Welcome login | signup
Language en es fr
OccupyForum

Forum Post: Executive Order On Cybersecurity Planned By White House

Posted 1 year ago on Sept. 24, 2012, 11:43 p.m. EST by richardkentgates (3269) from Fort Walton Beach, FL
This content is user submitted and not an official statement

Source

SAN FRANCISCO (Reuters) - The White House is preparing to direct federal agencies to develop voluntary cybersecurity guidelines for owners of power, water and other critical infrastructure facilities, according to people who said they had seen recent drafts of an executive order.

The prospective order would give the agencies 90 days to propose new regulations and create a new cybersecurity council at the Department of Homeland Security with representatives from the Defense Department, Justice Department, Director of National Intelligence and the Department of Commerce, a former government cyber-security official told Reuters.

"It tells those who have the ability to regulate to go forth and do so," said the person, who is currently outside the government and spoke on condition of anonymity in order to preserve access to government officials.

The draft executive order includes elements of what had been the leading cybersecurity overhaul bill in the Senate, which was defeated this summer amid opposition from industries opposed to increased regulation.

Senate Homeland Security Committee Chairman Joe Lieberman, an independent and one of the principal authors of that bill, on Monday urged the White House to issue such an order.

"The Department of Homeland Security has clear authority, if directed by you, to conduct risk assessments of critical infrastructure, identify those systems or assets that are most vulnerable to cyber attack and issue voluntary standards for those critical systems or assets to maintain adequate cybersecurity," Lieberman wrote to President Barack Obama.

The document has been circulating among the agencies and might go to top officials for their comments as soon as this week, another person involved in the process said.

A spokeswoman for the administration's National Security Council, Caitlin Hayden, confirmed that an order was being considered but would not provide details. "We're not commenting on the elements," Hayden said.

PUBLIC-PRIVATE COOPERATION

Former White House cybersecurity policy coordinator Howard Schmidt said the proposed order would also ask DHS to confer with independent agencies, such as electric regulators and others that don't answer to the president, to see who would take responsibility on cybersecurity.

The hope, said Schmidt, who has seen a recent draft, is that if those agencies won't let DHS act they would do it themselves, as the Securities and Exchange Commission did in October when it issued guidance on when companies should disclose cyber attacks.

The Commerce Department and the Pentagon declined to comment. Spokespeople for Lieberman and for Senator John Rockefeller, another Democratic leader on the issue who has asked for an executive order, said their offices had not been given copies of the draft.

Cybersecurity has become a major issue in Congress and for the White House, with intelligence officials warning of constant exploration of protected computer systems by hackers and both past incursions and the likelihood of more damaging future attacks on electric plants, banks and stock exchanges.

As of two weeks ago, the planned order did not include any penalties for companies that fail to adhere to the standards. or rewards for those who do. "There are no carrots or sticks," one person with a recent copy said.

If the order emerges before the election in November, it could become an issue in the campaign. Leading Republicans faulted the Lieberman bill as too onerous. The U.S. Chamber of Commerce, which also criticized that bill, declined to comment on Monday on the merits of a prospective order.

But Lieberman said his bill had been watered down in pursuit of a compromise and asked in his letter Monday that Obama explore means for making the standards mandatory.

Both Lieberman and administration officials have said they will still seek legislation, which could go further in many ways. It might, for example, provide liability protection for companies that share information with government officials or that meet the standards but still get hacked.


My Comments

I'm not interested in the police state argument here although it does apply as it's DHS that is being charged with managing the regulation so this EO goes far beyond a typical add-on of a simple bureaucratic office. This EO does however, in addition to the police state argument, adds regulations that stifle small up-starts and the self employed.

The article states that initially there will be no fines or fees for non-compliance but we've seen this slippery slope before and when the fees do materialize, the hype will be gone and businesses will silently pay the cost. Those that cannot will give way to large corporations that can, furthering the corporate takeover of the internet in this case. Could Mark Zuckerberg have created facebook with thousands of dollars worth of fees and lawyer costs to even understand his legal liability for his social network? The answer is no, there would be no facebook and probably no myspace or twitter.

