Executive Orders

...now browsing by tag

 
 

Can America Take Over the Internet?

Friday, September 11th, 2009

Original Title : Cyber FUD s773

9.11.2009 – I haven’t forgotten.

A final straw has just broken this camel’s back.  I’m not exactly sure why it suddenly became such a big issue, but the story about “Obama can shut down the Internet” really topped the charts there for a while. I even had someone ask me about it without the facilitation of an electronic or analog device.  Today, I saw one more headline about the topic then was good for me, and as I said it was the last straw.  The thing that bothers me more then the sudden influx of news stories suddenly paying attention to this legislation is that nothing regarding the president’s powers has changed since its introduction. A few of us were making noise about this months ago, and it was no big deal. So some mainstream media must have picked up on it, and the type of people who take in that sort of information ate it up. In what seems to be par for the course, those covering the story have no idea what they are talking about, and are just playing on the popularity of the subject to attract attention to their publication. 

Internet Takedown Links

Let’s just skip over the fertile male bovine fecal matter, and get to the point.

Can Obama Shut Down the Internet?  – New Legislation Gives President Emergency Control.

That is a whole load of ignorance. Obama wouldn’t know how to turn off the internet even if such a thing was possible.  Yes the new legislation does contain wording related to the executive powers of control over critical infrastructure, but in reality this is nothing new. 

Lawmakers strike new tone with proposed bill giving Obama power to shut down Internet

When the bill was release in April, Leslie Harris, president and CEO at the Center for Democracy and Technology (CDT), which promotes democratic values and constitutional liberties for the digital age, told Network World: “We are confident that the communication networks and the Internet would be so designated [as critical infrastructure], so in the interest of national security the president could order them disconnected.”


I suppose this is the right day for this article.

In time of emergency the government has the power to seize control over anything and everything they desire. This includes the communications infrastructure and access to the internet.  If the people covering this story were aware of this, they might have expressed their concern over the redundancy of this power; why are they reminding us of this now?

Existing laws already give the president broad discretion on how to respond to cyberattacks, despite language in a Senate bill that proposes giving the president specific powers during such events, according to experts.

Experts debate expansion of president’s cybersecurity powers

The president has that power under the National Security Strategy, Addicott said. The most recent National Security Strategy was published in 2006.

Addicott said the bill — S.773 — probably included the language to more clearly define how government officials expect to react to a potential threat, Addicott said. There are precedents for presidents acquiring authority in situations where they do not legally need it, he said.


The people pushing this legislation are using scare tactics to advance their agenda. Using the threat of a cyber-911 or cyber-pearl harbor type of event as leverage to wedge the legislation into existence, they are merely trying to grow a new teat on Uncle Sam’s buttocks for them to feed from.

New Threat Scenarios Drive Cybersecurity Planners to Mull Responses

“It could even be a panic if you think about it,” Meyerrose said. “A story catches hold, there’s an attribution that says that country x has infiltrated something and nobody can take anything out of an ATM, or your power is going to go off or your water is going to turn off or whatever. And then a panic ensues. Those are the kinds of things (to consider) when you’re talking about cyber 911s or cyber Pearl Harbors, in my view.”

Meyerrose said laws are in place already for a situation like the one eight years ago, when the United States was attacked and President Bush ordered all aircraft grounded until further notice. But those aren’t easily applicable to cyberspace.

“There are already provisions I believe — and most of the folks in the business and the government believe — that give the powers to the president that allow to effectively do what needs to be done in times of national emergency,” Meyerrose said.

“I would be troubled if the president didn’t have some sort of emergency powers” for the Internet, he added. “The real ambiguity is, what’s the trip wire for making it a national emergency?”

 Obama Administration Seeks “Emergency Control” of the Internet

True enough as far as it goes, these “free market” cheerleaders are extremely solicitous however, when it comes to government defense and security contracts that benefit their clients; so long as the public is spared the burden of exercising effective control as cold cash greases the sweaty palm of the market’s “invisible hand”!


Of course Meyerrose is the former head of technology for the US Spymaster, and is now the traveling salesman for the Harris Corporation which works with the NSA on U.S. SECRET level encrypted communications. In  2008 it was the number one recipient of funds from the Department of Commerce, and makes billions of dollars a year in revenue. Security and cyber is their business. With the cybercommand being hosted by the NSA, I’m sure Harris <HRS> is a stock symbol to watch.

