Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Security The Internet The Military United States Your Rights Online

House Overwhelmingly Passes Cybersecurity Bill 170

eldavojohn writes "The Caucus, a NY Times Blog, is reporting on the overwhelming majority vote (422 yeas) the House gave a new cybersecurity bill. The Cybersecurity Enhancement Act, H.R. 4061 has a number of interesting provisions. Representative Michael Arcuri, a Democrat of New York who sponsored the bill called cybersecurity the 'Manhattan Project of our generation' and estimated the US needs 500 to 1,000 more 'cyber warriors' every year in order to keep up with potential enemies. The new bill 'authorizes one single entity, the director of the National Institute of Standards and Technology, to represent the government in negotiations over international standards and orders the White House office of technology to convene a cybersecurity university-industry task force to guide the direction of future research.'"
This discussion has been archived. No new comments can be posted.

House Overwhelmingly Passes Cybersecurity Bill

Comments Filter:
  • I wonder (Score:5, Insightful)

    by jwinster ( 1620555 ) on Thursday February 04, 2010 @02:02PM (#31025418)
    Since this new body is designed to "represent the government in negotiations," I wonder if there's any relation to the ACTA treaty currently discussed behind closed doors.
    • Re:I wonder (Score:4, Insightful)

      by coinreturn ( 617535 ) on Thursday February 04, 2010 @02:08PM (#31025480)

      Since this new body is designed to "represent the government in negotiations," I wonder if there's any relation to the ACTA treaty currently discussed behind closed doors.

      I don't wonder at all.

    • Re:I wonder (Score:5, Insightful)

      by girlintraining ( 1395911 ) on Thursday February 04, 2010 @02:15PM (#31025560)

      You don't have to wonder. This is one of the final moves being put in place to distance themselves from public controversy. They're expressly putting treaty powers into the hands of someone who isn't an elected official. When it finally blows open, they'll conduct an investigation, which will be tied up in committee for years. The investigation will continue until it drops off the media radar and people forget about it. In the meantime, no direct criticism can be made of ACTA -- because the investigation hasn't resolved. It's a standard PR move, and it's been done before. If the public demands blood, they'll pin it on the scapegoat -- "We Were Misled" will be the headline. But the treaty will remain.

      This is how bureauacracy deals with things they know will become controversial: They elect a fall guy, and then create a web of deceit to blunt the minds of their critics and hopefully dissipate entirely any demands for their power to be reduced. And most of the time, it works.

      • Re: (Score:1, Informative)

        by Anonymous Coward

        You don't have to wonder. It has nothing to do with ACTA. Really. Read the bill. It's S&T driven: research, education, and having somebody there when standards setting bodies meet.

        You're dreaming if you think that State Dept. listens to NIST. Or that this bill would pass the House without going before Foreign relations committee if it had that kind of reach.

        • Re: (Score:2, Interesting)

          It has nothing to do with ACTA. Really. Read the bill. It's S&T driven: research, education, and having somebody there when standards setting bodies meet.

          The internet has been a thorn in the side of every government since it's creation -- it's a place where people can organize against the government, conduct tax-free business, and freely and anonymously congregate. The only 'standards' the governments of the world are interested in, are ones that allow them a greater degree of control over it.

          Do you really think they give a damn about whether it runs on IPv4, or IPv6, or whether DNS is secure or not?

        • Re: (Score:2, Informative)

          by FatherDale ( 1535743 )
          The State Dept DOES listen to NIST, and was the first federal agency to adopt the NIST SP800 series as the primary guidance for information security issues. State also made up 100% of the panel that built the CAP certification, and built it mainly on SP 800-37.
      • Treaties are really awful, they are the big loophole in the constitution by which tyranny can be introduced.

        http://www.jpands.org/hacienda/article4.html [jpands.org]

        Article VI, paragraph 2 actually stipulates on the issue: "...all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution [of any State] or Laws of any State to the Contrary notwithstanding. [Emphasis added.]"

    • Re:I wonder (Score:5, Informative)

      by Tekfactory ( 937086 ) on Thursday February 04, 2010 @03:27PM (#31026418) Homepage

      NIST isn't a new entity, they are the US Government's standards body, they are part of the Dept of Commerce, and write all kinds of standards the government has to use.

