Senate Trying To Slip Internet Kill Switch Past Us

sanermind writes "Sensing Senators don't have the stomach to try and pass a stand-alone bill in broad daylight that would give the President the power to shut down the Internet in a national emergency, the Senate is considering attaching the Internet Kill Switch bill as a rider to other legislation that would have bi-partisan support."

Governmental Fail

[LostCluster]

CNN a few years ago ran a special were they told the story of a possible an IT attack and had former government officials try to figure out how to save the day.

The story was that people had downloaded a March Madness smartphone app that delivered scores and such in March, but now its April and it's sending out large amounts data, and making useless calls, that's overwhelming the cellular networks and running up people's bills. Round two was that this unknown data was actually waking up a bot net, and now the Internet's overloaded. Round 3... an explosion at a power station has downed power on the East Coast. However, nobody knows where the problem is to fix it, because their smartphones are dead and so is the Internet and phone systems.

The governmental instinctive reaction is to shut it all down... but you don't need to shut down the Internet, this could have been solved in round one by asking Apple, Google, even Cydia and the other responsible app stores to kill the app. What is needed is a granular control (that the app stores already have) to say when an app is causing trouble, we'll pull it off the smartphones that have it. If there's a server running a botnet, kill it, not the entire Internet.

The panel lost the game, and was punished with a postgame interview by Wolf Blitzer.

This is why

[KillaGouge]

This is why we need to switch to a one thing per bill way of doing things. So many things are added to bills to try and hide stuff. Why does the government need to hide information from it's citizens. We need to get everybody in Washington out, and start fresh, but lets do it right, and not use "second ammendment rights" like the crazy tea-party wants.

The internet is the only thread...

[Darkness404]

The internet is the only thread uniting mankind to the point where a conventional war won't happen easily. Of course, this isn't going to stop nukes or wars in third world countries, but the internet allows people of the country that "we're" bombing to communicate back to us so people push pressure on the government.

Imagine if Iraq or Afghanistan had common internet access, something tells me we wouldn't invade because public opinion would be very much against it. The internet lets you break down all the previous things that held countries in conflict, language, culture, and reporting hindrances no longer exist to countries with internet access.

Re:Governmental Fail

[Darkness404]

Round 1.

Don't design fucking critical infrastructure to communicate with the internet. Life support, power plants, hospitals, water treatment plants can use very secure computers and use local networking. BUT DON'T PUT THEM ON THE FUCKING INTERNET.

Round 2.

Don't consolidate the internet into a monopoly or duopoly. Yeah, some major thing might kill AT&T, but T-Mobile, Verizon and Sprint should still be active. Its a lot harder to "destroy" the internet when everything is spread out.

Round 3.

Take steps to protect yourself from DoS attacks.

Re:This is why

[MrEricSir]

I think he's saying we shouldn't "use" the second amendment to kill every member of congress, not that we should overturn it.

Truly sad...

[forkfail]

... that the nation that provided the infrastructure for the twitter based reports during the Iran uprisings now wants to make absolutely sure that sort of news can't get out, should things go truly bad here.

Re:Governmental Fail

[Darkness404]

Um, yes its called sneakernet and it can be 100% confidential. It has insanely high bandwidth, but a bit of latency issues.

If you want to update programs in your power plant, do it with physical media or take in a laptop and sync it that way.

Re:Whats the freakin point meatman

[Anonymous Coward]

When it's time to violate Posse Comitatus [wikipedia.org]

Rider bills

[Antony T Curtis]

The ability to attach unrelated rider bills to other bills is nonsense and should not be allowed.

I would vote for anyone who would fight to end that nonsense. Unfortunately, I have no voice as I am a legal alien in America and therefore cannot vote. It seems that politicians only want to listen to voters: US citizens and undocumented aliens, apparently.