It's pretty well understood on this forum that I'm what the 1% call the little people, aka poor. This is my golden ticket http://mcms.richardkentgates.com Just finished it a few days ago. I started work on it shortly after I found this forum almost a year ago. This EO and any of the proposed legislation to do with cyber security that has thus far been offered, is a threat to the success of my social mobility because of red-tape roadblocks and potential fees and/or additional operating costs. I cook for a living, I just ain't got the extra money.

It is also in this example where you can see both Republicans and Democrats as creating potential problems and solutions for me on this issue.

56 Comments

56 Comments


Read the Rules
[-] 2 points by MattLHolck (16833) from San Diego, CA 1 year ago

power plants ran fine before computers

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

an astute observation.

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

A modern power plant can't operate without computers any more than a modern bank can. And a modern power grid can't operate without computers any more than the Internet can.

The issue here is that contrary to popular American belief, the US does not possess an overall strategic advantage in a cyber war. That's because in a cyber war, it's very easy to attack. But defense is nearly impossible. The US is one of the four most-dominant nations in the world in terms of offensive cyber attack capability. But because the US is more dependent on computers and computer networks than any of our potential adversaries, we are the most vulnerable. Strategically, we stand to lose the most from cyber war. Cyber war creates a new opportunity for a whole new kind of asymmetrical warfare against an empire, which is not a good thing for the United States.

In addition to that problem, cyber attacks are fundamentally different from traditional kinetic military attacks because it can be virtually impossible to conclusively identify the attacker. The largest cyber attack in the history of the planet was aimed at the US for years and we still only assume that we know who did it. We can't be sure. When Russia paralyzed the entire country of Estonia with a cyber attack that shut down banks and mobile phones and media web sites and connections to the outside world for days, we only found out for certain that Russia did it when they admitted that they did it. To this day, nobody knows for certain which country (countries?) attacked Iran with the Stuxnet worm.

The reason why this is relevant is that if the US were to be hit with a cyber attack and we were to respond with a traditional kinetic military attack, then we might retaliate against the wrong opponent. China could hit us with a false-flag cyber attack that's designed to look like it came from Russia, we could respond with missile attacks against Russian infrastructure, and the result could be a very kinetic WWIII between three nuclear-armed nations. Unfortunately, a key policy decision by the Obama Administration was that the US might respond to a cyber attack with a kinetic military attack, over the objections of cyber warfare experts like Richard Clarke.

We can't capture the genie and stuff it back into the bottle. It's way too late for that. So because we're the most vulnerable target on Earth and because every attacker has everything to gain and little to lose from attacking us, enhancing cyber security for critical national infrastructure is a crucial national security issue.

[-] 1 points by MattLHolck (16833) from San Diego, CA 1 year ago

A modern power plant can't operate without computers any more than a modern bank can. And a modern power grid can't operate without computers any more than the Internet can.

that's not true

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

That is a truly fascinating rebuttal. Would you care to elaborate on that?

Here's my response:

Since the early 21st century, opportunities to take advantages of improvements in electronic communication technology to resolve the limitations and costs of the electrical grid have become apparent. Technological limitations on metering no longer force peak power prices to be averaged out and passed on to all consumers equally. In parallel, growing concerns over environmental damage from fossil-fired power stations has led to a desire to use large amounts of renewable energy. Dominant forms such as wind power and solar power are highly variable, and so the need for more sophisticated control systems became apparent, to facilitate the connection of sources to the otherwise highly controllable grid. Power from photovoltaic cells (and to a lesser extent wind turbines) has also, significantly, called into question the imperative for large, centralised power stations. The rapidly falling costs point to a major change from the centralised grid topology to one that is highly distributed, with power being both generated and consumed right at the limits of the grid. Finally, growing concern over terrorist attack in some countries has led to calls for a more robust energy grid that is less dependent on centralised power stations that were perceived to be potential attack targets.[4]

Origin of the term "smart grid"

The term smart grid has been in use since at least 2005, when it appeared in the article "Toward A Smart Grid" by Amin and Wollenberg.[5] The term had been used previously and may date as far back as 1998. There are many smart grid definitions, some functional, some technological, and some benefits-oriented. A common element to most definitions is the application of digital processing and communications to the power grid, making data flow and information management central to the smart grid. Various capabilities result from the deeply integrated use of digital technology with power grids, and integration of the new grid information flows into utility processes and systems is one of the key issues in the design of smart grids. Electric utilities now find themselves making three classes of transformations: improvement of infrastructure, called the strong grid in China; addition of the digital layer, which is the essence of the smart grid; and business process transformation, necessary to capitalize on the investments in smart technology. Much of the modernization work that has been going on in electric grid modernization, especially substation and distribution automation, is now included in the general concept of the smart grid, but additional capabilities are evolving as well.