Internet security bill continues to cause uproar

Larry Clinton, president of the Internet Security Alliance, which represents a cross-section of IT companies including Verizon and Nortel, has criticized what he calls vaguely worded language in the latest version.

“It is [still] unclear what authority … is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill,” he states.

However, there are those who say the recommendations make sense. James Lewis of the Center for Strategic and International Studies compared the provisions to President Bush’s decision to shut down airlines after the 9/11 attacks.

“It seems foolish not to have the same authority for cyberspace,” he said, quoted by TheHill.com. “It’s not that the president will wake up in a bad mood one day and implode Yahoo. This would apply only to s
evere national emergencies. … This is a great opportunity to blast us into a new level of discussion about cybersecurity.”


Ok, so not everyone writing about this is in need of immediate cranial rectal extraction, just most of them.  Lewis’ statement points something out that is important to note.


James Lewis of the Center for Strategic and International Studies compared the provisions to President Bush’s decision to shut down airlines after the 9/11 attacks.


Next time you read a story that says ‘the government can’t shut down the internet because 90% of the infrastructure is privately owned’, I want you to think for a moment; did the government own the airlines?  Remember, once these systems are designated as critical infrastructure, regardless of their ownership, they will be required to comply with federal standards which put them indirectly under government control. Depending on who is attached to these networks, the systems will fall under control of either Homeland Security or the NSA.  Both competent agencies with the publics best interests at heart.

Obama Administration Seeks “Emergency Control” of the Internet

Drafted by Senators Jay Rockefeller (D-WV) and Olympia Snowe (R-ME), “best friends forever” of the National Security Agency (NSA) and the telecommunications industry, they were key enablers of Bush-era warrantless wiretapping and privacy-killing data mining programs that continue apace under Obama.


Once the ‘emergency’ is declared, and the networks are commandeered, privacy’s already dead zombie corpse is beheaded and killed with fire, so not even the illusion of privacy would remain. 

The initial question remains. Can America Take Over The Internet?

My initial reactionary response to this absurd question is “of course not”.  Though after some discussion it seems to be that with enough pressure from the United States, most international corporations, telecommunications providers, and ISP’s are likely to cave and accept the forced compliance standards.  After all if America gets the DNSSEC root, then the DHS will be able to shut down pretty much whatever they want on an international scale, not to mention that the IANA was a US Department of Defense contract which ICANN was created to handle after the death of John Postal

New Agreement Means Greater Independence in Managing the Internet’s System of Unique Identifiers

“The United States Department of Commerce has clearly signaled that multi-stakeholder management of the Internet’s system of unique identifiers is the way ahead and ICANN is the obvious organization to take that responsibility,”- ICANN will no longer have its work prescribed for it. How it works and what it works on is up to ICANN and its community to devise;- ICANN is not required to report every 6 months as it has been under the MOU. It will now provide an annual report that will be targeted to the whole Internet community; – There is no requirement to report regularly to the DOC. The DOC will simply meet with senior ICANN staff from time to time. “The ICANN model of multi-stakeholder consultation is working and this agreement endorses it.


No requirement to report to the Department of Commerce, they can just come over for drinks every once in a while to see how things are going.   “Multi-stakeholder consultation”, makes me wonder where the ICANN is getting its funding.  Strangely enough, the federal funding for ICANN seems to be incompletely listed

ICANN Funding

It is unclear from the above paragraph whether ICANN inherits IANA’s self-proclaimed mandate of ‘Preserving the central coordinating functions of the global Internet for the public good.’ However, it would appear that it is in a good position to assert end-users should be willing to pay. If they are not, then the internet should be allowed to fall apart. Certainly the regulatory authorities who have largely stepped aside to allow this experiment to happen ‘would like to see an economically rational and practical charging system – a contribution per name registered for example.’ Therefore ICANN devises a funding scheme that not only takes account of internediary functions, but goes directly to the beneficiaries of the connectivity ICANN preserves and asks them for a contribution appropriate to the value of their benefit. ICANN provides security and stability. What is the price of that stabilty and security? What further can ICANN do to provide these services? It is in terms of the above argument that, apart from registry contributions, well-wisher contributions (disallowed as political contirbutions long-term?), we devised a quadripartite funding plan which can draw income from the end-user services ICANN provides. However it is not suggested that ICANN, in its not-for-profit guise, should operate these income streams directly -this would hazard the not-for-profit status of ICANN and threaten its mandate-, but that it be an agreed beneficiary on a cost-recovery basis, whilst any other pooled income accrues to internediaries pro rata.


