Senate 773

...now browsing by tag

 
 

S.773 Cybersecurity Act -quick summary.

Friday, June 12th, 2009


The 2009 Cybersecurity act as proposed by Jay Rockefeller, is little more then a business plan.  It is designed to sell products and services, yet is narcotic enough to seem benign to bankers. The Act is prefaced with the promise of defending global trade and commerce, though it sets unrealistic goals for international compliance with new standards.  What we really have is an attempt by the intelligence community to monopolize on the information industry by way of their private partnerships.  In effort to maintain this advantage, mandatory licensees will be required to practice cybersecurity or to operate critical infrastructure.  The President and the CyberCzar will have total power to decide what is critical infrastructure. The point here is that while the Internet might not seem like critical infrastructure, there are many agencies that rely on it, and the operations centers which maintain these sections of the net might be required by law that their employees are federally certified.  In order to ensure there are plenty of willing federal employees, the Act would create a national cyber challange, where the best and brightest from high school and on up would have the opportunity to compete for cash prizes, and that elusive government job.  While those lucky winners are being used up, the bill proposes cyberawareness education starting in kindergarten.  They even have plans for a smokey bear type campaign to really get the youngsters interested.  Summer programs and internships will pave the way for even the youngest of students to do their part in the battle against cyberterrorists.

Remember:

The Government has the right to refuse your internet service at anytime, for any reason.

S.773 – The Cyber Security Act of 2009 – part 3

Friday, June 12th, 2009

S.773 The Cybersecurity Act of 2009 pt3

This is part three in a series reviewing the proposed cybersecurity legislation.

(e) FCC NATIONAL BROADBAND PLAN- In developing the national broadband plan pursuant to section 6001(k) of the American Recovery and Reinvestment Act of 2009, the Federal Communications Commission shall report on the most effective and efficient means to ensure the cybersecurity of commercial broadband networks, including consideration of consumer education and outreach programs.

At the end of section 6, I decided to carry this last paragraph over to the next article. Under the bailout bill funding will be provided to create new problems for protecting national infrastructure. This includes the new smart grid for energy transfer, and a new advanced air traffic control technology. The FCC is responsible for reporting on the security of the commercial internet, and will receive bailout money for evaluating the network’s security.

SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.

This is a mandatory national computer and infrastructure security license. It
will include anyone who is engaged in network or computer security at the federal level, and operators of systems deemed critical by the president or his advisor.  Critical systems can include internet operations.  Federal and local emergency response systems are already dependent on the internet. In the case of a national emergency or in wartime the government does reserve the right to commandeer all forms of communication.  This act would require anyone operating any of these systems to receive approved training to qualify for a license to practice the security trade within the United States.  The vague nature of critical systems could mean that anyone who operates publicly accessible private equipment may be required to obtain this license to operate the internet.

SEC. 8. REVIEW OF NTIA DOMAIN NAME CONTRACTS.

The IANA is a government contract. The work is currently being carried out by ICANN. This group has been approved by the Defense Department since the IANA contract was handed over. The bill makes it clear there will be no changing of this situation without review, consideration, and approval.

SEC. 9. SECURE DOMAIN NAME ADDRESSING SYSTEM

This sets a three year timetable to develop a strategy for implementation of a secure Domain Name System (DNS).  This is a political issue.  The industry has already developed methods of securing the domain name addressing system. It is the role of the government to resolve the issues of foreign and domestic implementation. Federal, and critical systems will be required to participate in the secure DNS.  Internationally it would fall under the Department of State and the President to convince other nations to adopt the system.

SEC. 10. PROMOTING CYBERSECURITY AWARENESS.

The national cybersecurity awareness campaign will come complete with mascots and public service announcements. There will be awareness training beginning in the first years of school.  The goal of this is to not only create awareness of potential threats, but also to create an information and technology workforce for the future.

