Critical Internet Bill....(Admin Allowed Post)

15 years ago

I don't see this issue as inherently political. However, it would be nice if the posts that follow would focus on the bill, and not devolve into a political complaint session.

It is an important issue to everyone that uses the Internet, and, by default, every member of the Warrior Forum.

Let's be honest, some people aren't even sure who their representatives are. No problem.

You can go to Project Vote Smart - American Government, Elections, Candidates and Voting and enter your zip code. You will then get a list of everyone "representing" you in government (federal and state).

Click on the rep's name and you will get contact info for them.

If you don't like the idea of the government being able to shut down the Internet, contact your representative and let them know what you think.

All the best,
Michael

Thanks

Signature

"Ich bin en fuego!"

{{ DiscussionBoard.errors[1136040].message }}

HeySal

15 years ago

You can also do that at Congress.org - Home

You can also read the bill itself (or any other live bill) there. If it's not posted, write to your legislator and ask for a copy. Every now and again they try to get something by us without posting it. Don't let them get away with that on this issue.

Thanks

Signature

Sal
When the Roads and Paths end, learn to guide yourself through the wilderness
Beyond the Path

{{ DiscussionBoard.errors[1136132].message }}

artwebster

15 years ago

Since the Patriot Act gives the president and anyone he nominates pretty stringent powers maybe you should look not at the bill - but at what the fuss about the bill will screen from your sight. By threatening a small evil a clever and manipualtive person can get away with a bigger evil behind the smoke screen.

Thanks

Signature

You might not like what I say - but I believe it.
Build it, make money, then build some more
Some old school smarts would help - and here's to Rob Toth for his help. Bloody good stuff, even the freebies!

{{ DiscussionBoard.errors[1136177].message }}

HeySal

15 years ago

Originally Posted by webpro20009

how this bill can pass?

You obviously aren't aware of other unconstitutional items which have passed despite major public objection. It's not whether it can pass or not that is an issue. All congress has to do is vote for it to pass it. The issue is whether there are enough to sue for a repeal or to kick their reps out of office if they pass it. Considering reaction to other acts of congress, I'd say it's a real good indication that they can not only pass it, but will enforce it very arbitrarily.

I wonder who will want to even apply to work at an Inet company knowing the kind of scrutiny they will be under.

Thanks

Signature

Sal
When the Roads and Paths end, learn to guide yourself through the wilderness
Beyond the Path

{{ DiscussionBoard.errors[1136190].message }}

seasoned

15 years ago

Michael,

I am surprised ANYONE trusts our government anymore! And I say that no matter WHAT party is "in power". One quote in that bill says:

The president of the United States has always had the constitutional authority, and duty, to protect the American people and direct the national response to any emergency that threatens the security and safety of the United States. The Rockefeller-Snowe Cybersecurity bill makes it clear that the president's authority includes securing our national cyber infrastructure from attack. The section of the bill that addresses this issue, applies specifically to the national response to a severe attack or natural disaster. This particular legislative language is based on longstanding statutory authorities for wartime use of communications networks. To be very clear, the Rockefeller-Snowe bill will not empower a "government shutdown or takeover of the Internet" and any suggestion otherwise is misleading and false. The purpose of this language is to clarify how the president directs the public-private response to a crisis, secure our economy and safeguard our financial networks, protect the American people, their privacy and civil liberties, and coordinate the government's response.

That is full of lies and half truths! Ask yourself THESE questions!

1. If it was always under his authority, WHY do they want to pass this?
2. He says "the president's authority includes securing our national cyber infrastructure from attack". WHAT cyber infrastructure? You can NOT "secure" it by SHUTTING IT DOWN! Attacks happen ALL THE TIME and can't be prevented other than shutting off connections. That is the ISPs job and that of the sites, and they have been doing that for over a DECADE! And this is NOT the governments infrastructure. One would hope they have their OWN internal connections.
3. He said "The purpose of this language is to clarify how the president directs the public-private response to a crisis, secure our economy and safeguard our financial networks, protect the American people, their privacy and civil liberties, and coordinate the government's response." Response to WHAT? The ISPs would know about an attack long before the average person would.

BTW

"SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.

The President--

(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network;"

The language in the bill makes AOL such a network, etc....

MAN is this bill STUPID! It would....

1. Raise the national debt. Just SEVEN grants are listed as costing about 2.2Billion over the span of 5 years. That is a SMALL part of the bill, even as far as grants!
2. Possibly change all servers, etc....
3. Would start an industry that could hurt various companies, etc....
4. Introduce TROJANS!
5. Possibly upset various software products
6. Change the domain name industry
7. Just plain complicate matters.

Why don't they just DO THEIR JOB, and ENFORCE CURRENT LAWS! It would save money, and wok better! It looks like some idiot "consultants" and colleges got together and get a ton of grants to give the government a greater ability to control things.

And Apparently they want to setup these trojans to give them control. What if a foreign government used them?

Steve

Thanks
1 reply

{{ DiscussionBoard.errors[1136209].message }}

Steven Wagenheim

15 years ago

For what it's worth, I've written an article on this and submitted it to EZA
asking readers to contact their representatives.

If EZA doesn't print it (highly likely) I'll put it on my blog and ask my list to
spread the word around.

If we make this a coordinated effort, we can make enough noise to get this
joke of a bill shut down.

[ 1 ] Thanks
1 reply

Signature

My Soundcloud Music Channel

{{ DiscussionBoard.errors[1136332].message }}

HeySal

15 years ago

Originally Posted by Steven Wagenheim

For what it's worth, I've written an article on this and submitted it to EZA
asking readers to contact their representatives.

If EZA doesn't print it (highly likely) I'll put it on my blog and ask my list to
spread the word around.

If we make this a coordinated effort, we can make enough noise to get this
joke of a bill shut down.

Thanks, Steve. I would hope everyone else follows suit. I will do so as well - I retweeted it, but it deserves EVERYONE retweeting - hitting all social media and blogs with it. It wouldn't be the first group of Warriors that went to bat over an issue. We lost last time despite 50 million "no way" responses from citizens. I don't think we can afford that kind of odds this time. We need EVERYONE to tell them where to stick this one.