So now, I believe, the question should be: “Can the World Take The Internet From the USA?”
Click to continue »

CyberInsurgency – A True Story

Friday, July 24th, 2009

One nation under martial law, the military stands guard against the population. This following days of protest by many who feel the results of the recent election were fabricated. The voice of dissent is publicly silenced with lethal force.  Terrestrial and satellite signals are jammed, including cell phones and foreign broadcast.  The modern police state, a heavy net of surveillance monitors all domestic communications.  In a series of arrests hundreds of people become political prisoners. Authorities raid media outlets, journalists are beaten as their equipment confiscated.  In an effort to dilute the information that leaks out of the country, the military has its own legion of users creating thousands of propaganda blogs.  Despite this opposition, protest continues. 

The riots continue today, a month after the election.  Protesters clash with troops who respond with tear gas.  In undisclosed locations, skilled technologists formed loose alliances to assist the people.  Their goals are as simple as educating people in the use of encrypted communications and services providing anonymous network routing.  This offers civilians a chance to send information securely, and speak their minds without fear of repercussions. 

Government restrictions have been well established. The public is allowed only a limited connection; access has been restricted to 128 kilobytes per second. Their traffic thoroughly inspected, routed into proxy servers, the content filtered, websites are blocked, and services rendered unreachable. Dissenting opinions are intercepted, and confirmed with torture and silenced by death.

In public channels outside of the country, people of various ideologies work together. Unable to free the citizens of that country from physical oppression, they hope to at least provide a means of communication. From around the world they have gathered to brainstorm new ways for the oppressed to maintain access to public web services. Political opinions put aside, a diverse group of people discuss various methods of circumventing control systems.   

Having stumbled into one such a meeting of the minds, I recognized it as a rare opportunity to observe and participate in an electronic insurgency. Though the subject serious and the consequences of failure well understood, the discussion mostly remained technical in nature. This separation from the human aspect of the crisis was enough to allow for the sort of wild creativity that seems to come naturally to successful people. For example, the suggestion of utilizing enigma machines transmitting over Morse code is not the simplest solution. However, it is the idea that is an engine for a train of thought that could eventually arrive at some new solution.  In the end, it was not necessary to reinvent the wheel, and the focus turned towards how to spread existing encryption and privacy technology. The solution must be easy to understand and implement by people with limited technical skills.

Instructions were provided to use FirePGP in combination with GnuPG to send and receive encrypted emails in Gmail. Once their messages are secure, the correspondents require a method to protect their identities. Squid and Tor proxy server software were suggested to anonymize the traffic. Additional details are available for the operation of a Tor-relay, with the goal being to prevent the government to locate sources of information. Other systems are under development to offer civilians access to open communications channels outside their country, and away from the control of their regime.

It was several days after the election before the mainstream media started its coverage. CNN was using information from Twitter, from ultimately unverifiable sources.  A psychological operation was under way to influence the rest of the world, and confuse or expose insurgents using the service. Acting as a live forum for dissent, Twitter was asked by the US State Department to delay scheduled maintenance in order to prevent a possible outage.

This is the story of an international community working together to promote freedom of speech, and private communications in Iran. Public dissent is an event that most governments including the United States have plans to suppress.  They too monitor civilian communications for threats against their authority. Protest has already been caged into ‘free speech zones’. Similar to Iran’s jamming of communications, Executive Orders exist in the United States giving the government the ultimate authority over everything including transportation routes, communications, and even the civilian population who could be used for labor. The planning behind readiness exercise 84 (REX84) shows the government is willing to use its power to detain people who question their authority. Studies such as Operation Cyberstorm show that the United States and its allies are already preparing to defend against activist computer operators, foreign and domestic. Coming legislation, if passed, would require a license to practice computer security. This could classify some unlicensed technologists as terrorists, where they would be no better off then their colleagues in Iran just trying to get an unapproved message out to the world.

