just a political statement indicting the previous administration. Of course we know his speech is prepared for him, and he is just reading rhetoric from a teleprompter. Likely neither him nor his speech writer knows much about the details of information security.
(14) The President’s Information Technology Advisory Committee reported in 2005 that software is a major vulnerability and that `software development methods that have been the norm fail to provide the high-quality, reliable, and secure software that the IT infrastructure requires. . . . Today, as with cancer, vulnerable software can be invaded and modified to cause damage to previously healthy software, and infected software can replicate itself and be carried across networks to cause damage in other systems.’
Did they throw this in at the last minute? Everyone knows software is vulnerable. SANS released something along the same vein of the need for security through better programming. While this might solve some issues on a basic level, there will always be new vulnerabilities discovered in hardware, software, networking, etc. Many people would agree that one of the weakest links in the system is uneducated system users.
From the findings along, essentially what we are seeing is a transition from war profiteers to cyber-war profiteers. You have an Act proposed by the great-grandson of the richest person in history, that is supported by statements by people who work for major global corporations and security firms who are guaranteed to profit from the legislation. In conjunction with the private sector, government agencies such as the NSA who outsource to these corporations, are supporting the legislation. Instead of a cyber-FEMA, more power will be given to the existing intelligence agencies, which will be funneled to the private intelligence armies at places like Booz Allen. Of course all of this is for our own good to protect us from the Evil Terrorist Hackers.