To condition us for the latest military-intelligence intrusion in the Internet, the CIA claimed that the power grids of cities around the world - naming them could endanger national security - by unknown hackers - naming them could endanger national security - were rudely shut down - details could endanger national security. Now that our hair is turning white and we are praying for guidance from SAIC, roll out the hard-sell of a Rumsfeldian cyber-infrastructure for social control:
" ... A report by Declan McCullagh at CNet [mentions] the widespread similarities in the plan to the failed 2003 Bush administration "National Strategy to Secure Cyberspace." The rhetoric in the two reports is so close it may be time to call out the plagiarism squad ... "
Also see: "Cybersecurity Plan to Boost IT Firms, But Doubts Persist," a spun CNBC Business report that lists firms likely to profit from the program. - AC
Skepticism and Disappointment in Many Reactions to Cybersecurity Plan
PC Magazine (Excerpt)
June 2, 2009
Negative reactions are coming in to President Obama's cybersecurity proposals. The reasons vary, but many are arguing that the proposals resemble earlier, less publicized efforts from the Bush administration. ...
Quoted on Popsci.com, George Smith, a senior fellow at Globalsecurity.org, said "it's set up to look remarkable, but it's only remarkable because it has an urban legend at the center of it." Smith isn't the only observer questioning the CIA claim about an Internet-based attack that caused a multi-city blackout. Where and when was this attack? Details aren't available. ...
Another downbeat perspective comes from Gartner's John Pescatore: the report is long on collecting statistics about security incidents, short on resources for preventing and dealing with them.
It is basically a strategy for investing in more forest fire lookout towers vs reducing the likelihood and impact of wildfires. Good for the agency that keeps wildfire statistics, good for the people who sell forest fire monitoring technology and services - bad for the forest critters and the people who live in houses near forests.
I remember, after an Obama campaign speech on technology issues at Purdue University last July, reading Gene Spafford's enthusiastic reaction. Obama identified Spafford, a professor of computer science at Purdue, as "one of the nation's leading experts in cyber security." Spafford was impressed with Obama's understanding of technology and the problems of security, and thought it important that Obama understood these things better than Bush or McCain.
After last week's news Spafford was much less upbeat. First, he notes that the Coordinator position is much less authoritative than the position Obama promised in the campaign. The proposed position, Spafford says, is really just a cheerleader for security. Spafford says rumors are spreading that several have already been offered and have turned down the position of Cybersecurity Coordinator because of this lack of authority. He would be in a position to know.
Spafford has several other criticisms. One that rings true with me is:
... there was absolutely no mention made of bolstering our law enforcement community efforts. We already have laws in place and mechanisms that could be deployed if we simply had the resources and will to deploy them. No mention was made at all about anything active such as this -- all the focus was on defensive measures.
I'm sure we all ask this question from time to time: Surely all this cyber crime is illegal, so why don't the authorities just do something about it? It's because it's not easy or cheap to do. You might think the cybersecurity plan might be a place to approach this with new assistance to law enforcement, but as Spafford notes, this isn't what the plan is about.
Spafford also links agreeingly to a report by Declan McCullagh at CNet which notes the widespread similarities in the plan to the failed 2003 Bush administration "National Strategy to Secure Cyberspace." The rhetoric in the two reports is so close it may be time to call out the plagiarism squad, even in areas like privacy and civil rights protection which conventional wisdom gives entirely to the Obama effort.
At this point it's hard to be optimistic that the cybersecurity situation will improve as a result of this campaign. All signs point to business as usual and a continuation of the approach of the prior administration, campaign rhetoric notwithstanding. I had some optimism left in me after my initial analysis, but what I've read so far has beat it out of me. At least some still have the faith: Techworld quoted James Lewis, senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, a Washington, D.C., think tank as saying "I practically wept with joy when the president said that cybersecurity would be a strategic national asset."