Sources:

Martial Law in Tehran-Monday June 29th 2009

Martial Law in Tehran-Monday June 29th 2009

U.S. satellite feeds to Iran jammed :: InfoWar Monitor :: Tracking Cyberpower

U.S. satellite feeds to Iran jammed

Iran blocks TV, radio and phones – but web proves more difficult | Technology | guardian.co.uk

Iran blocks TV, radio and phones – but web proves more difficult

Mousavi’s wife blasts arrests | Philadelphia Inquirer | 07/24/2009

More than 500 remain in prison, including many top politicians from pro-reform political parties, human-rights lawyers, journalists, and activists

Google Translate

This week a letter sent to the 10 thousand to 10 thousand blog mobilization base in commissioning and production of the “Mhtvahay value” is the Internet space.
http://www.bbc.co.uk/persian/iran/2008/11/081119_mg_basij_filtering.shtml (original link)

Greenwave Info

dedicated to spreading useful information about the current protests in Iran.

Iran | OpenNet Initiative <–very comprehensive and informative.

Iran continues to strengthen the legal, administrative and technical aspects of its Internet filtering systems. The Internet censorship system in Iran is one of the most comprehensive and sophisticated in the world. Advances in domestic technical capacity have contributed to the implementation of a centralized filtering strategy and a reduced reliance on Western technologies. Despite the deeply held commitment to regulating Internet content, authorities continue to be challenged in their attempts to control online speech. Political filtering related to the 2009 presidential campaign, including the blocking of Facebook and several opposition party Web sites, brought renewed attention to the role of filtering in Iran.

pastebin – FirePGP tutorial – post number 1465774

Instructions on how to use the Firefox extension, FirePGP, in combination with GnuPG, to send and receive encrypted emails in Gmail.

rbox

rbox: Squid proxy server

rbox-tor: easy to use Tor server

Tor: Relay Configuration Instructions

Configuring a Tor relay

Twitter Retains Spotlight in Iran Coverage – Digits – WSJ

Another delay is being requested, this time by the State Department

NedaNet Resource Page

resource page for NedaNet, a network of hackers formed to support the democratic revolution in Iran.

NSA Spying | Electronic Frontier Foundation

The U.S. government, with assistance from major telecommunications carriers including AT&T, has engaged in a massive program of illegal dragnet surveillance of domestic communications and communications records of millions of ordinary Americans since at least 2001.

Executive Orders | Bill Clinton’s Executive Order 12919

EXECUTIVE ORDER 12919

Rex 84 – Wikipedia, the free encyclopedia

Rex 84, short for Readiness Exercise 1984, is a plan by the United States federal government to test their ability to detain large numbers of American citizens in case of civil unrest or national emergency.


http://cryptome.org/cyberstorm.pdf

National Cyber Exercise: Cyber Storm
National Cyber Security Division

GovTrack: S. 773: Text of Legislation, Introduced in Senate

a) IN GENERAL- Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals.

(b) MANDATORY LICENSING- Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.

Cyberspace Policy Review – 2009 "The cyberSpace Race"

Saturday, June 6th, 2009

Analysis of the Cyberspace Policy Review

Essentially they want a well regulated internet to protect the economy, and defend the nation. This will require international acceptance of standards to protect against state sponsored cyber war. The government is organized to address this problem. They intend to centralize control over cyber security. A new position of Cyber Security Coordinator will be created as a White House level position. This person will work closely with a number of agencies and the Executive Office of the President.

They are comparing the current cyber security situation to the Space Race. With specific mention to the launch of Sputnik, it seems like the U.S. is still pretty bitter about that. The upside to this will be the creation of jobs during the current recession. In order to achieve their goals they intend to further blend the existing government activities with private ones.

According to the document this is a ‘Digital Revolution‘, with their main focus being on the protection of economic and national security. In specific they fear industrial and military espionage, including actions such as the theft of valuable data including corporate and military secrets. There is also the threat to non-cyber infrastructure such as the power grid, where they site SCADA as an example. Last but not least they mention their concerns on privacy. Unfortunately for the people, this concern is monetary, with the focus on the economic damage caused by identity loss and fraud.