SEC. 11. FEDERAL CYBERSECURITY RESEARCH AND DEVELOPMENT.

In an effort to bring the United States to the front of this digital arms race, funding will be directed to research and development. The National Science Foundation will be given priority in researching how to design and build systems that are secure and reliable when first deployed.  They will develop the ability to audit software, so that it “implements stated functionality and only that functionality”. Part of this will involve “selected secure coding education and improvement programs”, where the Director of the Foundation will look at ways to integrate secure coding into the “core curriculum of computer science programs” and “other programs where graduates have a substantial probability of developing software after graduation”. Colleges and universities regularly receive funding from the NSF, if this amount is over one million dollars, these institutions will release to the Foundation their statistics on computer since students, and those in related fields.  These figures will include the number of students likely to enter software design or development, whether or not they received secure coding education, and what classes they were enrolled in.  The NSF would like to evaluate these programs, and measure the effectiveness of the students “to master secure coding and design”.
The NSF will also research identity and information assurance, including the ability to “determine the origin of a message transmitted over the Internet”. The Foundation will provide support towards building new protocols for Internet security. There will be grants awarded for the creation of internet test labs “sufficiently large in order to model the scale and complexity of the real world networks and environments”. These labs will be used for playing war games, or “to support the rapid development of new cybersecurity defenses, techniques, and processes by improving understanding and assessing the latest technologies in a real world environment”.  There will also be work done towards the balance of security and privacy, and the problem of insider threat.

SEC. 12. FEDERAL CYBER SCHOLARSHIP-FOR-SERVICE PROGRAM.

The Federal Cyber Scholarship-for-Service program pretty much introduces itself.  I can not restrain my self from mentioning this was one of the solutions I reached independently.  I phrased it as “trucker school” like training.  Instead of paying for expensive training, licensing, and equipment, these things are provided with the promise that the student will work for the company for some period of time. This is an alternative solution to the current certification process.  Since operating the Internet is not quite the same as piloting eighteen wheels of Detroit iron, the government plans to start the kids off early.  They will provide “a procedure for identifying promising K-12 students”.  These promising students would be eligible for summer programs and internship “that would lead to certification of Federal information technology workforce standards and possible future employment”.  Just like with trucking school, once the class is complete the job is guaranteed.

SEC. 13. CYBERSECURITY COMPETITION AND CHALLENGE.

The goal of this challenge is to “attract, identify, evaluate, and recruit talented individuals”. The competition would also serve to “stimulate innovation in basic and applied cybersecurity research, technology development, and prototype demonstration”. If they don’t get the recruit, they will still have access to their work.  These widely advertised challenges will be available for high school and college students. Institutions will also be allowed to compete for the millions of dollars in prize money.

SEC. 14. PUBLIC-PRIVATE CLEARINGHOUSE.
The Secretary of Commerce will have access to all internet and critical networks “without regard to any provision of law, regulation, rule, or policy restricting such access”. The Department of Commerce will serve as a clearinghouse of related information, acting as liaison between the government and the private sector.

SEC. 15. CYBERSECURITY RISK MANAGEMENT REPORT.

This section simply gives value to risk.  It will create a market for risk management, require “cybersecurity to be a factor in all bond ratings”.

SEC. 16. LEGAL FRAMEWORK REVIEW AND REPORT.

This section calls for “a comprehensive review of the Federal statutory and legal framework applicable to cyber-related activities in the United States”.  There are several acts specifically mentioned, but it also includes “any applicable Executive Order or agency rule, regulation, or guideline”.

SEC. 17. AUTHENTICATION AND CIVIL LIBERTIES REPORT.
When the government starts discussing an “identity management and authentication program”, they must also address the privacy concerns which follow along with it.

SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.

