Tuesday, October 20, 2009

S.773 Cybersecurity Act of 2009

From Open Congress.org:

This is comprehensive legislation designed to address our nation's vulnerabilities to cyber crime, global cyber espionage, and cyber attacks. It would establish a new Cybersecurity Advisory Panel within the White House and stream-line the cybersecurity effort through all levels of government. The bill also calls on the Department of Commerce to establish and maintain a clearinghouse on information related to cybsecurity threat and vulnerability information to public and private infrastructure deemed "critical" by the President. The Secretary of Commerce would be given access to this information "without regard to any provision of law, regulation, rule, or policy restricting such access." The bill would also give the President new authority to "declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network." [read more]
This legislation is sponsored by Senator John Rockefeller. Cybersecurity is major concern. Chinese civilians on May 4, 2001 crashed the whitehouse.gov site by doing a distributed denial-of-service attack (DDoS). The US intelligence community thought it was the Chinese gov't doing this but it wasn't. It was actually Chinese teenagers doing this for patriotic reasons. The Chinese gov't did not order this done but it did not discourage this behavior either.

If the President Bush's Homeland Security Act made critics nervous I wonder what they think of this bill. On the Open Congress site only 3% supported the bill.

Shutting down a major portion of the internet seems like overkill to me. Something has to be done, but that? Maybe recognizing and blocking DoS attacks would be better. Yes, recognizing malicious attacks like this is tricky but not impossible. Also, gov't sites should use firewalls, anti-virus pgms, and have hard to guess passwords on their websites too. Gov't sites are notoriously bad about internet security.

Posted by Andy at 10:14 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)