Behind this policy review are people referred to as ‘stakeholders’. They seem to be the cyber-sycophants determined on funneling as much funding to their own coffers as possible. Much of this Review parallels the direction of the Cyber Security act. It has been drawn up on much of the same Congressional testimony, and official reports as the Act.

There are some legal issues which will have to be dealt with, some of them possibly Constitutional. To reassure the public they will be kept safe at all costs, the report mentions multiple times the existing Executive Orders which give the Government the power to seize complete control over communications in time of an emergency. At the moment that power would go to the Department of Homeland Security, the concept of an eFEMA is not factually that far off base. In regards to the international impact of such a decision, the Department of State has the authority over foreign communication policy. According to the Review, the Secretary of Homeland Security is responsible for the protection of critical infrastructure, including information networks.

However the Secretary’s power does not cover Federal systems. For this the Comprehensive National Cyber security Initiative was created. The goal of the CNCI is the consolidation of law enforcement, intelligence, counterintelligence, and military capabilities to address the full spectrum of cyber threats. The head of the CNCI stepped down out of concern for the public based on the direction of the current cyber strategies.

To replace him they have created a new White House level position. The Cyber Policy Officer, will report to the National Security Council and the National Economic Council. There also is the established Communications Infrastructure Interagency Policy Committee (ICI-IPC), which is chaired by the NSC and the Homeland Security Council. The ICI-IPC is focused on “achieving an assured, reliable, secure, and survivable global information and communications infrastructure and related capabilities”.

Whoever is appointed by the President to the position of policy official, will be supported by Presidential authority, support and resources. They will receive assistance from at least two Senior Directors from the NSC, and one Senior Director and appropriate staff from the NEC. One of their duties will be to consult with the Federal governments Chief Technology Officer, and Chief Information Officer, in addition to the appropriate people within the Office of Management and Budget and The Office of Science and Technology Policy.

The Goal is to create a central position of leadership within the White House, a figurehead who will be responsible for establishing security policy, as well as responding to cyber-emergencies. There are a number of agencies which have already been created such as the National Security and Telecommunications Advisory Committee, the National Infrastructure Advisory Council, the Critical Infrastructure Partnership Advisory Council, and the Information Security and Privacy Advisory Board. These groups will be evaluated by the policy official with the goal of optimization, and elimination of redundancy, which basically amounts to the consolidation of power within the White House.

The stakeholders involved in the Cyberspace Policy Review discussed a variety of options to coordinate and oversee cyber security. The Joint Interagency Cyber Task Force (JIACTF) currently is responsible for this. If you have read the previous articles, you might find it interesting to know that this task force works under the Director of National Intelligence. The former DNI is cited in both the Cyber security Act as well as this Policy Review. He is currently employed as SR. Vice president of one of the largest recipients of government cyber security and intelligence contracts. The Review states explicitly that “unless and until such an office is established, the work of the JIACTF will continue”. The Director of National Intelligence is in charge of all the intelligence agencies, which in turn outsource most of their work to private corporations.

It is no wonder the Review explains that goals consistent with U.S. Constitutional Principles may make certain activities conducted by the Federal government more difficult. Keeping their best interests at heart, they feel the need to partner with Congress. The goal of this partnership is to benefit from Congressional knowledge and experience, in order to properly please the industrial lobbyists represented there.

At the state level, representatives from the National Governors Association, feel that cyber security is the weakest link in the protection of their states. While they already receive funding from Homeland Security which can go to cyber security, historically the grant funds have not been prioritized for that purpose.

The digital revolution includes the Smart Grid program as well as the Next Generation Air Traffic System, which receive funding from the new bailout bill. To sustain this revolution they wish to educate the public beginning in the first year of school. A cyber security education program would teach digital safety, ethics, and security, with the hopes of creating a technologically advanced workforce. The review even goes so far as to recommend a public safety campaign similar to the Smokey Bear fire safety campaign. Likely with accompanying catchy public service announcements stating that ‘only you can prevent malicious worm propagation’ (don’t copy that floppy anyone?). Along this same thread it is suggested that Celebrities, the computer generation, and new media should be used to deliver this message of cyber security awareness.