Thanks

Signature

Sal
When the Roads and Paths end, learn to guide yourself through the wilderness
Beyond the Path

{{ DiscussionBoard.errors[1136457].message }}

seasoned

15 years ago

Michael,

SEC. 5. STATE AND REGIONAL CYBERSECURITY ENHANCEMENT PROGRAM.

(a) CREATION AND SUPPORT OF CYBERSECURITY CENTERS- The Secretary of Commerce shall provide assistance for the creation and support of Regional Cybersecurity Centers for the promotion and implementation of cybersecurity standards. Each Center shall be affiliated with a United States-based nonprofit institution or organization, or consortium thereof, that applies for and is awarded financial assistance under this section.

(b) PURPOSE- The purpose of the Centers is to enhance the cybersecurity of small and medium sized businesses in United States through--

(1) the transfer of cybersecurity standards, processes, technology, and techniques developed at the National Institute of Standards and Technology to Centers and, through them, to small- and medium-sized companies throughout the United States;

(2) the participation of individuals from industry, universities, State governments, other Federal agencies, and, when appropriate, the Institute in cooperative technology transfer activities;

(3) efforts to make new cybersecurity technology, standards, and processes usable by United States-based small- and medium-sized companies;

(4) the active dissemination of scientific, engineering, technical, and management information about cybersecurity to industrial firms, including small- and medium-sized companies; and

(5) the utilization, when appropriate, of the expertise and capability that exists in Federal laboratories other than the Institute.

(c) ACTIVITIES- The Centers shall--

(1) disseminate cybersecurity technologies, standard, and processes based on research by the Institute for the purpose of demonstrations and technology transfer;

(2) actively transfer and disseminate cybersecurity strategies, best practices, standards, and technologies to protect against and mitigate the risk of cyber attacks to a wide range of companies and enterprises, particularly small- and medium-sized businesses; and

(3) make loans, on a selective, short-term basis, of items of advanced cybersecurity countermeasures to small businesses with less than 100 employees.

That makes it clear they are NOT talking about the government! They are talking about the INDUSTRY! The bill was presented April first 2009, and claims supporting opinion back to 2003. THAT was described as saying:

(9) According to the February 2003 National Strategy to Secure Cyberspace, `our nation's critical infrastructures are composed of public and private institutions in the sectors of agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking finance, chemicals and hazardous materials, and postal and shipping. Cyberspace is their nervous system--the control system of our country' and that `the cornerstone of America's cyberspace security strategy is and will remain a public-private partnership.'.

AGAIN, I doubt the government could be called a PRIVATE entity.

Steve

Thanks

{{ DiscussionBoard.errors[1136396].message }}

seasoned

15 years ago

Frankly, if they balanced connection load, changed email, switched to IPv6, enforced CURRENT laws, and just did their jobs, things would on a BAD day run better than they do today on a good day. IMAGINE a time where a DoS problem couldn't happen, because of a balanced connection load, where SPAM couldn't happen, because of improved email, where systems wouldn't be so likely to have problems because of IPv6. Imagine if you DID have a problem, and people would HAVE to help.

Steve

Thanks

{{ DiscussionBoard.errors[1136425].message }}

Michael Motley

15 years ago

[DELETED]

{{ DiscussionBoard.errors[1136441].message }}

seasoned 15 years ago

[DELETED]

{{ DiscussionBoard.errors[1136475].message }}

locpic63

15 years ago

In my opinion it does not matter whether this bill passes or not. Our Government has proven that they will do what they want when they want. Ask yourself this question: How many of my rights that are in the constitution,or the bill of rights have been stripped from me? There are many!

Locpic63

Thanks
2 replies

Signature

Legitimate Home Business Opportunities

Achieve Financial Freedom

Go Green With Renewable Energy

{{ DiscussionBoard.errors[1136460].message }}

HeySal

15 years ago

Originally Posted by locpic63

In my opinion it does not matter whether this bill passes or not. Our Government has proven that they will do what they want when they want. Ask yourself this question: How many of my rights that are in the constitution,or the bill of rights have been stripped from me? There are many!

Locpic63

So does that mean you are just going to remain quiet while they take everything that is left? In my opinion we should have taken them all out of office over the bailout --- but just because they feel free to ignore us no matter what the issue.......it doesn't mean we should allow them to feel they are safe bulldozing us either. Time to put control freaks out of office.

Thanks

Signature

Sal
When the Roads and Paths end, learn to guide yourself through the wilderness
Beyond the Path

{{ DiscussionBoard.errors[1136465].message }}

seasoned

15 years ago

Originally Posted by locpic63

In my opinion it does not matter whether this bill passes or not. Our Government has proven that they will do what they want when they want. Ask yourself this question: How many of my rights that are in the constitution,or the bill of rights have been stripped from me? There are many!

Locpic63

You're right, but they figure this TRUMPS the constitution. This makes them BOLDER!

Thanks
2 replies

{{ DiscussionBoard.errors[1136480].message }}

Dan C. Rinnert

15 years ago

It seems to me that, so long as pinheaded bureaucrats continue to lose hard drives filled with massive amounts of data such as names and social security numbers, the government is hardly in a position to lecture the private sector on cybersecurity.

Thanks
1 reply

Signature

Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

Dan also writes content for hire, but you can't afford him anyway.

{{ DiscussionBoard.errors[1136506].message }}

seasoned

15 years ago

Originally Posted by Dan C. Rinnert

It seems to me that, so long as pinheaded bureaucrats continue to lose hard drives filled with massive amounts of data such as names and social security numbers, the government is hardly in a position to lecture the private sector on cybersecurity.

OH, they have an answer for THAT!

1. Hire LOTS of consultants!
2. Create a new certification.
3. Get colleges to offer it.
4. Pay for the tuition!
5. Hire graduates!
6. Take all this software, etc... and mandate its use.
7. Pay for much of it, etc...

