Cybersecurity Act of 2009: What You Should Know

Submitted by shelly (not verified) on September 2, 2009 - 3:28pm

Steven Allen Adams interviewed me for an article in the Examiner - read it here. It includes reaction from Rockefeller's office. A good read ;)

Read the draft of the revised Cybersecurity Act bill (S 773) here

Here's an exerpt of my interview in the Examiner:

Shelly Roche is the CTO of BreakTheMatrix, the founder of Plenticulture, a frequent contributor to Freedom Watch with Judge Andrew Napolitano on FoxNews.com, and writes for her own blog at ByteStyle. In an email, Roche said that S.773 puts private companies at great risk.

“It is true that they couldn't actually shut down the internet in its entirety - all they can do is block traffic to/from certain networks. But the issue here is that they shouldn't have the authority to shut down ANY private internet traffic,” said Roche. “Private companies have every incentive to keep their network security tight. If they don't, they'll go out of business. Government interference will only reduce security and add unwarranted burdens to businesses during a recession.”

Tice said that anyone saying the bill gives the president power to pull the plug on private internet access is wrong.

“To be very clear, the Rockefeller-Snowe bill will not empower a government shut down or takeover of the internet and any suggestion otherwise is misleading and false,” stated Tice. “The purpose of this language is to clarify how the President directs the public-private response to a crisis, secure our economy and safeguard our financial networks, protect the American people, their privacy and civil liberties, and coordinate the government’s response.”

Roche's concerns center around the unclear language in the bill. Currently the government has no plans in regards to cybersecurity, and the position of cybersecurity coordinator is empty.

“From an IT perspective, the more decentralized the control is, the more difficult it is to hack,” explains Roche. “If common practices are forced on private companies via a federal certification program, hackers will have a road map that, once deconstructed, could unlock every compliant network. Since there are no specifics provided in the bill regarding these certifications, it's difficult to comment on the likely outcome, but passing ambiguously-worded legislation only opens the door for misinterpretation, rushed "solutions" that would decrease security, or abuse in the future.”

The certification program called for in the Cybersecurity Act is also a problem for Roche, who believes that the free market should be able to determine who is and who is not qualified to handle cybersecurity issues.

“Some of the brightest minds and best innovations within the tech industry have come from people without college degrees or certifications,” states Roche. “Will the next generation of such individuals be forced out of the cybersecurity industry if they don't fit the government's definition of who is qualified to manage a secure network? Security in the private sector is arguably far more advanced and robust than in the government sector. Why would we force private networks to adhere to what would likely be one-size-fits-all standards that would be cumbersome, inappropriate and ineffective?”

More of our freedoms are under attack, this time through s. 773 - The Cybersecurity Act of 2009,

First introduced by Senators Rockefeller and Snowe in April 2009, this bill aims to improve security for critical technology systems within government AND private sectors.

In actuality, all this bill would do is vastly expand government's control by granting the President the authority to "declare a cybersecurity emergency" relating to "nongovernmental" networks and "direct the national response to the cyber threat." (Section 201)

This bill fits an alarming trend of legislation that vastly expands the role and power of government, while doing absolutely nothing to address the root cause of the problem.

As security expert Bruce Schneier points out, the true causes of government cyber-insecurity include insufficient access controls, a lack of encryption where necessary, poor network management, failure to install patches, inadequate audit procedures, and incomplete or ineffective information security programs.

The Cybersecurity Act does nothing to address these BASIC 'computer hygeine' issues, and instead, poses a serious threat to our personal freedom & privacy.

The revised version also creates a Federal certification program for cybersecurity professionals. This certification would be mandatory for certain systems and networks within the private sector.

So, essentially, we're giving the people with the worst technology track record full authority and control over our critical technical assets. Government consistently gets failing grades when it comes to cybersecurity, yet this bill would look to them to define standards and certify who's qualified to manage private technology networks!?

Another example of the "logic" behind this bill:
The executive branch would be given 180 days to "implement" a "comprehensive national cybersecurity strategy" and 90 days to develop a plan to implement a "dashboard pilot project," even though its mandatory legal review wouldn't be complete for a year.

So, er, why bother mandating a review if it's not going to be used to create the comprehensive plan? And is it really *comprehensive* if there's no review?

* * * * *

You know the drill - do your own research, then call and email your reps urging them to oppose this bill and start standing up for our freedom. It's up to us to protect our rapidly-eroding freedoms, so please share this video with your friends and help spread the word.

Learn more about the original bill here (not much of this has changed):

Resources:
A summary of this week's articles & opinions related to the bill
http://www.opencongress.org/bill/111-s773/show
http://www.govtrack.us/congress/bill.xpd?bill=s111-773

Contact your reps:
http://www.congress.org/congressorg/officials/congress

Contact your reps and local newspapers:
http://www.usalone.net/cgi-bin/oen.cgi?qnum=7499

Get your ad in front of 150,000+ viewers/month AND help support ByteStyle.tv! Check out our sponsorship & advertising options

Brought to you by:

Shelly, glad to see you

Submitted by Daniel Castro (not verified) on October 16, 2009 - 2:35pm.

Shelly, glad to see you following up on this issue. Agree that the bill is still ambiguous in places and has not changed substantially from its earlier draft. I just wrote a piece on the national certification proposed for all cybersecurity professionals. The second draft of the bill extends this requirement even further. This proposal, while sounding helpful, will offer few benefits, introduce burdensome costs to the government and the private sector, and not address the root cause of most cybersecurity vulnerabilities.

I've done a write-up of the weaknesses here if you are interested: http://itif.org/files/WM-2009-05-certification.pdf

Dear Shelly, I so very much

Submitted by Grannie Annie (not verified) on September 5, 2009 - 3:45am.

Dear Shelly,

I so very much appreciate your law/politics updates. I was horrified to see you comment that some male perp wants a BJ from you. You are so savvy and articulate I am confident that a low comment like that will not deter you from your path of researching the TRUTH and that you will continue meating out the TRUTH for all of the deadheads in our country.

Please understand there are laws of physics, God's Laws of Nature, that the only reason we in the United States are in the circumstances that we are facing right now domestically and foreign is because government can only ever be the reflection of the total collective conscienceness of the total population of our country.

We, since 1913, have been cheated, lied to, horn-swoggled, hood-winked and stolen from for 100 years, A CENTURY! And yet until WE become honest, and I MEAN honest with ourselves and our family's and our neighbors WE WILL NOT be free within the Republic that our founding fathers fought for, gave up their fortunes for, died for and passed on to us "if we could keep it" until WE are honest and truthful. Then, when we are honst, and ONLY then, will we be FREE.

The current and past governments are liars and cheats and reflect back to us what WE have allowed ourselves to be. Drug addicts, low-self esteem whimpering addicts to gurus and self-help seminars the list goes on.

Until WE THE CITIZENS OF THE UNITED STATES OF AMERICA take care of ourselves, then our families, then our communty, then our counties, then our states, then our country, then and ONLY then may we have the strength and finances to take care of our world.

Bless you woman, keep up your health, your strength and your research. You are doing a GREAT service.

Warm regards,

Grannie Annie

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.