Obama to pull plug on internet? (Full Version)

All Forums >> [General] >> Current Events >> Kings - Prime Ministers - Presidents



Message

DaveW -> Obama to pull plug on internet? (11/3/2009 11:34:38 AM)

Senate Bill Would Give President Obama Authority to Pull the Plug on Your Internet

CNET News has obtained a summary of a proposal from Senators Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) that would create an Office of the National Cybersecurity Advisor, part of the Executive Office of the President. That office would receive the power to disconnect, if it believes they're at risk of a cyberattack, "critical" computer networks from the Internet.

“I regard this as a profoundly and deeply troubling problem to which we are not paying much attention," Rockefeller said at a hearing, referring to cybersecurity.

Senate bill 773 (The Cybersecurity Act of 2009) is causing a flurry of opposition from groups like Campaign for Liberty, which has sent out letters to their members appealing for them to take action against passage of this bill, stating:

“If the ‘Internet Takeover Bill’ passes, Barack Obama can silence his dissenters directly -- by ordering a shutdown of all Americans’ access to the Internet. But that’s not all. Even outside of periods of White House-declared ‘emergency,’ this bill mandates that private-sector networks only be managed by government-licensed cybersecurity professionals.”

rest of article HERE



GroupW -> RE: Obama to pull plug on internet? (11/3/2009 11:59:54 AM)

I think the article may be factually incorrect on some points. The actual bill would allow the president to "declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network"

First - it's a legitimate concern that needs to be addressed. Currently, internet-related components are a key component of our national infrastructure - power grids, internal US government operations, etc. - and have proven themselves on a few occasions to be vulnerable to hacking.

A system needs to be more than "at risk" - it needs to actually have been compromised.

Second - This bill would not allow a shut down of all private internet access - only security-critical components of government networks, government contractors (but only critical components), and critical infrastructure components (e.g. power grid controls.)

Third - The last quote is indeed factually inaccurate. It would not apply to any private network and couldn't be used to shut down "all Americans' access to the internet." That would be a gross distortion of the actual language. The actual bill asks for certification only for government and government-critical networks. Makes sense to me - like you want any old yahoo in charge of security-critical infrastructure?

Below is the language regarding licensing (the key words being "critical infrastructure".)

SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.

(a) IN GENERAL- Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals.

(b) MANDATORY LICENSING- Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program



GroupW -> RE: Obama to pull plug on internet? (11/3/2009 12:12:38 PM)

Just reading through the rest of the bill, there's probably a bit of cleanup work to do on the drafting. For the most part, it looks reasonably sound. While the President would have authority to disconnect critical infrastructure systems, the President also has to map those systems and identify them to Congress periodically. I think that offers substantial protection here, though it probably deserves to be tightened up a bit on the verbage.



GroupW -> RE: Obama to pull plug on internet? (11/3/2009 12:22:12 PM)

Some parts have been redrafted since the version I looked at. Language is better but still needs work.

"The President [...] in the event of an immediate threat [...] may declare a cybersecurity emergency; and may, if the President finds it necessary for the national defense and security, and in coordination with relevant industry sectors, direct the national response to the cyber threat and the timely restoration of the affected critical infrastructure information system or network;"



wing2000 -> RE: Obama to pull plug on internet? (11/3/2009 2:01:37 PM)

quote:

First - it's a legitimate concern that needs to be addressed. Currently, internet-related components are a key component of our national infrastructure - power grids, internal US government operations, etc. - and have proven themselves on a few occasions to be vulnerable to hacking.


Agreed.


He could do our nation a real favor and pull the plug on Television : )



benelchi -> RE: Obama to pull plug on internet? (11/3/2009 2:23:24 PM)

quote:

ORIGINAL: GroupW

I think the article may be factually incorrect on some points. The actual bill would allow the president to "declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network"

First - it's a legitimate concern that needs to be addressed. Currently, internet-related components are a key component of our national infrastructure - power grids, internal US government operations, etc. - and have proven themselves on a few occasions to be vulnerable to hacking.

A system needs to be more than "at risk" - it needs to actually have been compromised.

Second - This bill would not allow a shut down of all private internet access - only security-critical components of government networks, government contractors (but only critical components), and critical infrastructure components (e.g. power grid controls.)

Third - The last quote is indeed factually inaccurate. It would not apply to any private network and couldn't be used to shut down "all Americans' access to the internet." That would be a gross distortion of the actual language. The actual bill asks for certification only for government and government-critical networks. Makes sense to me - like you want any old yahoo in charge of security-critical infrastructure?

Below is the language regarding licensing (the key words being "critical infrastructure".)

SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.

(a) IN GENERAL- Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals.

(b) MANDATORY LICENSING- Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program



Did you know that there are only about a dozen peering points on the Internet where the big Tier one and Tier two providers interconnect their networks? These peering points would count as "security-critical components" and most today reside in guarded highly secure locations i.e. with armed guards and concrete reinforced buildings. Because almost all traffic on the Internet passes through one of these points, a shutdown of these facilities would nearly disconnect all Americans from the Internet i.e. they would only be able to access the parts of the Internet that were directly connected to the networks to which they themselves are connected i.e. AT&T customers would only be able to access other AT&T customers, etc... Additionally because of the adoption of route registries (like RADB) alternative routing would be nearly impossible to setup because route filtering based on these registries would prevent the distribution of alternative routes. This kind of power really would allow the government to, in essence, shutdown the Internet; the question is whether or not we trust the government with that kind of power.