I was thinking of having protest signs printed with the words "No taxation without representation" at the last election but I doubt if anyone would get the reference.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Riders

[Darkness404]

Because the politicians in the US don't give a fuck about ethics, legality, etc. and most people don't either. Our constitution has been shitted on just about every election year with people actually promising in their election ads to tear down pillars of human rights when it comes to "undesirable" people ("terrorists", illegal aliens, "sex" offenders, etc)

But here in the US we have a 2 party system with no real differences between them other than on a few "hot" meaningless issues. For example, should the words "Under God" be on our currency? Despite the fact we have no real debate on actually reforming our currency to be backed by anything. Debates on whether abortion should be legal all the while few debates on privacy issues, etc.

Until we either have an awakening of the masses, or an electoral system like proportional voting, it will remain this way.

Re:Governmental Fail

[Anon-Admin]

LostCluster, you have false assumption in your argument. You start with the assumption that the ability "Internet Kill Switch" is being called for based on the reason they stated. We all know that the reason stated by the government has little to do with the real reason.

Re:Who cares?

[Anonymous Coward]

I care because they want to mandate technical support to make this easy. My problem with it is actually a security one - this will be another complication with a lot of leverage, and it could easily be a weak point - making much easier the kind of problem they are trying to avoid. To whit: it's stupid.

Obligatory Simpsons Quote

[wbav]

"I've said it before and I'll say it again: Democracy simply doesn't work"
-Kent Brockman [wikia.com]

Re:The internet is the only thread...

[DerekLyons]

but the internet allows people of the country that "we're" bombing to communicate back to us so people push pressure on the government.

Or, it allows the people "we're" bombing to craft a careful astroturf campaign designed to appeal to the prejudices of some portion of 'our' fellow citizens so that they then rage on Twitter, Facebook, Slashdot, etc... etc... The effects on the government are questionable at best because that 'some portion' of 'our fellow citizens' are deluded as to the actual effectiveness of said 'rage' and notably incompetent at questioning the validity and value of information that matches their prejudices.
 

Imagine if Iraq or Afghanistan had common internet access, something tells me we wouldn't invade because public opinion would be very much against it.

Which is a consequence of our current system of government by soundbite and opinion poll, not a consequence of the existence of the 'net.

Re:The internet is the only thread...

[Anonymous Coward]

Iraq had widespread Internet access before the invasion, you ignorant twat. Global public opinion was absolutely against it, even public opinion the United States was evenly divided after a year-long scare campaign. Fat lot of good that did.

Re:This is why

[KillaGouge]

That is what I was saying. We shouldn't have to resort to violence to change our government like our forefathers had too. We need to educate voters and seek to get the language of all proposed bills to be simpler, as well as posting in full the contents of bills at least 2 weeks before they are set to be voted on, so people can tell their reps how they want them to vote.

Re:A poison pill?

[Dorkmaster Flek]

I never understood why in the hell this is possible in the first place. What good can possibly come from being able to attach rider legislation to a completely and utterly unrelated bill? This kind of thing happens all the time, and mostly after all the politicians have read the bill and voted on it. This is just such a broken process, it's unbelievable.

November's Coming

[BJ_Covert_Action]

The November Congressional Elections are just around the corner. If you are tired of the collective douchebaggery and antics of our elected politicians, then campaign, vigorously, in your local community to vote for anyone other than interest-sponsored Democrats and Republicans. Every time politics come up for discussion around my community, I flame both parties equally. Until we convince the rest of the voter base the both party's candidates are corrupt, pandering, unhelpful morons, these kinds of disingenuous shenanigans will continue to run our country.

We, the citizens of the United States, can't take back control of our government until we collectively declare, in a very clear manner, "Enough is enough!"

Re:Governmental Fail

[zach_the_lizard]

You missed the other rule: Don't run Windows on your critical infrastructure computers! That's why we had the cascade failure at Black Mesa; all that sorrow would have been avoided had Gordon simply shown them how to install a hardened *NIX derivative.

Re:Lieberman said.. what?