Steve

Thanks

{{ DiscussionBoard.errors[1136631].message }}

Lawrh 15 years ago

This is old news, your protests should have started 5 months ago.

Here's some news sources that will keep you a little better up to date. Nothing wacky, just unfiltered.

IPS Inter Press Service

Free Internet Press :: Uncensored News For Real People

LiveLeak.com - Redefining the Media

http://www.whatreallyhappened.com/
- Thanks
Signature

â€œStrategy without action is a day-dream; action without strategy is a nightmare.â€ â€“ Old Japanese proverb -
{{ DiscussionBoard.errors[1136520].message }}

Michael Motley

15 years ago

[DELETED]

{{ DiscussionBoard.errors[1136600].message }}

seasoned

15 years ago

Originally Posted by Michael Motley

Well i saw this 'anti pollution' law they had on the books, but i know its just a ploy to try to get my hat, and then they will turn on their mind control device.

Are you ALSO afraid they will brainwash your cat into attacking you?

Thanks

{{ DiscussionBoard.errors[1136634].message }}

Michael Motley

15 years ago

No, but i'm sure those that believe this is some prelude to stripping of internet access would no doub believe it possible.

Thanks

{{ DiscussionBoard.errors[1136646].message }}

Kurt

15 years ago

I support this law. It isn't the law, it's how it is used or abused.

This is no different than the Coast Guard being able to take control of merchant ships or the FAA being able to ground all airplanes, like what happened on 911. Why didn't anyone complain about that?

And it's no different than the Gov being able to take over TV and radio during a disaster.

You are aware that terrorists are trying to attack the economy of the US and that they are constantly trying to attack banking, military, credit, medical networks and more? I'm glad my Gov is doing something to try to protect my business, as well as the security and economy of the US.

Thanks
1 reply

Signature

Discover the fastest and easiest ways to create your own valuable products.
Tons of FREE Public Domain content you can use to make your own content, PLR, digital and POD products.

{{ DiscussionBoard.errors[1136651].message }}

Paul Myers

15 years ago

Here's my post about the same legislation from the main forum:

First comment: If you're going to react based on the misleading title of the story, don't waste your time. It's not an accurate representation of the situation at all.

Second, if you don't think some sort of centralized response mechanism is necessary for responding to cyber-attacks, you are less informed than you should be on the issue. The potential vectors for attack, and the known potential targets, make this a critical activity. The question isn't "should" they do it, but rather can they do it effectively.

Third, if you haven't taken strong steps to protect your system from falling under the control of an outside party, you'd be much better off spending your time working on that than theorizing that this is some evil scheme to expand government control.

The most powerful form of brute force attacks online at the moment is the existence of large and decentralized botnets. Private computers, like the one you're using to read this, which are infected with programs that let some remote party make your system do things without your knowledge.

The scope, size and capabilities of these bot networks is constantly growing. Many of them are already sufficient to take down very large sites and legitimate networks, without external help or cooperation between controllers. They're mostly used for spamming, phishing and DDoS attacks, but that could change in a day.

The threat these tools pose is extraordinary, and cannot continue to be ignored or treated as a casual inconvenience.

Similar problems exist for hosted servers and many other systems connected to the Net. And then there are the problems associated with individual or small-group intrusions, attacks by agents of foreign governments, and the ever-present threat of an "inside job." These are all greater threats to your privacy, security and personal finances than anything the government is likely to consider, even in the case of abuse of the system.

That said, we should pay attention to this and work to keep even the smallest abuses from occurring, where possible. One does not secure freedom by changing masters.

Remember, this isn't about reading your private emails (they can already do that if they want) or controlling your actions online. It's about actual threats to real systems on which people's lives and daily activities depend. Some examples to consider:

The networks which control ATMs, credit card systems, cash transfers and other financial transactions. Let someone get even minor control or blockage on these systems, and there'd be hell to pay. You'd be the one getting the bill for it.

The telephone network, especially emergency responder systems: Take down the phone system, or just the switches involving emergency responders, in an area and you've got people dying, unnecessary property loss and random failures in response to criminal activity.

If that's co-ordinated with a serious attack of some other kind, it could be disastrous, multiplying the damage of the offline event.

The stock exchanges: Consider the potential damage if an attacker could gain control of even a small portion of the systems that control stock trading or commodities exchanges.

Transportation control systems: Air traffic controls, switching systems for subways and trains, or even something as simple as the controls for traffic lights, where those are centralized. Use your imagination.

SMS (text messaging) servers/systems: How much damage could someone do by sending ominous threats to masses of people via text messages? Or spreading false stories through the same medium? Or simply flooding the system with garbage, or stopping it entirely?

SMS is not just used by teenagers. A lot of secruity systems use it for notifications, along with companies that rely on it for employee communications.

News sites: A very simple social hack. Plant false stories simultaneously on a few of the major news sites, and you could create a panic, with the results being affected largely by the focus of the story.

These are just a few potential problems, from among the hundreds (or thousands) that could be made to happen through attacks on the virtual infrastructure. There are many that are much worse than anything I've listed here.

Just think about the number of things that can be affected or controlled by network-connected interfaces. Then consider that there are people out there already planning or developing systems to attack most of them.

The problem is already huge. It could get much bigger very quickly with the right kind of attack. And we're not anything like ready for it.

You'd be surprised at the damage that can be done by just one (1) compromised machine on a broadband connection. There are millions of such compromised machines out there, right now.

Paul

[ 4 ] Thanks
1 reply

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136785].message }}

Steven Wagenheim

15 years ago

Originally Posted by Paul Myers

Here's my post about the same legislation from the main forum:

....

You'd be surprised at the damage that can be done by just one (1) compromised machine on a broadband connection. There are millions of such compromised machines out there, right now.

Paul

Paul, I don't think anybody is arguing the fact that there are some real
dangers out there. I have already been the victim of minor attacks that,
for me, were more than a minor inconvenience.

I think what we're arguing is who is best to handle this problem.

I don't believe the government is best equipped to stop these attacks
from happening.

Could I be wrong? I guess it's possible. But right now, they don't have
my confidence, at least not as much as those whose hands this problem
is in now.

Thanks
1 reply

Signature

My Soundcloud Music Channel

{{ DiscussionBoard.errors[1136808].message }}

Paul Myers

15 years ago

Steven,

Okay. To avoid the problem of personal philosophy and non-specific principles, let's look at it from the perspective of implementation:

Look at the tiny list of possible attack vectors above. Who do you think should do it?

Who is qualified?

Paul

Thanks
2 replies

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136821].message }}

Kurt

15 years ago

Originally Posted by Paul Myers

Steven,

Okay. To avoid the problem of personal philosophy and non-specific principles, let's look at it from the perspective of implementation:

Look at the tiny list of possible attack vectors above. Who do you think should do it?

Who is qualified?

Paul

I know! I know! The US gov and military!

Thanks
1 reply

Signature

Discover the fastest and easiest ways to create your own valuable products.
Tons of FREE Public Domain content you can use to make your own content, PLR, digital and POD products.

{{ DiscussionBoard.errors[1136837].message }}

Paul Myers

15 years ago

Kurt,

I know! I know! The US gov and military!

Nope. I'm not sure it would even be legal for the military to direct it, as it would relate to an internal threat in most cases.

The government would not control the switches or the software. They would direct the people who do, based on actual threats in real-time.

Paul

Thanks
2 replies

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136847].message }}

Paul Myers

15 years ago

Steven,

I guess what I would do, if I were the government, would be to sub contract the job out to the private sector (the real pros) and keep it out of government control and influence. If something happens and we're under some kind of attack, let THEM be the ones to decide what to do and not the people in office who have an agenda. And yes, I know, everybody has an agenda. Point is, I trust the private sector to behave objectively to the "attack" more than I trust the government.

That just repeated your original objection.

Who in the private sector is equipped to co-ordinate a broadly-based attack using, for example, a botnet?

We've got some people objecting on the basis that it's government. Nothing else behind their comments. They seem not to even know how programs like this are designed or implemented. That's like saying, "All police activity is Bad, because it's a government program. Let private sector companies handle it."

We've seen plenty of examples throughout history of what happens when private companies have police power. They're not pretty.

Paul

Thanks
1 reply

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136854].message }}

Steven Wagenheim

15 years ago

Originally Posted by Paul Myers

Steven,That just repeated your original objection.

Who in the private sector is equipped to co-ordinate a broadly-based attack using, for example, a botnet?

We've got some people objecting on the basis that it's government. Nothing else behind their comments. They seem not to even know how programs like this are designed or implemented. That's like saying, "All police activity is Bad, because it's a government program. Let private sector companies handle it."

We've seen plenty of examples throughout history of what happens when private companies have police power. They're not pretty.

Paul

Off the top of my head, I don't know who that would be...but this is what
I would do IF I were in government in order to find out.

I'd research.

I'd look to see who the big players are. I'd look at their track record, how
many years they've been involved in Internet security.

I mean certainly right now, somebody has to be doing something to keep
us from getting fried or the Internet would be a ghost town by now.

After I've done my research, however long that took, THEN I would make
my decision.

There is a reason why we have 3 branches of government in our country.
So that one person doesn't have too much power. This law, IMO, will
give the President more power than I believe the constitution provided for.

And yes, I understand that 223 years ago nobody could have foreseen
the Internet and we do have unusual circumstances. Back then, it took
more than a botnet to bring down our country. I get it. But to leave this
decision in the hands of one person, IMO, is not right.

What goes next?

You start making exceptions and before you know it, we have no freedoms
left at all.

But anyway, that's what I'd do if I were the government. I'd research the
situation and find the top minds in the business.

Certainly that can't be too hard for them to do.

Thanks

Signature

My Soundcloud Music Channel

{{ DiscussionBoard.errors[1136889].message }}

Kurt

15 years ago

Originally Posted by Paul Myers

Kurt,Nope. I'm not sure it would even be legal for the military to direct it, as it would relate to an internal threat in most cases.

The government would not control the switches or the software. They would direct the people who do, based on actual threats in real-time.

Paul

Hi Paul,

Actually, you're probably right about the military, but they would be the most qualified. Still, a case could be made that the initial threat was external, and if something major goes down, I won't knit pick who should be in charge and am only concerned the BEST is in charge.

It would probably be someone like the CIA or more likely the NSA, but they are still US gov agencies, but they would over-see the backbone companies like Cisco.

Thanks
1 reply

Signature

Discover the fastest and easiest ways to create your own valuable products.
Tons of FREE Public Domain content you can use to make your own content, PLR, digital and POD products.

{{ DiscussionBoard.errors[1136866].message }}

Paul Myers

15 years ago

Kurt,

The military probably doesn't know all that much about the specific implementations of software used to run a commercial ISP. Or a public web host. And asking them, or the CIA or NSA, to run defense for investment systems is just begging for black helicopter sightings.

What principles do you use to decide who acts as the controlling responder for various types of attacks, whether internally or externally originated?

Paul

Thanks
2 replies

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136883].message }}

Paul Myers

15 years ago

Steve,

And a centralized location SOUNDS good, but there are so many problems with it.

Who said anything about a centralized location? There's nothing in any of the comments I've seen on this that describe that as a part of the idea.

As for ATMs, and the like, one would hope they have segregated that.

To some degree, they have. How does that stop attacks on those systems?

As for planting false stories, etc... you can't believe everything on the internet.

Of course. Still, look at the number of people who believe what they read in emails from random strangers. Think about how many would believe a story planted on CNN.com, NYT.com or some other major news provider's site.

Paul

Thanks
1 reply

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136896].message }}

Paul Myers

15 years ago

Steven,

But to leave this decision in the hands of one person, IMO, is not right.

What goes next?

You start making exceptions and before you know it, we have no freedoms left at all.