Early technological innovations

Smart grid technologies have emerged from earlier attempts at using electronic control, metering, and monitoring. In the 1980s, Automatic meter reading was used for monitoring loads from large customers, and evolved into the Advanced Metering Infrastructure of the 1990s, whose meters could store how electricity was used at different times of the day.[6] Smart meters add continuous communications so that monitoring can be done in real time, and can be used as a gateway to demand response-aware devices and "smart sockets" in the home. Early forms of such Demand side management technologies were dynamic demand aware devices that passively sensed the load on the grid by monitoring changes in the power supply frequency. Devices such as industrial and domestic air conditioners, refrigerators and heaters adjusted their duty cycle to avoid activation during times the grid was suffering a peak condition. Beginning in 2000, Italy's Telegestore Project was the first to network large numbers (27 million) of homes using such smart meters connected via low bandwidth power line communication.[7] Recent projects use Broadband over Power Line (BPL) communications, or wireless technologies such as mesh networking that is advocated as providing more reliable connections to disparate devices in the home as well as supporting metering of other utilities such as gas and water[citation needed].

Monitoring and synchronization of wide area networks were revolutionized in the early 1990s when the Bonneville Power Administration expanded its smart grid research with prototype sensors that are capable of very rapid analysis of anomalies in electricity quality over very large geographic areas. The culmination of this work was the first operational Wide Area Measurement System (WAMS) in 2000.[8] Other countries are rapidly integrating this technology — China will have a comprehensive national WAMS system when its current 5-year economic plan is complete in 2012[9]

http://en.wikipedia.org/wiki/Smart_grid

[-] 3 points by MattLHolck (16833) from San Diego, CA 1 year ago

no. elaboration is often used to obfuscate

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

This is a bit of a distraction from the topic of cyber security regulations because power grids are just one example of critical national infrastructure. During Russia's cyber attack on Estonia in 2007, they successfully crippled banks, web media, newspapers, broadcast media, government ministries, and phone networks.

Arguing for a return to some kind of agrarian or Luddite society that doesn't depend on computers for all of those things is futile. You can't stuff the genie back into the bottle. The United States is the most computer-dependent and network-dependent nation in the world, and is therefore the most vulnerable. Which is very alarming, considering how easy it is to attack but how difficult it is to defend.

[-] 2 points by MattLHolck (16833) from San Diego, CA 1 year ago

I thought we talking about power plants

[-] -1 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

...in the context of cyber security for critical national infrastructure. But the argument that you can't stuff the genie back in the bottle applies specifically to power plants as well. We are dependent on computers and networks and that's irreversible.

[-] 2 points by MattLHolck (16833) from San Diego, CA 1 year ago

the knowledge to build networks can be propagated in independent laboratories

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

Yes, that's where networking technology tends to come from. Your point?

[-] 1 points by MattLHolck (16833) from San Diego, CA 1 year ago

i was making a correction when a post

falsely declared the power grid was in danger of a cyber attack

don''t care for liars

[Removed]

[-] 1 points by stevebol (1268) from Milwaukee, WI 1 year ago

"Electric plants, banks and stock exchanges". Whatever. How much is my electric bill going to go up? That's all I want to know.

[-] 1 points by MattLHolck (16833) from San Diego, CA 1 year ago

as much as they can get away with without causing too much outrage

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

I'm a little confused about why it is that you think that cyber security regulations would affect your content management system?

[-] 1 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

I'm one of those people. And that was not an answer to my question.

My question was: why does Richard think that his blogging software would be considered critical national infrastructure? And what kind of regulation does he fear that would cost him so much money that he couldn't run a small business like that on the Internet?

[-] 2 points by ZenDog (20423) from South Burlington, VT 1 year ago

he was probably focused on this salient paragraph and chose to provide full context:

.

The draft executive order includes elements of what had been the leading cybersecurity overhaul bill in the Senate, which was defeated this summer amid opposition from industries opposed to increased regulation.