The reason for this education campaign is an underlying fear that the United States will fall behind other nations in the cyberSpace Race. Why else would they have brought up the whole Sputnik thing? They state that talented IT employees are in high demand, but the number of people receiving related education has been in sharp decline for several years. Thankfully the National Science Foundation, and the DHS offer grants and scholarships, with 80% of those who receive them getting government jobs. The National Centers of Academic Excellence in Information Assurance Education and Research, which was founded by the National Security Agency, and lately co-sponsored by the DHS, works to promote education in information assurance in 38 states and DC. The Defense Department also sponsors the Information Assurance Scholarship Program in the same institutions.

Now that you’ve bit the hook, and they’ve reeled you in, they want to keep you fresh. The Review mentions a plan for “shared training across agencies and into the private sector”. Blending the oft mentioned public-private partnership, they would like to have public-private employees as well. In reality this is not likely much different then the current situation. I could imagine a scenario where they would begin to trade top talent like the professional sports leagues. This could lead to some interesting results with IT ‘stars’ demanding higher pay because of their ‘skills’.

Another reason for the necessity for a tight public-private partnership is that the private sector “designs, builds, owns, and operates most of the network infrastructures”. Aside from a hostile take over, the best option is partnership. Likewise the corporations involved depend on the government’s protection from various threats, so it is a mutual arrangement. I mentioned in a previous article how they are attempting to create a monopoly. The Review actually cites the Sherman Antitrust Act in reference to private sector concerns about “certain federal laws” that might impede their partnership. Thanks to the Trade Secrets act and the Critical Infrastructure Information Act, the parties involved will not need to be concerned with the Freedom of Information Act.

We can be sure there will be no conflict of interest specifically concerning the multinational owners of major private government consulting operations. The Review suggests tailored solutions to handle such situations. One of them is to adopt a system similar to that which is used in Britain. Called the consultancy model, vetted private information security providers are used as a nexus to combine data.

Taking it to the next level, the Review suggests the government consider focusing on “game-changing” areas things such as behavioral and incentive based solutions. Something similar to the vouchers I have mentioned previously, tax breaks could be offered to those who choose to become early adopters of the new system.

Since the Internet is a global system, it is important to partner with the international community. Once the government comes up with their domestic plan, they hope to spread it around the world with love like they have done with democracy, bringing like minded nations together to discuss acceptable norms, implementation of standards, and “use of force”. “New agreements between governments and industry may need to be documented to enable international information sharing, as well as strategic and operational collaboration”. The U.S. will help other countries build legal frameworks, and work with allies to ensure the stability and global interoperability of the Internet.

When the Taliban unleashes their cyber army, the government wants to be prepared. The Review states the need for a coordinated joint response from the government, the private sector, and its allies. As a defensive measure is suggested that some sort of system be put into place before an attack happens, a sort of early warning system and cyber defensive grid. Only the White House has the authority to react to such an event. The policy official would be responsible in this situation, which underlines the necessity for centralization of National cyber emergency management.

The Cyber security act mentioned the National Institute of Standards and Technology ignoring classifications of national security on systems. Similarly the Review mentions the problems that arise from the “existing legal, but artificial, distinctions between national security and other federal networks”. With regards to the Review it pertains to the dispersion of federal cyber incident response across many federal departments. It is mentioned that legislation might be required to consolidate this response, to harmonize or enhance as necessary the different departments.

The defensive strategy will begin with the development of “a set of threat scenarios and metrics” that can be used for “risk management decisions, recovery planning, and prioritizing of R&D”. The ICI-IPC would be in charge of making enforceable rules for incident reporting, while the CNCI would continue to improve “federal network defenses”. In addition there is a plan called the Trusted Internet Connection program, whose goal is to reduce the number of government network connections.

For the moment “the Defense Department is responsible for aggregating information on network health and status, attempted intrusions, and cyber attacks for its networks, the Intelligence Community for its networks, and US-CERT for civilian federal agencies and to some extent the private sector”. The Review suggests the government should assist in preventing, detecting, and responding to cyber incidents by leveraging existing resources such as the Multi-State Information Sharing and Analysis Center, and the 58 existing State and local Fusion Centers.