Ah. I see. Put a committee in charge of something that could require immediate action to prevent systemic meltdown. A bi-partisan committee, one supposes.

Just how effective do you believe that would be?

The idea that this is some slippery slope situation doesn't work. The government has no benefit to gain from taking major chunks of critical infrastructure offline gratuitously. Unless you expect a media clampdown like the one in Iran, which would be tolerated here about as well as deliberate poisoning of every dog in the country.

Paul

Thanks
1 reply

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136910].message }}

Steven Wagenheim

15 years ago

Originally Posted by Paul Myers

Steven,Ah. I see. Put a committee in charge of something that could require immediate action to prevent systemic meltdown. A bi-partisan committee, one supposes.

Just how effective do you believe that would be?

The idea that this is some slippery slope situation doesn't work. The government has no benefit to gain from taking major chunks of critical infrastructure offline gratuitously. Unless you expect a media clampdown like the one in Iran, which would be tolerated here about as well as deliberate poisoning of every dog in the country.

Paul

Bi-partisan? No. Non partisan. Completely removed from the politics of it.

Just somebody who can look at the incoming attack and objectively deal
with it.

Am I dreaming? If so, then okay. But if at all possible, that's my proposed
solution.

Ultimately, I am only one voice and the fate of this bill will be in the hands
of a lot more people than myself.

Whatever comes of it, I hope it's the right decision.

That's really all I care about.

Thanks

Signature

My Soundcloud Music Channel

{{ DiscussionBoard.errors[1136928].message }}

Kurt

15 years ago

Originally Posted by Paul Myers

Kurt,

The military probably doesn't know all that much about the specific implementations of software used to run a commercial ISP. Or a public web host. And asking them, or the CIA or NSA, to run defense for investment systems is just begging for black helicopter sightings.

What principles do you use to decide who acts as the controlling responder for various types of attacks, whether internally or externally originated?

Paul

First, I don't accept your premise that the miliatary doesn't know...I'd bet a coke that they have OFFENSIVE attack plans of their own.

And your argument against the CIA or NSA isn't real strong...Just look at this thread, any mention of gov. control fuels concern or "black helicopter sightings".

Instead of playing games and micro-debating, just give your answer and we can micro-debate your opinion.

Thanks

Signature

Discover the fastest and easiest ways to create your own valuable products.
Tons of FREE Public Domain content you can use to make your own content, PLR, digital and POD products.

{{ DiscussionBoard.errors[1136909].message }}

Steven Wagenheim

15 years ago

Originally Posted by Paul Myers

Steven,

Okay. To avoid the problem of personal philosophy and non-specific principles, let's look at it from the perspective of implementation:

Look at the tiny list of possible attack vectors above. Who do you think should do it?

Who is qualified?

Paul

That's not an easy question for me to answer. And not being a tech
wizard and not knowing who the major players are in this industry, I
really can't give an answer.

I guess what I would do, if I were the government, would be to sub
contract the job out to the private sector (the real pros) and keep it
out of government control and influence. If something happens and
we're under some kind of attack, let THEM be the ones to decide what
to do and not the people in office who have an agenda. And yes, I know,
everybody has an agenda. Point is, I trust the private sector to behave
objectively to the "attack" more than I trust the government.

So I have no problem with the government appointing somebody to
take care of this...just as long as it's not the government flipping the
switch when the time comes.

Thanks

Signature

My Soundcloud Music Channel

{{ DiscussionBoard.errors[1136841].message }}

seasoned

15 years ago

Nobody is disputing that there are threats out there. HECK, the SQL SLAMMER worm that spread several years ago ( http://en.wikipedia.org/wiki/SQL_slammer_(computer_worm) ) brought some corporate infrastructure down for WEEKS! I was at 3 companies that happened to, and they were FAR from small. Still, the stuff this bill covers wouldn't have prevented that. Wikipedia makes this sound so harmless, but it seemed to be worse than that. Then again, in theory, you would have to take them all down simultaneously, disconnect from the external network, and patch them, in order to get them up ASAP.

And a centralized location SOUNDS good, but there are so many problems with it. We are talking about the biggest network around. Besides, there is reaction time and bandwidth to consider.

The threats of inside jobs INCREASE with new consultants, etc... So their methods increase that risk! Ever see office space? ( Office Space (1999) - Plot Summary )

As for ATMs, and the like, one would hope they have segregated that. A lot of the stuff you mention predates this infrastructure, etc... I spoke with a company (I believe it was standard and poors ) once about getting stockquotes, like freerealtime, etc... would do, to get the info to deliver to users. As I recall, they DIDN'T use the internet! In any event, you had to have a special box hooked up just to get the info.

As for planting false stories, etc... you can't believe everything on the internet. Tying together a few of your concerns, there is "pump and dump" Pump and dump - Wikipedia, the free encyclopedia . That would be FAR rarer if the proper identification were mandated and enforced, and the laws were enforced. BTW wikipedia has it wrong. It happens with ALL SORTS of investments. Some BIG stocks, and gold or silver, to name a few, have ALSO been affected.

One popular thing on pump and dump is to create a reasonable scenario, and blast it on investment sites, to lead people to believe the company is far worse, or far better, than it really is, and play that move to make money.

Still, they are asking for a lot of money, it covers FAR more than simply security, etc.... Can you say OINK OINK!

Steve

Thanks

{{ DiscussionBoard.errors[1136880].message }}

Michael Motley

15 years ago

The actual maintaining of security will go to a larger tech company, like L3

Thanks
1 reply

{{ DiscussionBoard.errors[1136906].message }}

Paul Myers

15 years ago

Michael,

The actual maintaining of security will go to a larger tech company, like L3

Ummm... Not the best example.

Even if it were, this cannot be something that's centralized like that. It's not possible, desirable, or probably Constitutionally acceptable.

Paul

Thanks
2 replies

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136917].message }}

Paul Myers 15 years ago

Kurt,

The ability to destroy a thing isn't the trick that's required here. That's much easier than sustaining said thing against attack.