[Un pobre guey]

This sounds like the squawking of a moron with no clue on national TV

I agree that it sounds like a moron squawking, but it isn't. Political corruption closely resembles ignorance and stupidity. When demonstrably intelligent public officials say moronic things in public, that my friend is a huge red flag.

Re:This is why

[zach_the_lizard]

Now I haven't followed the whole tea party protests very closely, but I believe they haven't resorted to killing politicians. Unless you mean that one group from the 18th century....

Re:A poison pill?

[Bodhammer]

This is just such a corrupt process , it's unbelievable.
There, see how I fixed that for you...

Re:Governmental Fail

[cdrguru]

Sorry, but the Internet is the cheapest and most effective way of implementing any sort of WAN today. The idea of having your own fiber is gone - there is no point to it and the companies that were offering it have stopped. I don't think you can buy a dedicated fiber connection from New York to Chicago today at any price. Packet-switched on existing fiber? Sure, you can get that. It's called the Internet.

Re:This is why

[nschubach]

You do know the Tea Party doesn't want to kill everyone, right? Or are you trying to put up some false ad hominem attack on the whole group for some reason? What did they do to you that you didn't hear on the maniacal news networks?

Maybe it's the excessive non-violent petitioning they've been doing. Maybe it's the fact that they are actually out holding up petition signs instead of pointing guns at people. I don't know what it is about their protests that make me think your statement is totally baseless.

Re:Isn't the Kill Switch the actual threat?

[GiveBenADollar]

You miss the point. There is NO actual threat. If an individual system is connected to the Internet and controls critical things then it is the problem. The trumped threat here is about the same as the Y2K claims. Sure a few systems might crash, but we won't have nuclear weapons launching and power plants exploding. The ability to shut down the Internet, or parts of it, is not about an actual threat, it's about control. Both sides of the political aisle see the Internet as an uncontrolled medium for freedom of speech, and on both sides there are those that see it as something that must be controlled. I used to be strongly for public decency standards on the internet, such as preventing porn from getting to minors, but now I've come to realize that you have to get the good with the bad or just the bad because those that play by the rules are the only one's subjected to the rules.

Re:This is why

[KillaGouge]

I know that they do not want to kill everybody. They are, however, some of the most useless people in America. Their honesty about how they want the media to only report their stories how they want them to be reported. Yes we need to take back our country, instead of letting it be for the big corporations, but we need to be civilized, and educated about it. Maybe if they actually had ideas, rather than catch phrases everybody wouldn't automatically assume they are stupid.

Nuke the economy

[Necron69]

I honestly fail to see how any kind of "cyberwar" could do more damage than "shutting down" the Internet. Exactly how do these morons in Washington think most business is conducted these days? Do they really believe that we could all easily go back to doing business solely by phone, catalog order and the USPS?

You might as well label the kill switch with "Subtract 90% from GDP!".

Sheesh....

Necron69

Re:Governmental Fail

[Stradivarius]

There is no perfectly secure approach if any communication into the power plant systems is required. (Getting data out you could do securely by radio transmission, but data in is problematic).

But I would argue it's easier to secure that laptop than to protect an online control system.

First, the laptop need not be connected 24/7 - you can connect it only for brief periods to the Internet (i.e. only while downloading the laptop's regular software/AV patches and whatever data you need to transfer to the power plant). That reduces the exposure considerably.

Second, in this scenario it is impossible for the control system to communicate directly with a potential attacker. Any attacker instructions would have to go through the laptop sneakernet. This is more difficult to make work for the attacker. It also places a latency penalty on attacks. That enables things like auditing the laptop before it's allowed to connect to the control system, thus giving the defenders a chance at discovering the attack before it can do any harm. You can't do that if the control system is on the Internet.