The President will develop a strategy for security. This strategy should include a long term plan. It will respect national security, and include the private sector.  In the event of an emergency the President has the power to restrict, shutdown, or disconnect the internet. This applies to Federal and critical systems in time of emergency, or in the interest of national security. The President also will “designate an agency to be responsible for coordinating the response and restoration” of the systems restricted or shut down.  There will also be a department or agency which will “review equipment that would be needed after a cybersecurity attack and develop a strategy for the acquisition, storage, and periodic replacement of such equipment.” There will be “periodic mapping of…..critical infrastructure information systems or networks” to “measure the effectiveness of the mapping process”.  The President will also have the power to enforce regulations, and bestow ‘cyber-related’ certifications to United States people.

SEC. 19. QUADRENNIAL CYBER REVIEW.

Starting in 2013, this review will provide an unclassified summary, and include recommendations for improvement.

SEC. 20. JOINT INTELLIGENCE THREAT ASSESSMENT.

The Director of National Intelligence and the Secretary of Commerce will make a yearly report to Congress on “cybersecurity threats” and “vulnerabilities of critical national information, communication, and data network infrastructure”.

SEC. 21. INTERNATIONAL NORMS AND CYBERSECURITY DETERRANCE MEASURES.

The President would “work with representatives of foreign governments” to encourage global adoption of America’s new standards.

SEC. 22. FEDERAL SECURE PRODUCTS AND SERVICES ACQUISITIONS BOARD.

This section is an attempt to address the ‘supply chain’ vulnerability. There is need for “review and approval of high value products and services”, and so there must be “the establishment of appropriate standards for the validation of software to be acquired by the Federal Government”, including “independent secure software validation and verification”. This act would require the approval of the Secure Products and Services Acquisitions Board for any product or service subject to federal standards.

This marks the end of part 3. A summary will be provided later.

S.773 – The Cyber Security Act of 2009 – part 2

Monday, June 1st, 2009

This is the second part in a series concerning the Cybersecurity Act of 2009. s773.  As per request I have broken a large single page into sections. If you liked it the other way let me know. Please forgive my use of the term -cyber-, and any other marketing buzzwords. I’m just reflecting the terminology used.

s.773 Cybersecurity Act of 2009 part 2.


The relationship between the national intelligence agencies, and the private information technology sector has long since been consummated.  There exists a tight federal and private partnership, with the majority of intelligence work being outsourced from the federal level to the corporate.  This legislation is nothing more then a formality. It makes the partnership public knowledge, and gives the intelligence industrial complex an official voice in the white house.

SEC. 3. CYBERSECURITY ADVISORY PANEL.

    (a) IN GENERAL- The President shall establish or designate a Cybersecurity Response Advisory Panel.
    (b) QUALIFICATIONS- The President–
    (1) shall appoint as members of the panel representatives of industry, academic, non-profit organizations, interest groups and advocacy organizations, and State and local governments who are qualified to provide advice and information on cybersecurity research, development, demonstrations, education, technology transfer, commercial application, or societal and civil liberty concerns; and
    (2) may seek and give consideration to recommendations from the Congress, industry, the cybersecurity community, the defense community, State and local governments, and other appropriate organizations.

The President will select people who are qualified to provide advice and information on cybersecurity research, development, demonstrations, education, technology transfer, commercial application, or societal and civil liberty concerns.

This is quite a broad section of potential appointees. There is no mention about how the selection process would be carried out, or what makes one person more qualified then another to serve on the panel. The President is neither qualified to carry out the selection process, nor able to comprehend the details of recommendations given to him.  Instead it would be necessary to create a “National Cyber Security Czar.”  A sort of interpreter to advise the President in terms he can understand, and to give the President’s speech writer terms most people can comprehend.  I suspect what we will ultimately see is the creation of a new cabinet position, a ‘Secretary of Cyberdefense’. Though it seems this has been done in the form of the National Cybersecurity Center.

US Cyber Head Quits Over Threats To Democracy

Rod Beckstrom, the head of the Department of Homeland Security’s National
Cyber Security Center, said last week he would be stepping down
effective March 13.