You're assuming I have "an Answer." I may or may not, but that's irrelevant to my point here. If people want to leap to tall conclusions in a single bound, and denounce an idea about which they have shown no understanding, I'd like to challenge them to provide their bases, and their possible ideas or at least principles for developing alternatives.

Steven W's got some of the basics in his last response to me. Useful ideas for learning, but he then jumps to a conclusion despite not having gotten the information he suggests we need to form one.

I see a lot of that in public debate, whether here or elsewhere. If you're going to lobby your legislators against "this travesty," might it not be useful to have some idea of whether it really is a travesty, why you believe so, and what might be a better alternative approach to a very real and very large and immediate threat?

You're not going to affect policy by telling the government that it has no business messing around with legitimate issues of national security.

Paul
- Thanks
- 1 reply
Signature

.
Stop by Paul's Pub - my little hangout on Facebook.
{{ DiscussionBoard.errors[1136945].message }}
- Paul Myers 15 years ago
  
  Steven,
  
  Bi-partisan? No. Non partisan. Completely removed from the politics of it.
  
  But still a committee? Do you think they can respond as quickly as people at the site?
  
  Just somebody who can look at the incoming attack and objectively deal with it.
  
  That's the tech person at the system.
  
  Problem: DDoS, using tens of thousands of machines at multiple services around the country. Small amount from each, lost in the noise. Who notices at the local level?
  
  This is not a simple question.
  
  Paul
  
  Thanks
  
  Signature
  
  .
  Stop by Paul's Pub - my little hangout on Facebook.
  
  {{ DiscussionBoard.errors[1136958].message }}

Michael Motley

15 years ago

Originally Posted by Paul Myers

Michael,Ummm... Not the best example.

Even if it were, this cannot be something that's centralized like that. It's not possible, desirable, or probably Constitutionally acceptable.

Paul

desirable takes a back seat to probable. To have that kind of control over a nationwide network, you need someone that has nationwide infrastructure and the manpower to know what to do with it.

This looks like a job for Cisco (dun dun DUUUUUUUN)

Thanks
1 reply

{{ DiscussionBoard.errors[1136948].message }}

Paul Myers

15 years ago

Michael,

desirable takes a back seat to probable. To have that kind of control over a nationwide network, you need someone that has nationwide infrastructure and the manpower to know what to do with it.

This looks like a job for Cisco (dun dun DUUUUUUUN)

Nope. No single company or entity - anywhere - can handle the tech end of this. You can have one entity in control of a bunch of cut-off switches, but that's a band-aid at best.

What principles do you folks think should drive a solution?

Paul

Thanks
1 reply

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136964].message }}

seasoned

15 years ago

Originally Posted by Paul Myers

Michael,Nope. No single company or entity - anywhere - can handle the tech end of this. You can have one entity in control of a bunch of cut-off switches, but that's a band-aid at best.

What principles do you folks think should drive a solution?

Paul

I still say that improvements to LOCAL control combined with ISP(LOCAL) control is THE answer! So it is NOT one person, but it isn't a committee either!

We are not talking about one person, or 20, but MILLIONS! Their goal is self preservation, and capitalism, NOT false acclaim or political power.

And Cisco hasn't even really put in the most basic of local overrides, let alone a universe wide one. Besides, they are BIG, but they don't really OWN the market.

ANYONE will tell you that someone AT the system can more easily control it and determine what is wrong.

Steve

Thanks
2 replies

{{ DiscussionBoard.errors[1137017].message }}

Paul Myers

15 years ago

Steve,

Local control is part of the proposal. Certified security techs, at the systems designated to be critical infrastructure.

The reporting is necessary in order to know there's an attack ongoing, in many cases. Suppose you get 20 machines at each of 1000 ISPs or local divisions thereof, all going after a single central target. None of the local systems is likely to notice the attack, as it would be a tiny, tiny portion of their total system load.

The target will notice.

If they report it, along with the originating IPs, the systems involved could be instructed to sandbox requests from the machines at those addresses to that target system.

Simple example, but it makes the point.

Paul

Thanks
1 reply

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1137037].message }}

Steven Wagenheim

15 years ago

Paul, thank you for your replies and explanation of things. I actually have
a clearer idea myself of what's involved.

You hit it when you said...

he question involved here seems to be who dictates when a response is required, and how it's shaped.

Don't you feel that somebody who is more concerned with looking after
the welfare of the Internet business community as a whole is better
equipped to make that decision than somebody who has a political agenda?

I don't want to wake up one morning and find that my business is essentially
MIA because somebody in Washington doesn't like something that's
going around politically. Yes, I am concerned with abuse of power with
our government because it has happened before. I love my country but
I also can look at things objectively. We're not always right.

I'd prefer that the person making the decisions has nothing to gain
politically one way or the other...objective...totally.

And yes, this wouldn't be handled by just one central location. There
would be a number of locations setup all over the country to handle these
threats.

I just don't want them answering to Washington because of what I have
already pointed out. Politics, sadly, is the reason why so little gets done
in this country that really makes a difference.

Thanks
1 reply

Signature

My Soundcloud Music Channel

{{ DiscussionBoard.errors[1137129].message }}

Paul Myers

15 years ago

Steven,

Don't you feel that somebody who is more concerned with looking after the welfare of the Internet business community as a whole is better equipped to make that decision than somebody who has a political agenda?

Not all decisions made by elected officials are driven by partisan political agendas, sir. And, as Gary points out, abuses would be visible and result in consequences.

I can assure you, I'd rather have someone who's sworn to look out for the interests of the citizenry making those kinds of decisions than someone who's going to decide that it's more important to keep customer support costs down than to stop an attack on a major financial institution or emergency systems network, etc.

It's very easy for an ISP to say, "It's only 30 or 40 of our customers involved. We're not going to make a difference by taking action to stop that." Let 1000 places make the same assessment...

Paul

Thanks
1 reply

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1137146].message }}

Steven Wagenheim

15 years ago

Originally Posted by Paul Myers

Steven,Not all decisions made by elected officials are driven by partisan political agendas, sir. And, as Gary points out, abuses would be visible and result in consequences.