. . . .

If the order emerges before the election in November, it could become an issue in the campaign. Leading Republicans [sic] faulted the Lieberman bill as too onerous. The U.S. Chamber of Commerce, which also criticized that bill, declined to comment on Monday on the merits of a prospective order.

.

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

Yes, I can read, thank you. But I still don't understand why Richard would think that his content management system would ever be classified as critical national infrastructure.

I happen to have an professional interest in this. One hour and 33 minutes of my life tonight was consumed by responding to a DDoS attack. The fifth so far this month against that server cluster. But I'm not concerned about cyber security regulations creating significant additional costs for my company and I really don't think that Richard needs to worry about it either.

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

But I still don't understand why Richard would think that his content management system would ever be classified as critical national infrastructure.

All the EO does is give regulating authority to DHS. There is nothing to limit what those regulations are or who they pertain to. The "critical national infrastructure" is only a selling point, on of those "included but not limited to". The concept is pretty simple and since you're a self proclaimed Republican you should be used to hearing it, "unwarranted expansion of government". Aside from spending, the term also applies to regulation, the EPA targeting is a recent example. You can plug your ears if you like but you and I both know the examples of expanding regulation killing off small biz is a long long list.

[-] -1 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

Can you provide an example of the kind of regulation that you're worried would affect you?

Did it cost you a lot of money to comply with COPPA, for example?

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

That was targeted regulation with specific language in the legislation. This EO gives no such details and instead places the authority of such decisions in the hand of DHS. The justice department may enforce COPPA but they are not the evolving authors of it. Can you really not separate details or are you just hoping to raise the burden of proof and justification for my concerns until I can no longer decipher or articulate them? ...because the latter isn't going to come to fruition on this topic.

[-] -1 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

So your answer is no. You can't give me an example of the kind of regulation that you're imagining that would affect you.

[-] 2 points by ZenDog (20423) from South Burlington, VT 1 year ago

So now you are in favor of regulation. Have you always been in favor of regulation? or were you in favor of regulation before you opposed regulation? or did you oppose regulation before you came to favor it?

Can we identify a theme behind your regulatory renaissance? Perhaps you favor one kind of regulation over some other kind of regulation, while some regulation not at all?

Ahhh, perhaps you prefer the regulatory authority best left for Sunday tradion?

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

lol, that was a pretty good call-out. ^

[-] 1 points by ZenDog (20423) from South Burlington, VT 1 year ago

thanks - I know the back and forth between junkie and myself has at least in one instance been a sore spot for you - I hesitated to bring it here, but when I read the two paragraphs on lobbying contained in your post I couldn't resist.

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

As you know, I base everything on the quality of the argument. I only hold grudges against users who make no argument but rather chose to party bait.

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

Your "GOTCHA" that you're imagining that you posted seems to be based on the idea that you think that I'm against "regulation". Which apparently you assume because you think that all Republicans oppose all regulation? Do you think that Republicans oppose speed limits? Building codes?

[-] 2 points by ZenDog (20423) from South Burlington, VT 1 year ago

LoL!

I just thought it was funny to see you contort like a fool

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

Contort? You assume that I oppose all regulations because you know that I'm a Republican? And so when I'm in favor of building codes or speed limits or cyber security regulations for nuclear power plants, then you think that you've uncovered hypocrisy? Is that what's going on here? When have I ever said anything about being opposed to all government regulation?

You have an image of a laissez-faire, free-market-fetishist Tea Partier in your mind and you're gloating because you think that you've found a contradiction. But there is no contradiction.

I notice that you have no input whatsoever into the topic of cyber security regulations. You're totally preoccupied with your prejudice and unable to even participate in the conversation at hand. YET AGAIN.

[-] 2 points by MattLHolck (16833) from San Diego, CA 1 year ago

on regulation

if hand outs were ever free, I would not have to say a lie to the bureaucracy

[-] 2 points by ZenDog (20423) from South Burlington, VT 1 year ago

No, I don't actually have any input into Richard's topic. That is true.

And No, I don't believe you are the average Tea Bagger . . . not at all.

I do believe you are a professional propagandist - but I could, possibly, be wrong about that. I think it's likely less than 25% that I am.

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

So you admit that you had a knee-jerk reaction to the word "regulation" and you didn't even bother to think about the topic at hand.