In a letter to Homeland Security Secretary Janet Napolitano, Beckstrom said
the NSA “dominates most national cyber efforts” and “effectively controls
DHS cyber efforts through detailees, technology insertions and the proposed
move” of the NCSC to an NSA facility at the agency’s Fort Meade, Md.,
headquarters.

In addition to the NCSC there is also the position of White House Cybersecurity Chief. With regards to part one of this article, I feel it important to note that the acting White House Cybersecurity Chief Melissa Hathaway was Senior Advisor to the Director of National Intelligence, Mike McConnell and Cyber Coordination Executive, she specialized in cybersecurity strategies with consulting firm Booz Allen Hamilton.


President Obama made an announcement in regards to the nation’s cybersecurity direction. Included in this plan is the appointment of Chief Cybersecurity Coordinator. It seems they will not be going with the title ‘czar’ this go round. It makes sense for the first people to be approached for positions on the panel will be people already currently employed in the service of the government. Those quoted in the findings would be an excellent example of potential panel members.  Despite the new campaign from the Department of Defense to recruit hackers out of high school, I strongly doubt there will be any application process for independent civilian admission onto the panel. With Ms. Hathaway on the inside, and her former boss on the outside, it seems that not only has the chess board been set, the game has been played and what we are seeing is the results of the match finalized and put down on paper.

Spies for Hire, US pays Carlyle Group to spy-2/3

Click to continue »

S.773 – The Cyber Security Act of 2009 – part 1

Thursday, May 14th, 2009

S. 773: Cyber Security Act of 2009

A bill to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption, and for other purposes.


The summary is quite honest to the actual intent of the bill. It is designed to protect commerce, and global trade. An act to ensure the continued exploitation of the Internet. Just looking at the initial sponsor, and the groups represented in the findings it seems quite obvious this act has been dreamed up by businesses and government agencies as a way of soliciting additional funding in the form of contracts. Essentially using tax payer money to expand their operations while projecting the illusion of securing ‘cyberspace’. Cyberwar profiteers getting their feet in the door for more government funding.
We already have the majority of intelligence work done by agencies such as the NSA being outsourced to businesses like Booz Allen Hamilton. Now we see the same people giving dire warnings of an eminent terrorist threat. The reaction to these warnings it the Cyber Security Act, and the solution is to channel more resources to the people giving the warning.

Rockefeller – Cybersecurity

Sponsor:
Sen. John Rockefeller [D-WV]Great-grandfather was once the worlds richest man is considered the richest person in history. Infamous for his Standard Oil monopoly.

Cosponsors [as of 2009-04-18]

Sen. Olympia Snowe [R-ME] – Daughter of a Spartan, popular Senator from Maine. Known for her ability to influence the outcome of close votes. Consider a RINO by some. She is also known as a Rockefeller Republican.

Sen. Bill Nelson [D-FL] Former astronaut. Member of the Book and Snake secret society at Yale.

Sen. Evan Bayh [D-IN] Claims his wife’s corporate roles hold no sway over his votes. Recently formed the ‘Blue Dog’ caucus, where it is suspected he is supporting corporate agendas.

Capitol Hill’s corridors are now filled with corporate America’s lobbyists, who are working to assure that our middle class and those who aspire to it have as little representation as possible


Once the church was the dominant power in society, and churches dominated the skyline. Following the church was industry, and steeples were replaced with smoke stacks. From this industry grew enormous wealth. Soon the towering bank buildings facilitated the fluidity of these corporate industrial assets, and again their structures loomed over the city. What I noticed was a transfer of power from the banking and finance sector into telecommunications. Information is the currency of today. Where you have something of value, there will always be threats against it.

Cyberspace is the marketplace of information, and just like in the physical world there is also a black market.

Click to continue »

Twitter links powered by Tweet This v1.8, a WordPress plugin for Twitter.

Get Adobe Flash player