Third, even when on the Internet, a laptop is not easily identifiable as a piece of critical infrastructure to an attacker who has infiltrated your corporate network from the Internet. A power company LAN may have many, many PCs and laptops. It has far fewer routers, such as those used to control access to the control systems. Forcing the attacker to find the needle in the haystack (which may even be offline at the time) adds some level of security.

Being offline gives you a far better chance against attacks than being online. It's just inconvenient and more costly. Since the utilities face little market or governmental pressure to be secure, cheap and convenient wins over security.

Re:This is why

[Monchanger]

And you conveniently ignore the fact that the right was not granted for individual determination, but as a collective decision. Insane is a perfectly fine way of describing someone who thinks they have the sole capacity and right to choose for the rest of the nation. You are only partially right about revolution is that it is violent, but it is not about assassination. The problem with King George was never looked at in such a way, and the founders would abhor you uncivilized and brutish notion.

On a personal note, if you think I've no taste for violence, I'd be more than happy to school you on the truth. It's a myth that liberals are sissier than you throwbacks, we just don't need it to settle an argument.

Re:Skip the rest and go to round 3.

[tophermeyer]

and last time I checked it didn't require a whole gang of workers to get out the long insulated pole and flip the fuse back in place.

Never worked with Union workers then? Sounds like you'd need at least 5 guys for that job. A pole extender, a fuse flipper, two signalmen to control traffic, and a supervisor to make sure everyone's looking busy.

Re:Isn't the Kill Switch the actual threat?

[mellon]

Actually, it's not the same as Y2K claims, because Y2K claims were credible. This supposed threat is not at all credible. Only someone who has no technical understanding of how networking works would think that having a kill switch for the Internet could help in some way. What a kill switch for the internet does is provide a handy switch for an attacker to throw that will shut down the entire country.

On the plus side, there's a good chance that after the switch is installed, its first use will be by a black hat trying to cause economic havoc, not by the government. The outcry following this attack will result in its removal.

Re:November's Coming

[david_thornley]

What you're accomplishing, if anything, is turning people away from interest in their government, making it even more susceptible to special interests. We can't take back control of our government (if we ever had it more than we do now) until we collectively get interested and involved. At that point, our representatives will have to pay attention to what we want and need, be they Democrat or Republican or other.

To have any positive effect, you need to be for something, not against something. In politics, you really can't beat somebody by running nobody against him or her (minor exception for Ashcroft's Senate bid, yeah). Pick a minor party if you like, but support somebody.

Re:Governmental Fail

[LostCluster]

We can even extend our "intranet" to remote (non-local) locations through the use of virtual private networks, or VPNs.

A VIRTUAL Private Network pretends that you're on the same LAN by opening an encrypted conversation that travels over THE INTERNET. You seem to have that confused with a true Private Network.

Re:Governmental Fail

[LostCluster]

You're defending from the wrong threat. There was no IT attack on the power grid, there were conventional bombs along the power grid which is usually a simple problem to solve, but nobody knew where it happened because the government had activated the kill switches on public communication.

Downing the entire Internet just makes a bad situation worse.

Re:Governmental Fail

[Bitmanhome]

No, Black Mesa was sabotage. I know we love to blame Windows for these sorts of things, but that event was carefully implemented by an organization we have yet to meet.

Re:Governmental Fail

[omglolbah]

Yup, but then you get management at central locations -demanding- to have access to realtime data from various plants.

The budget does not allow for dedicated links so a compromise is chosen... Heavily firewalled tunnels, but over the public internet.

Then a few years later, someone in management demands more functionality... Like being able to remotely do troubleshooting at the plant to save money on travel... This is implemented, throwing away the "Read Only" nature of the old system... again the internet is chosen as a transport as it is the only viable solution within the budget...

Suddenly, you have a theoretical way in from the internet to a gas plant responsible for moving 143 million Sm3 natural gas to Europe....
If you know the layout of the software you can easily shut down the whole plant..

It is all about money.... Technical solutions are all fine and good, but in the end the management that picks the solution is responsible, and they more often than not look at money :(