      So when the government directs their standards body to take part in standards negotiations on their behalf, there is no conspiracy there.

      Take a look at some of what NIST does

      http://www.nist.gov/index.html [nist.gov]
      http://www.nist.gov/public_affairs/orgchart.htm [nist.gov]

      Also note that like IEEE all of their Technology Special Publications go through public comment periods.

      http://csrc.nist.gov/publications/PubsSPs.html [nist.gov]

      One of my favorites is SCAP, its like an XML for Security products that helps to standardize vulnerability reports and security settings so you can check using an array of SCAP compatible tools if your thousands of machines are all patched and up to date as well as running your enterprise security config.

      http://scap.nist.gov/ [nist.gov]

      I'd be concerned if some new bill made someone ELSE without some of the worlds best test labs, scientists and engineers negotiate standards for the US.

    • NIST [nist.gov] is not a new agency and has been around for some time. They are responsible for keeping track of US time and other standards. If the directory of NIST is anything like those I know who work there I do not think this will be anywhere near as bad as you imply. Finally ACTA has nothing to do with "international standards" and everything to do with copyright law.
    • by geekoid ( 135745 )

      I don't say this often, but you should be banned from the internet.

      A new body, sheeesh.

  • It's a step in the right direction...
  • Where do I sign up?

  • by PingSpike ( 947548 ) on Thursday February 04, 2010 @02:07PM (#31025464)

    I knew all those years playing Quake would come in handy eventually.

  • eeep (Score:3, Funny)

    by the_Bionic_lemming ( 446569 ) on Thursday February 04, 2010 @02:09PM (#31025484)

    The house overwhelmingly approved? That means it'll add to the deficit, be largely useless, and misused by RIAA.

    God help us all.

  • by neogeographer ( 1568287 ) on Thursday February 04, 2010 @02:09PM (#31025486)
    Come out to playyyyyyyyy
    • Why is it that the Government, when referring to IT matters, always uses terminology like that... What is this, the United States of Johnny Mnemonic?

      • Dude,
        Tell me that you didn't not get the "Warriors" reference...
        More seriously, would you prefer cyber "cops"? Cops or warriors, the terminology does, in my mind, trivialize this truly global contest (war, battle, struggle, whatever). As others have observed, there is some serious talent out there and it is well motivated. Unless/until there is similar motivation for those inclined to wear white hats, things are going to get worse, not better. The military will (just like in Gibson's novels) understand
        • What? Yeah, I got the reference.

          It's stupid chest-beating bill-marketing terminology aimed below most people's intellect, because that's how the bill authors see us. The intent and effect of the bill is irrelevant here. It just irks me that they feel they need to dumb it down for us. Instead of 'Information Technology Security Official', it's 'Cyber Warrior'. How gauche.

        • by tyrione ( 134248 )
          He probably wasn't born to see the movie when it first aired back in the days when our cable boxes were rotary dials.
    • by sconeu ( 64226 )

      Alas, most Slashdotters are too young to get your reference [imdb.com].

    • Wrong movie. Cyber warriors are like road warriors [imdb.com] except the "road" is the information super-highway. Now, I know that's confusing because the Internets are more like tubes than like dumptrucks, but still, the Internet is exactly like a highway for information only superer.

      So much as you'd expect, these cyber warriors will be riding around in cyber-cars (aka computers) trying to hoard cyber-gasoline, and perhaps trying to get revenge for their murdered cyber-wives. I know, it sounds funny, but you'd to

      • by tyrione ( 134248 )

        Wrong movie. Cyber warriors are like road warriors [imdb.com] except the "road" is the information super-highway. Now, I know that's confusing because the Internets are more like tubes than like dumptrucks, but still, the Internet is exactly like a highway for information only superer.

        So much as you'd expect, these cyber warriors will be riding around in cyber-cars (aka computers) trying to hoard cyber-gasoline, and perhaps trying to get revenge for their murdered cyber-wives. I know, it sounds funny, but you'd totally understand if you were a hacker who was familiar with cyberspace. The most important thing is to make sure all the T1s don't break through your firewalls and get access to your IP addresses.

        And you thought he was interested in an analogous reference? It was meant to be tongue-firmly-in-cheek.

      • Wrong movie. Cyber warriors are like road warriors except the "road" is the information super-highway. Now, I know that's confusing because the Internets are more like tubes than like dumptrucks, but still, the Internet is exactly like a highway for information only superer.

        Wouldn't that make them Tube Warriors? I mean, the Internet is like a series of tubes, or so I've been told...

  • by moz25 ( 262020 ) on Thursday February 04, 2010 @02:10PM (#31025500) Homepage

    Too little, too late.

    For more than a decade, effort was done to *weaken* the domestic talent at developing themselves or helping (causing) to harden the existing infrastructure.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Standard operating procedure: Eradicate what's there, bring in your own guys.

    • by GovCheese ( 1062648 ) on Thursday February 04, 2010 @02:39PM (#31025748)
      The federal government hasn't done a particularly good job advertising their Scholarship for Service Federal Cyber Service program where promising cyber students are given scholarships in return for a promise to give the government 2 years of service as federal employees in a cyber security related position. Few in the IT field even know it exists. But it's an exceptional idea and most government agencies are lobbying for expanding it to bring in even more students. The federal government isn't entirely incompetent or bereft of good ideas or lacking the will to implement them. The SFS Cyber Service program is one of their success stories.
      • They should up the ante a bit on this. Since they want four year degrees the should pay for 4 yrs of schooling. If they want you to have completed two years on your own to show commitment that is fine but they should reimburse those two years after successful completion. They could even up the service requirement to four years to match.

        It just doesn't make sense to stick people in low paying government jobs with student loans to pay as their reward.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      It gets better:

      H.Amdt. 545:
      An amendment numbered 1 printed in House Report 111-410 to address the lack of minority representation in the cybersecurity industry including women and African-Americans, Hispanics, and Native Americans. The amendment adds language in Sec. 107 to describe how successful programs are engaging said minorities and in Sec. 108 to include minority-serving institutions on the Cybersecurity University-Industry Task Force.

      Yay, more quotas.

      H.Amdt. 548:
      An amendment numbered 4 printed in House Report 111-410 to require the National Science Foundation to study ways to improve detection, investigation, and prosecution of cyber crimes including piracy of intellectual property, crimes against children, and organized crime.

      Won't someone think of the children? And "This bill brought to you by the MPAA/RIAA".

  • by gmuslera ( 3436 ) on Thursday February 04, 2010 @02:11PM (#31025510) Homepage Journal
    A private company could be delegated for most of the dirty stuff. OCP, Cyberdyne, and Umbrella Corporation already proposed themselves for that task.
    • Did Weyland-Yutani bid on it?

    • That is knda why the government hires contractors. If they are caught it is those immoral contractors, if they are not they perform a valuable asset to the country... Even if they do get caught and take the PR mess they hire them again as all they did was what they were hired to do.

  • Google attack? (Score:4, Interesting)

    by antiaktiv ( 848995 ) on Thursday February 04, 2010 @02:20PM (#31025608)
    Would it have had as much support without the recent (allegedly chinese) attack against Google and other companies?

    BYOCT... (Bring your own conspiracy theory)
    • ALLEGEDLY Chinese?

      • by BhaKi ( 1316335 )

        ALLEGEDLY Chinese?

        The same people who said there were WMDs in Iraq are saying the attacks are from China. So the 'allegedly' adverb should be used. My personal opinion is that the whole China-Google episode is a desperate joint attempt by NSA, CIA and Google.

        To what end?

        To make Americans boycott Chinese products and go for local ones.

        • The Chinese have been caught with their hands in so many U.S. digital cookie jars in the past few years I fail to see what difference it makes.

          I also fail to see how it benefits the NSA to make public the fact that Google was compromised through NSA backdoors in their gmail system.

  • Since when does using a fuzzer to modify http headers constitute as a l337?

    So do I have to give up my computer while somebody that wants to test out their l337 skillz essentially destroying my development server and hard work without compensation?

    Where are the bills protections to me as a non-felon, voting, tax-payer?

  • Bleh (Score:2, Interesting)

    by Anonymous Coward

    It's incredibly difficult to do something in an official, bureaucratic capacity without making your plan (and your goals) seem ridiculous, and your knowledge of the problem laughably ignorant. The internet is championed as a communication medium designed to be 'un-patrolable,' and any system that inspires hollywood-type 'hacking' will be immediately, firmly, and justifiably criticized by those who value it for exactly that reason. It sounds like our politicians are convinced that China has a few more 'cyb

  • Can someone tell me WTF a "Cyber-Warrior" is? Seriously. Like, what is it.. A bunch of script-kiddies running 1337 ha0r tools? Or someone who just knows how to pingflood? If they really want to be concerned about "Cyber Security", why don't they nuke all the computers running Bot nets? Why don't they go after the jerkoffs running the C&C servers? Why don't they set up Honeypots acting as spam traps and go after all those spammers clogging up the pipes? Why don't they go after the RBN equivalents out t
    • Right now, it is trivial to get into any medium or large company's datacenter. And it happens all the time. I would imagine that the term "cyber-warrior" would refer to someone skilled in the craft of doing exactly that.

      Are they hiring these people to "hack back" for counter-intelligence purposes? Will they be using these guys to try and get botnets all over countries we have poor relations with for intelligence-gathering purposes? Or are they hiring them merely ramp-up penetration testing efforts against o

    • Can someone tell me WTF a "Cyber-Warrior" is?

      Someone involved in any aspect of computer security, which can contain any of the following: penetration testing of systems to determine their vulnerabilites, network monitoring and analysis/intrusion detection, malware analysis, research into new exploits, analysis of botnet infrastructures and so on on the defensive side, and for the offensive side it is scanning target computer systems and networks, enumerating, exploiting, and pwning, either as a script kiddie with tools or as a more real hacker, creati

    • by mikael ( 484 )

      Can someone tell me WTF a "Cyber-Warrior" is?

      Somebody who understands how all the Internet protocols work (ssh/sshd, smtp, inet). If you have a Linux system, look at your /etc/services file. Do you know what all those protocols are? Look in your /etc/ssh directory. Are there files there? What are the *_key, *_key.pub files for? What are the hosts.allow, hosts.deny files in your /etc directory for? What is selinux? Or the smb.conf file?
      Do you what all the RFC files are for? What is your /etc/hosts file for?

  • umm wat? (Score:3, Insightful)

    by nilbog ( 732352 ) on Thursday February 04, 2010 @02:45PM (#31025808) Homepage Journal

    Shouldn't treaties be made by people who are responsible to an electorate? Isn't that the point of our entire system of government? This seems really shady to me.

    • The Director if NIST a confirmed presidential appointee.

      Appointees get chosen by the president and grilled by the Senate, all of whom are elected and in theory responsible to their electorate.

    • by pavon ( 30274 ) on Thursday February 04, 2010 @03:43PM (#31026670)

      I have mod points, but this sentiment has been stated several times in this thread, and I haven't seen an adequate response.

      All treaties are negotiated by the executive branch on behalf of the president - it's in the constitution. They are then approved by Congress. This bill isn't taking power away from congress - they never had power to negotiate treaties to begin with and will still approve any negotiated by the NIST. If anything, this might be interpreted as taking power from the President as it limits who can negotiate treaties on standards on his behalf. In practice, this is a boring area and he will gladly let the NIST handle it, until a special case comes up at which point it will be within his constitutional power to appoint someone else if he wants, regardless of what this law says.

    • The Director of NIST is a Senate-confirmed position. He's responsible to the Secretary of Commerce, and then the President, who is in turn responsible to the electorate (America is not a direct democracy, remember).

      A lot of business is done at the Cabinet level and below, even internationally (we have the State Department, remember, and the Office of the US Trade Representative). Treaties that require more than existing Executive power still have to be implemented with legislation.
  • by Angst Badger ( 8636 ) on Thursday February 04, 2010 @02:47PM (#31025848)

    Every time I hear a government official -- or, for that matter, anyone else -- refer to a "cyber warrior" outside of the context of a game or movie review, I want to take their television away from them until they're old enough to tell the difference between reality and fantasy. And in the case of this buffoon and his thousand extra cyber warriors per year, he also needs to read The Mythical Man-Month before he's allowed to leave his room.

    • If anyone is living in fantasy, it's you. Computer systems are compromised all the time here in reality. Sometimes it's by bored teenagers, sometimes it's by the mafia, and sometimes it's by foreign governments and their proxies. There is nothing of fantasy about hiring people with those skills; they could help you secure your own systems and gather intelligence on your enemies.

      • My objection was to the terminology, not the notion of the threat. Americans have this very unproductive habit of trying to cast every struggle in terms of a war of some kind: the war on drugs, the war on terror, even the war on cancer. The problem is that warfare is not a very effective model for much of anything except actual war, where it is arguably not terribly effective at anything except wasting lives and resources. Securing a system is not in any way like warfare. It is a whole lot like engineering,

    • by lennier ( 44736 )

      Because 'cyber warrior' sounds better than 'script herder'.

    • When I hear politicians calling soldiers "warriors" it makes me want to puke, as well. Being a soldier has been (and still is) a noble short-term profession. But we should always look at employing soldiers as, at best, a necessary evil. Give the guys that do it respect, but don't elevate them to exalted levels. And make no mistake, using the term "warrior" seeks to do this. We should never elevate the military above the political. I don't want to become an empire ruled by exalted military commanders (

    • by geekoid ( 135745 )

      If they where throughinh 1000 people at on single project, you would be correct.

      This is about 100's of new projects and needing the man power. You can have multiple teams working on separate projects and be successful.

      Please tell me you don't think 1000 people will al be working on the same project? That would be a hell of a funny way to do paired programming.

      Yes, cyber warrior is a lame name. No doubt about it.

      OTOH:
      "Cyber Warrior needs Dew, badly"

  • Hmmm.... this [cnet.com] would be related now would it?

    Google is finalizing an agreement with the National Security Agency to help the search giant ward off cyberattacks, according to the Washington Post.

  • I'm done fighting this stuff. I have only two questions. [1] Where do I send a resume to be a cyber warrior and [2] do I get an awesome badge?
  • by elrous0 ( 869638 ) * on Thursday February 04, 2010 @03:19PM (#31026292)

    the US needs 500 to 1,000 more 'cyber warriors' every year in order to keep up with potential enemies

    I'm ready to serve my country. But if you want me on the team I'll need Top Secret clearance, one of those cool James Bond gun pens, a military uniform so I can get laid in bars, and a lifetime supply of Diet Mountain Dew Code Red and Doritos.

    • I'm ready to serve my country. But if you want me on the team I'll need Top Secret clearance, one of those cool James Bond gun pens, a military uniform so I can get laid in bars, and a lifetime supply of Diet Mountain Dew Code Red and Doritos.

      Sorry, with your physique the military uniform will only get you laughed at in some bars and beaten up in others. Back in the day the Top Secret clearance might have gotten you laid by one of the KGBs finest, but I think they've cut the budget for that. And you'd pro

    • by geekoid ( 135745 )

      Jame Bond didn't need a military uniform to get laid.

      OTOH, how freaking cool would it be if the Tuxedo was a military uniform? mm.. ok not too cool.

      "and a lifetime supply of Diet Mountain Dew Code Red and Doritos."

      so a months worth.

  • Does anyone else also think its entirely too coincidental for the progress of the new cybersecurity bill, that a large scale hack of a giant US company (Google) was supposedly perpetrated by a comunist country a mere couple of weeks before the bill goes before the house?

  • Phft! All you need is Jack Bauer and CTU. THAT'LL teach them not to mess with the US! ;-)

  • Good to know that we can finally cyber safely, thanks to the Congress!

  • ", the director of the National Institute of Standards and Technology, to represent the government in negotiations over international standards and orders the White House office of technology to convene a cybersecurity university-industry task force to guide the direction of future research.'""

    that's really good, actually. It beets the last 8 years of ignoring the professionals.

  • This is stoopid I can't find anything in the text of this bill that says anything about cyberwarriors.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...