I sometimes suspect that you're a professional propagandist also, because if the Koch brothers or the Rothschilds or the Bavarian Illuminati or somebody really were going to pay psy-ops agents to infiltrate this web site and disrupt it to ensure that it will never amount to anything, then I have to think that those agents would behave exactly like you do.

[-] 2 points by ZenDog (20423) from South Burlington, VT 1 year ago

Do you think that there should be government regulations that require that nuclear power plant control rooms should not be connected to the Internet for security reasons?

I've driven a lot of rust buckets. I think any facility producing electricity from nuclear fuel that:

  1. demonstrates a state of disrepair like has been seen at Vt Yankee

or

  1. is run by an operator with such a track record of deceit as Entergy

should be decommissioned - and I think these issues are of more immediate concern than the cyber threat.

that said - if a company operating a nuclear facility needs to be told they can't hook their critical reactor controls and safety systems to the internet - then they clearly are not qualified to operate a nuclear reactor.

[-] 1 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

Apparently they do need to be told, yes. That's the point here. I agree with you on both points. Did you happen to read the Richard Clarke quote that I posted above on this page?

[-] 2 points by ZenDog (20423) from South Burlington, VT 1 year ago
[-] 1 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

You have completely derailed every single conversation that I have ever attempted to engage in with you, diverting the discussion from the topic at hand to ad-hominem attacks. Even though most of the time I'm trying as hard as possible to agree with you and find common ground.

Do you think that there should be government regulations that require that nuclear power plant control rooms should not be connected to the Internet for security reasons?

[-] 2 points by MattLHolck (16833) from San Diego, CA 1 year ago

just reminded me of something I was thinking about

[-] 2 points by ZenDog (20423) from South Burlington, VT 1 year ago

No - I did in fact read the topic at hand - and I debated with myself about whether to intrude into Richards topic with our little tiff

[-] 0 points by MattLHolck (16833) from San Diego, CA 1 year ago

duh

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

What tiff? I've been trying to agree with you as hard as possible. The only thing that I consistently reject is your blanket prejudice against all Republicans and the entire ideological right in general.

Congratulations for devolving yet another thread into idiotic partisan squabbling. Your determination to derail every single conversation on this site is why I said that if this site really were worth having somebody finance its infiltration with psy-ops agents intent on obstructing progress, then they would behave exactly like you.

Do you think that the government should require that the control rooms in nuclear power plants NOT be connected to the Internet? What's your opinion on that?

[-] 1 points by ZenDog (20423) from South Burlington, VT 1 year ago

[Removed]

[-] -1 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

Are you hinting at calling me a religious nut now? And you seem to be assuming for some reason that I'm a laissez-faire, free-market Tea Partier? Which has nothing at all to do with cyber security regulations. Are you capable of any sort of non-ad-hominem contribution to any conversation on this site? Do you think that your behavior is productive?

[-] 2 points by ZenDog (20423) from South Burlington, VT 1 year ago

It was simply an observation followed with a question. Several of them to be precise . . .

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

An observation. What observation led you to believe that I'm a religious nut?

Actually, never mind, nothing good can come from that. You're determined to turn this into yet another ad-hominem diversion instead of discussing the topic at hand. How do you feel about cyber security regulations? Have you ever been hit with a cyber attack? You've got the CTO of a cloud-based SaaS company who has been hit five times this month and countless times this year with cyber attacks who is trying to provide some input into a conversation about cyber security regulations, and yet you're totally preoccupied with positioning me as your ideological enemy and accusing me of being a religious nut and/or a social conservative, which has nothing at all to do with the topic at hand. (And I'm not even a Christian!) Your behavior would be known as "trolling" on any other web forum, but on this site your behavior is considered acceptable for some reason.

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

You obviously don't actually own or run any business. Thx for bumping the thread anyway.

[-] 1 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

Because I don't think that blogging software would ever be considered critical national infrastructure?

I want to know what kind of regulation you're afraid of?

You don't think that there should be regulations that, for example, require that the control room in a nuclear power plant not be connected to the Internet?

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

I've already explained this part you you and now you're running in circles. Place my first name in your company website and give me the link, otherwise we're done. I'm not going to waste my time on a fraud who just wants to stir the pot and not actually discus the topics of the threads.