I can assure you, I'd rather have someone who's sworn to look out for the interests of the citizenry making those kinds of decisions than someone who's going to decide that it's more important to keep customer support costs down than to stop an attack on a major financial institution or emergency systems network, etc.

It's very easy for an ISP to say, "It's only 30 or 40 of our customers involved. We're not going to make a difference by taking action to stop that." Let 1000 places make the same assessment...

Paul

I have to admit....you make a good point. I hope you're right.

For what it's worth, I don't have the best feeling about any of this.

I hope future history (is that an oxymoron?) doesn't prove me right.

Thanks

Signature

My Soundcloud Music Channel

{{ DiscussionBoard.errors[1137157].message }}

garyv

15 years ago

When I first read this, I thought "jeez I'd hate to see that kind of control in the hands of the government." My thoughts were that if there was ever an internal struggle, similar to the one in Iran, then the communications would be cut off. Then I started to think about it more. What private companies out there are suited to handle this type of emergency? And when I started coming up with company names, I realized that many of these companies have already come out of the closet politically during this last election cycle, and are leaning very hard to the left.

So unlike Iran, we for the most part have a fair election process. If we end up outsourcing Internet infrastructure control to private companies that have different political views than we do, we may never get that control back. At least if it's in the Government's control, we can hold them in check w/ the election process.

I'll admit that I'm a "right wing wacko" - and I'd hate to see a company like Google, or G.E. have any control of Internet infrastructure during a time of political crisis. GoogleTube has already been caught manipulating video view counts of opposing political view points. Could you imagine what it would be like if they teamed up w/ any administration to take over Internet infrastructure.... oh wait....

Thanks
1 reply

{{ DiscussionBoard.errors[1137098].message }}

Steven Wagenheim

15 years ago

Originally Posted by garyv

When I first read this, I thought "jeez I'd hate to see that kind of control in the hands of the government." My thoughts were that if there was ever an internal struggle, similar to the one in Iran, then the communications would be cut off. Then I started to think about it more. What private companies out there are suited to handle this type of emergency? And when I started coming up with company names, I realized that many of these companies have already come out of the closet politically during this last election cycle, and are leaning very hard to the left.

So unlike Iran, we for the most part have a fair election process. If we end up outsourcing Internet infrastructure control to private companies that have different political views than we do, we may never get that control back. At least if it's in the Government's control, we can hold them in check w/ the election process.

I'll admit that I'm a "right wing wacko" - and I'd hate to see a company like Google, or G.E. have any control of Internet infrastructure during a time of political crisis. GoogleTube has already been caught manipulating video view counts of opposing political view points. Could you imagine what it would be like if they teamed up w/ any administration to take over Internet infrastructure.... oh wait....

Which is why the people chosen would have to be chosen very carefully
to ensure that this doesn't happen.

As Paul said, this isn't an easy solution and I don't claim to have the
answers to it. If I did, I'd run for something.

Unfortunately, some of the problems facing this world (let alone the US)
are so complex that I honestly don't feel that we have the mental
capability to deal with them effectively. So we do the best we can and
hope for the best.

It isn't a method that instills a lot of confidence in me, but it's all we have.

Thanks

Signature

My Soundcloud Music Channel

{{ DiscussionBoard.errors[1137143].message }}

Michael Motley

15 years ago

Having multiple entities in control of one thing all reporting back to the government sounds like a recipe for confusion.

There needs to be one entity, so when things go wrong, there is one entity to go to. No pointing fingers, no passing the buck.

Thanks

{{ DiscussionBoard.errors[1136976].message }}

Paul Myers

15 years ago

Michael,

Having multiple entities in control of one thing all reporting back to the government sounds like a recipe for confusion.

There needs to be one entity, so when things go wrong, there is one entity to go to. No pointing fingers, no passing the buck.

There needs to be a single entity to which attacks or suspected attacks are reported, and from which instructions can be issued. The response, and the way it's handled, are the tricky parts.

Lots of possible technical responses. The question involved here seems to be who dictates when a response is required, and how it's shaped.

Paul

Thanks

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1136993].message }}

David Maschke

15 years ago

It's pretty freakin' amazing that they see they have duty to protect our cyber-security, but they won't lift one stink'n finger to protect our real borders.

The problem is the government itself is unable to protect their own systems, so they sure are not ready to protect the private sector infrastructure.

The private sector can police themselves much better.

Let's take the banking sector, for example.

Banks can hire outside consultants, who's job it would be to constantly "attack" the companies computers under controlled conditions. The consultant would then report the vulnerabilities and recommend solutions to the bank.

That way the banks computers are in a constant state of upgrade to protect against security threats.

This can be done starting tomorrow, without waiting years for the government to get their **** together. And hey, it might even create jobs in the process.

If you think the government should or will provide a solution, then you are less informed than you should be in the issue. (to swipe a phrase from Paul)

Dave

Thanks
1 reply

Signature

I

{{ DiscussionBoard.errors[1137166].message }}

Paul Myers

15 years ago

If you think the government should or will provide a solution, then you are less informed than you should be in the issue. (to swipe a phrase from Paul)

I don't see anyone in this thread saying the government should or can provide the solution at the local level. Simply questioning how the response mechanism should work when attacks are reported and a decision is made as to what needs to be done to stop them.

Paul

Thanks
2 replies

Signature

.
Stop by Paul's Pub - my little hangout on Facebook.

{{ DiscussionBoard.errors[1137199].message }}

David Maschke

15 years ago

Originally Posted by Paul Myers

I don't see anyone in this thread saying the government should or can provide the solution at the local level. Simply questioning how the response mechanism should work when attacks are reported and a decision is made as to what needs to be done to stop them.

Paul

Yes, you are absolutely right, it's not mentioned in the thread.

But it is mentioned in the article Sally posted a link to.

Companies will be required to hire people who have gone thru a federal certification program. That kind of limits who companies can hire for their security.

So yes, that is a solution on the local level.

