Quantcast

Time to Put the Brakes On the Cybersecurity Act of 2009

And heed Eisenhower's famous warning

Get the WebProNews Newsletter:
[ Life]

What is essentially a federal government power grab combined with a giant money grab for industry is a real and perhaps unnecessary threat to your privacy and personal security. On top of that hole in your privacy, the Cybersecurity Act of 2009 plants a big, potentially exploitable hole on the network.

It’s hard not to think immediately of President Eisenhower’s farewell address warning of the influence of the military industrial complex when one also notices the swift path from CSIS proposal to sweeping legislation granting unprecedented power to the federal government over the Internet.

It is true that the US government’s approach to cybersecurity over the past 20 years has been relatively atrocious, and that smart people with certain expertise are needed to ward off cyber attacks from foreign as well as domestic sources. It seems appropriate also that you see organizations like the Navy, the CIA, the NSA, Oracle, Sun Microsystems, Microsoft, Cisco, GE, Verizon, et cetera et cetera et cetera ad nauseum working on the issue together.

But when the CSIS issued its report (with all of the above and more signatories) it was both jaw-dropping for the collective might behind it and appalling for the tone of demand it carried directed toward the newly elected President and Congress. If you or I had written up the same report and signed our relatively puny names to it, we’d have been laughed and pshawed out of the room for our delusions of grandeur and audacity to think we could boss the government around.

Just a few months later, there it is in Congress, giving the President the power to shut down the Internet at his discretion, and the Commerce Secretary backdoor access to all of it without the slightest bit of oversight or restriction. (These guys like lack of oversight and accountability, just ask Hank Paulson.)

Who’s to say a President couldn’t decide, with the excuse of national security and protecting of the nation’s infrastructure, to shut down the one uncontrollable information dissemination source available to the public?

Who’s to say the unfettered back door access to the entire network granted to the Commerce Secretary couldn’t itself be exploited? Who’s to say it won’t be abused (power is always abused) for any number of reasons by the federal government?

We have reason—good reason—to fear this legislation. The Electronic Frontier Foundation has been the most vocal against it, their argument very elegant: The power grab is largely unnecessary. Citing the Government Accountability Office, all the government really needs to do is bring government networks up to code with currently lacking access controls, sufficient encryption, better network management, vigilant patch installation, adequate audit procedures, and better information security programs.

The obvious need for better cybersecurity at the federal level does not necessarily include the unprecedented granting of power to the government. It especially doesn’t necessitate that a few major companies dictate how security is to be implemented. The proposed legislation would require anyone with access to the network to be licensed.

How many in your IT department are currently even certified? This legislation allows the captains of the industry to centralize and standardize everything, and to create a licensing industry similar to the Bar Association for lawyers.

And just whom do you think the government is going to contract to provide the necessary equipment, standards, licensing, and software to enable such oversight? Likely, it will be the same companies responsible for the report that led to the legislation. And that’s money, baby. Money, money, money. The military industrial complex at work.

It would be nice to dismiss all this as conspiracy theory. If so, you’d have to accuse Eisenhower of the same. But after the Pentagon’s propaganda arrangement with national television networks—which you’ll never, ever see discussed on TV—one might be considered foolish and idealistic if he wasn’t a conspiracy theorist these days.

Once you open that door and push down the conspiracy theorist stigma, once you think of Eisenhower’s warning, once you notice who benefits most in payment of money and power, once you look at the history of the abuse of the national narrative, you start noticing other things that in past seemed like benign coincidence.

The Wall Street Journal’s report about Chinese cyberspies dropping nefarious digi-bombs on the nation’s electrical grids just a week after the Cybersecurity Act of 2009 is introduced, for instance. Oracle’s purchase of Sun in another instance. Microsoft’s new “more trusted Internet” PR campaign in another. Perhaps interesting as well is ISP spying immunity, broadband caps, tiering, deep packet inspection, and network management.

How about a dirty half-dozen RIAA heavy-hitter lawyers in the Department of Justice? An international copyright treaty suppressed for national security reasons? Think strict network (content) management of the Internet might be beneficial to both government and certain industries?

Yeah, you just might be right.

Time to Put the Brakes On the Cybersecurity Act of 2009
Top Rated White Papers and Resources
  • http://www.vipdistinct.com Lifestyle Management

    What I don’t understand is why the President is allowed to shut down a privately owned and non governmental network? If I want to connect to servers across the US or globe then I should not have to ask the government for access that would be communistic – look a China.

    • Joseph

      Hey JAY-SON!!!!!!

      Its me Joe,

      I would like to know the answer to the above comment as well, could you amplify on that?

      I mean if “I” or a company was to set up servers and then sell access (kinda like aol back in the day with dial up), would they make us shut that down?

      Could we soon see “Private Internet Networks” or is that outlawed?

      • Jason Lee Miller

        as we say in Ky…

        the legislation doesn’t outlaw private networks or any other such “communistic” thing.

        It simply gives the President the power to declare any part of the network “critical infrastructure” if he sees fit and to shut down access in the event of a national security emergency. The intent here is to protect networks operating electricity, water, street lights, etc. from cyber attacks…that part is good, and we need that type of protection as hackers are always at the gate, especially from China and Russia

        However…it also depends on how much you trust any particular president. Personally, I’d trust Obama not to abuse this power (I think), but would I have trusted Bush and Cheney? Absolutely not. You may not trust Obama, and you have that right. The point is, this is unprecedented power and it should not be granted lightly or without some kind of oversight.

        In this instance the commerce secretary, too, gets access to any part of the network without any type of oversight, which I think is a rotten idea, just like Hank Paulson wanted no oversight when introduced TARP…the whole point of a democratic gov’t is that the gov’t is accountable to the people, right?

        So, Joe, in answer to your question, would they make you shut down your servers? Only if they were deemed a security risk to a more important part of the network…the problem is the Pres or the Com Sec could declare them that for pretty much any reason and no one would be able to question them about it…and yeah, that’s a bit totalitarian in that sense

  • Alex Biro

    I am and in full agreement I a feel this needs to be stopped! The problem is that I am having trouble recruiting even some of my fellow IT people to the cause.

    http://www.facebook.com/home.php#/group.php?gid=70563278559&ref=mf

  • Guest

    Amazing…only 4 comments…people are fkn asleep!

  • http://www.wsop2009.net WSOP 2009

    as always a very well written piece Jason

  • Guest

    sweet