According to the Review, “security classification and clearance requirements” inhibit information sharing. Policies governing the “collection, use, retention, and dissemination of information” need to be audited as they “present significant barriers”. The “Federal government should help the research community gain access with appropriate controls, to cyber security-related event data that could be useful to develop tools.”

Once they figure out the domestic file sharing, they plan to expand it internationally, sharing data with allies, and seeking “bilateral or multilateral” agreements. This international collaboration might upset some of their domestic partners. However since they depend on the government for “the common defense of privately-owned critical infrastructures”, most of the stakeholders have “indicated a willingness to work toward a framework under which the government would pursue malicious actors and assess with information and technical support to enable private-sector operators to defend their own networks”. Private sector operators “such as the World Bank and the International Monetary Fund” are specifically mentioned as institutions that should be defended.

As medical records are digitized, the Smart Grid technology is implemented, along with the Next-Generation Air Traffic Control system; there will be an increasing need for information security. One way to achieve this is to develop a “next-generation of secure computers and networking for national security applications”. The goal is to “harness the full benefits of innovation to address cyber security concerns”.

Cloud Computing, “introduces new policy challenges for the private sector and governments around the globe”, it “presents challenges for law enforcement, the protection of privacy, and civil liberties”. This could prove to be difficult for the government if a terrorist’s data was in the cloud in a country that did not conform to the international standards. On the other hand, as a side note, if your data exists in a cloud in a foreign country then your rights to that data might only be covered by their law.

DARPA, the guys that brought us the Internet, see the “defense of current Internet Protocol-based networks as a losing proposition”. They suggest “an independent examination of alternate architectures”. As of March 2009 they have begun analysis of alternatives. In the mean time it is suggested the government focus on research and development into “game-changing technologies”, which build on “existing Networking and Information Technology Research and Development strategies”.

One of these game-changers might be the development of “an opt-in array of interoperable identity management systems”. It is being developed based on the findings of The National Science and Technology Council’s subcommittee on Biometrics and Identity Management. The goal is to create a national standard of biometric identification at the federal level. This technology would become available for private operators, and emergency services. Part of securing the Nations cyberspace, the Smart Grid and the new air traffic control system, will involve the adoption of  technology to verify the identity of whoever is using the services.

This doesn’t do any good if the hardware or software is compromised during manufacture. Because much of the hardware is constructed overseas, there are “concerns about the potential for easier subversion of computers and networks through subtle hardware or software manipulations”. Examples of these are the counterfeit products that have turned up in various places. Called “supply chain attacks”, this manipulation can be “virtually impossible to discover”. To protect against this, the Review suggests the U.S. should “define procurement strategies”. Such strategies would be based on work by the National Security Agency and the Defense Department, “to create market incentives for security to be part of hardware and software product designs”.

National security and emergency preparedness are two of the main concerns of the government. When there is some event of national emergency, federal and local agencies depend on the national communications infrastructure. Many of the services such as the Emergency Operations Centers are beginning to use new technologies. Enhanced 9-11 call centers are using Voice Over Internet Protocol in some cases. So these facilities also now require direct cyber defense. Homeland Security is “working toward the goal of providing national security and emergency users with access to the converged information services of next-generation networks”. This includes the authorization of the President “to use, control, or close communications services, systems, and networks”. A public-private National Coordinating Center exists to “assist in the initiation, coordination, restoration, and reconstruction of communications services or facilities”.

Cyber security is the two faces of a single coin. One side is the Federal government, its agencies, departments, and alphabet soup. The flip side is private business and corporations. The two sides depend on one another for survival, and therefore are very willing to share the middle ground. If one was to remove the emblems from the obverse and reverse of the coin, you would be left with a homogenous metallic slug. At the core of the national cyber defense strategy is the alloy consisting of the public-partnership. To maintain the value of this partnership, it is very important for it to become the international standard. Steps will be taken to prevent the production of counterfeits, but eventually the plan is to replace it with something modern and more secure.

Twitter links powered by Tweet This v1.8, a WordPress plugin for Twitter.

Get Adobe Flash player