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

Read my comments in this thread. I've been discussing cyber security regulations here all day.

What I'm asking you is: what kind of regulation do you imagine would apply to your content management software?

I also asked you a very serious and very pertinent question that is the topic of this thread: do you not think that there should be security regulations on things like the control rooms at nuclear power plants?

I sent you a link to my LinkedIn profile via private message and I'm asking you politely to not share that publicly on this forum. I've always treated you with respect and you have always treated me with respect and I hope that you can honor that.

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

The EO hands all decisions about who and how to regulate over to DHS. DHS in it's short time has a long abuse record already. Because they would be given such authority over the language of the regulation, it is almost a grantee that regulations will reach far beyond infrastructure. Power grids are not explicit in the proposed EO, it's a selling point, nothing more and nothing less. Regulations that I see coming down the road from this EO or other legislation on the matter are things like mandatory certifications that make profit for private testing and permits by the state or federal gov to work as a developer that will also cost more money. I have addressed these concerns in my initial comments in the OP (maybe you missed it). Again, placing it in the hands of DHS with no specific guidelines leaves it open-ended. DHS and the justice dept are there to enforce the law and should never be given the authority to create law, complete conflict of interest and bypasses the checks and balances of our democracy.

If infrastructure is really the issue, they should be running and intranet instead. Secondly, the US gov use SQL in all branches, which is the biggest pile of hole riddled shit on the web. 97% of hacks use basic SQL injections yet the federal government continues to take this flawed path and cry wolf when the obvious risk become a reality.

http://news.techworld.com/security/3331283/barclays-97-percent-of-data-breaches-still-due-to-sql-injection/

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

So you're afraid that the Department of Homeland Security is going to make it illegal for you to deploy a web application without getting state certification? Like Bar Association membership for attorneys? ANY web application?

That seems exceedingly unlikely and I don't think that any of this is a threat to your upward mobility. Unless you plan to pursue government contracts. But those are already full of red tape and mandatory certifications.

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

Unlikely? Once DHS has open-ended ability to regulate, things like this will be the justification to begin expanding beyond the selling point of infrastructure, and it only needs to pass as an excuse to the public because they won't need our democracy to approve their actions.

I'm sure 15 years ago it seemed unlikely that our government could kill american citizens by assassination without any approval beyond the president's word, but what is likely and unlikely seems to change with the times.

There is no real need to regulate the internet for infrastructure security considering the ease with which the gov could deploy a secure intranet via encryption and government satellites already in orbit. But like I said, it's not the real focus, it's just a selling point to scare the public into acceptance.

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

There is no need to regulate infrastructure security because the government can just create their own secure network? What about truly critical infrastructure that isn't government-owned? Did you read the quote that I posted up higher on this page from Richard Clarke about power plant control rooms? Requiring air gaps in scenarios like that seems like very reasonable and necessary regulation to me.

Because there is such a fuzzy line between doing web software development and not doing web software development, I can't imagine how a federal certification requirement for software developers could ever possibly work. Are you "programming" when you use IFTTT? What about if you use Tropo to make an answering machine? If using one of those services to trigger actions in the future is "programming" then are you "programming" when you set an alarm on your iPhone to wake you up the next day? How about if you tell Siri to remind you about something when you get home? Are you "programming" when you play with Aniomagic toys? Where do you draw the line? It's impossibly fuzzy and indistinct.

And it also seems infeasible because of the diversity of the software field. How could the government certify a developer who uses bleeding-edge tools like Haskell Cloud or CoffeeScript? Software disciplines don't fit into neat little boxes and so standardization and regulation seems impossible either politically or logistically.

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago

Really? You're a tech junkie and you can't understand how regulations of the internet could impact independent or freelance web developers? I can't see you as owning the business you've made claim to so many times. In fact, I can't see you as even managing any sort of business at all. I certainly wouldn't hire you for IT.

[-] 0 points by TechJunkie (3029) from Miami Beach, FL 1 year ago

What I'm curious about is why you think that an independent or freelance web developer's work would ever be classified as critical national infrastructure.

(I'm the CTO of a cloud-based SaaS company that was hit by a DDoS cyber attack for an hour and a half tonight, for background.)

[-] 1 points by richardkentgates (3269) from Fort Walton Beach, FL 1 year ago