As for the loss due to hiring security people for their systems, try hiring a more reputable company with a proven background.

Dave

Thanks

Signature

I

{{ DiscussionBoard.errors[1137225].message }}

David Maschke

15 years ago

Originally Posted by Paul Myers

I don't see anyone in this thread saying the government should or can provide the solution at the local level. Simply questioning how the response mechanism should work when attacks are reported and a decision is made as to what needs to be done to stop them.

Actually, I think someone was talking about local control in this thread...

Originally Posted by Paul Myers

Local control is part of the proposal. Certified security techs, at the systems designated to be critical infrastructure.

Thanks
1 reply

Signature

I

{{ DiscussionBoard.errors[1137419].message }}

Paul Myers 15 years ago

Actually, I think someone was talking about local control in this thread...

Precisely how is that in conflict with what I actually said?

Paul
- Thanks
- 1 reply
Signature

.
Stop by Paul's Pub - my little hangout on Facebook.
{{ DiscussionBoard.errors[1137423].message }}
- David Maschke 15 years ago
  
  Originally Posted by Paul Myers
  
  Precisely how is that in conflict with what I actually said?
  
  Paul
  
  Dog gone it! I thought I had a check mate.
  
  I stand corrected.
  
  I see now that you were talking about the proposal, not endorsing it.
  
  But I'll get you my little pretty, and your little dog too!
  (I'm just kidding about the above sentence. You know that, right?)
  
  Thanks
  
  2 replies
  
  Signature
  
  I
  
  {{ DiscussionBoard.errors[1137451].message }}
  
  Paul Myers 15 years ago
  
  Dave,
  
  But I'll get you my little pretty, and your little dog too!
  (I'm just kidding about the above sentence. You know that, right?)
  
  Yep. I also note that you got the quote almost right. The word "little" doesn't belong there, but at least you left out the dog's name.
  
  Paul
  
  Thanks
  
  Signature
  
  .
  Stop by Paul's Pub - my little hangout on Facebook.
  
  {{ DiscussionBoard.errors[1137463].message }}
  
  Paul Myers 15 years ago
  
  Dave,
  
  I see now that you were talking about the proposal, not endorsing it.
  
  Even if I had been endorsing it, that's not suggesting that the government provide the solution at the local level. Merely that they mandate it.
  
  Just sayin' ...
  
  Paul
  
  Thanks
  
  Signature
  
  .
  Stop by Paul's Pub - my little hangout on Facebook.
  
  {{ DiscussionBoard.errors[1137466].message }}

patfl

15 years ago

Americans are funny... Don't take offense of this, I live in the US by choice while I'm European.

How people in this country can trust the private sector more than their government? Government members are elected, CEOs are not.

How to get rid of bad policy makers, don't re-elect them. How to get rid of a bad CEO? You can't if shareholders want to keep him... (aka if they make money which is very different from the public interest)

My 2 cents on this matter.

Patrice

Thanks
2 replies

{{ DiscussionBoard.errors[1137173].message }}

Paul Myers 15 years ago

Steven,

There isn't any way to prevent the problems. Only to mitigate them somewhat, and keep them from becoming major interruptions.

David,

The private sector can police themselves much better.

Let's take the banking sector, for example.

Yes. Let's.

I've heard from people who work with banks on phishing that, for some of them, it's their number one cause of loss. Yes, really.

And there's the much more significant potential problem of DNS poisoning. What's a bank going to do about that on their own, sir?

Paul
- Thanks
Signature

.
Stop by Paul's Pub - my little hangout on Facebook.
{{ DiscussionBoard.errors[1137187].message }}

Michael Motley

15 years ago

Originally Posted by Patrice Le Vexier

Americans are funny... Don't take offense of this, I live in the US by choice while I'm European.

How people in this country can trust the private sector more than their government? Government members are elected, CEOs are not.

How to get rid of bad policy makers, don't re-elect them. How to get rid of a bad CEO? You can't if shareholders want to keep him... (aka if they make money which is very different from the public interest)

My 2 cents on this matter.

Patrice

Its not quite that easy to get rid of bad policy makers.

Thanks
1 reply

{{ DiscussionBoard.errors[1137448].message }}

patfl 15 years ago

Originally Posted by Michael Motley

Its not quite that easy to get rid of bad policy makers.

That's true, in my country of origin they invented a tool to get rid of bad policy makers, but time has changed
- Thanks
- 1 reply
{{ DiscussionBoard.errors[1137662].message }}
- Kay King 15 years ago
  
  I can see this working as an organized effort with a chain of responsibility that includes D.C. officials working with regional coordinators and through them, with ISPs. This would also provide some transparency after the fact.
  
  I would not trust business to make the decisions. Their profit motive will win out every time even though they will deny it again and again. It's a knee jerk reaction in the corporate world to block anything that threatens profit.
  
  A local example was 4 years ago when Katrina was approaching. In the dead center of the projected landfall the MS gaming commission delayed closing coast casinos (floating on the Gulf) until the last possible minute. This caused some employees to be unable to leave the coast in time, left visitors outside the hotel with the door locked (they had been allowed to check in a few hours earlier). The reason? State profit from gaming revenues and the profits of the casinos themselves. Every hour of delay endangered more lives but resulted in higher profit.
  
  We've seen the failure to provide safety in banking, in large lending and investment houses - it would be no different.
  
  I don't see anything wrong with providing a mechanism to "shut down" the internet in the case of a true national emergency. I do think it needs to clarified and tied to another trigger - such as state of emergency or martial law being declared.
  
  Of more concern to me is what would qualify a business as "critical" and how that might affect vetting of employees or sharing customer personal information.
  
  What I object to are attempts to rush some of these bills through without careful consideration of how they may be open to abuse or error.
  
  kay
  
  Thanks
  
  Signature
  
  Saving one dog will not change the world - but the world changes forever for that one dog
  ***
  One secret to happiness is to let every situation be
  what it is instead of what you think it should be.
  
  {{ DiscussionBoard.errors[1138455].message }}