GroupW -> RE: Obama to pull plug on internet? (11/3/2009 2:27:37 PM)

Interesting. Sounds like all the more reason to address the security issues that presents which I imagine must be legion



benelchi -> RE: Obama to pull plug on internet? (11/3/2009 2:37:38 PM)

quote:

ORIGINAL: GroupW

Interesting. Sounds like all the more reason to address the security issues that presents which I imagine must be legion



Most of these facilities now reside in highly secure, unmarked, buildings. Both physical and network security are taken very seriously because of the sensitivity these facilities present to the infrastructure of the Internet. However, how would one protect these facilities from a shutdown cause by the abuse of governmental power?



GroupW -> RE: Obama to pull plug on internet? (11/3/2009 2:52:48 PM)

One question - is it really accurate that there are only a very few peeriing points? While the geographic scope of those points is down to 8-10 locations or so (like Seattle), there is more than one actual point within that location.

Other question - China is having severe troubles keeping twitter our. Something tells me shutting down the whole internet would be extremely challenging.

I asked our IT guy here - he has strong doubts this would be possible. His belief is that there are more actual peering points even at the Tier 1 level than ever before.

And then, in a pinch, there's always dial up to an overseas network.

Generally speaking, while the verbage here needs to be tweaked, it is addressing a significant issue - one that the Congress and both the current and previous administrations have been battling on. Namely, that the government does indeed have a vested interest in making sure that critical infrastructure is protected. The battle being fought now orbits around where that control resides. There are those who say Congress and those like Joe Lieberman who think that the executive branch is the only one in a position to make sure that it's done in a cohesive manner.

And, since this is not my area of expertise, I'm going to have to let someone else carry on. I'm beyond my knowledge base here.

BT



benelchi -> RE: Obama to pull plug on internet? (11/3/2009 3:23:20 PM)

quote:

ORIGINAL: GroupW

One question - is it really accurate that there are only a very few peeriing points? While the geographic scope of those points is down to 8-10 locations or so (like Seattle), there is more than one actual point within that location.


Actually these big peering points are single facilities i.e. one with cages for each providers equipment. Doing this allows multiple providers to peer with each other without encuring the cost of extremely high speed (multi Gigibit) WANS.

quote:


Other question - China is having severe troubles keeping twitter our. Something tells me shutting down the whole internet would be extremely challenging.


It is much harder to keep a single protocol from traversing the Internet i.e. because there is so many different ways to seek it through, than it is to simply shutdown all traffic. If there is a connection, I can probably get my data through regardless of the security precautions taken. For example, sometimes highly sensitive data is encrypted and then encoded into "family photos" and identifying encrypted data in a photo is very difficult (and beyond the ability of any firewall).


quote:


I asked our IT guy here - he has strong doubts this would be possible. His belief is that there are more actual peering points even at the Tier 1 level than ever before.


Does he understand BGP and route registries?


quote:


And then, in a pinch, there's always dial up to an overseas network.


No government can cut off every method of passing information, and this is one of the ways to get around such a problem; however, it is extremely limited and beyond the capabilities of most of the population. Believe it or not, one of the most reliable methods for getting information in and out of a WAR zone has been Morris code over HAM radio. This is because Morris code is nearly impossible to jam with radio jamming equipment used by the military. You are correct, no one will ever be able to completely shutdown the Internet or every other method of communication, but they really can shut down so much that it because difficult for the average person to use it as a reliable method of communications.

quote:


Generally speaking, while the verbage here needs to be tweaked, it is addressing a significant issue - one that the Congress and both the current and previous administrations have been battling on. Namely, that the government does indeed have a vested interest in making sure that critical infrastructure is protected. The battle being fought now orbits around where that control resides. There are those who say Congress and those like Joe Lieberman who think that the executive branch is the only one in a position to make sure that it's done in a cohesive manner.


I think it needs to be completely reworked!



GroupW -> RE: Obama to pull plug on internet? (11/3/2009 3:38:39 PM)

Yes, our IT guy understands BGP and route registries very well. However, I don't have the faintest clue. Given the number of times I've busted other people for speaking beyond their expertise, I really need to just shut up now, as I have reached the full limit of my abilities on the topic.

Yes, I think the proposed bill needs a good going over. I'm not even sure I myself am in favor of it carte blanche. There are aspects to it though that are probably worthwhile, some worthy of debate, and probably a few worthy of going someplace dark never to be seen again. The only way in our system to get that debate going is to introduce a bill. Unfortunately, that also entails getting a lot of less than perfectly accurate info spread all over the net.

As near as I can tell, the bill doesn't involve any powers that aren't currently accorded to the FCC or the DHS. Now, it would also be fair to debate whether or not those powers are legitimate and healthy. My own initial opinion is that the Bush adminstration overstepped its bounds fairly substantially in this area, and that the current administration hasn't backed away from that stance in any material fashion as of yet, which I find irksome.

As long as the debate on that continues in a fair and accurate manner, I'm not sure I have strong opinions yet either direction, which as you probably know by now is very unusual for me.[:D]



Lapidoth -> RE: Obama to pull plug on internet? (11/5/2009 2:58:58 PM)

Can we call this the Patriot Act II?



Page: [1]



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI