Saturday, August 29, 2009

Regarding Senate bill S.773

Dear Fed.Gov,

I've been working in Computer Security since 1984. I'm published in the technical literature, and my articles have been included in anthologies of Internet Security topics. I rather immodestly state this not to blow my own horn, but to establish a professional relevance for the following discussion.

Y'all are invited to kiss my Security:
The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.
But rather than being part of the problem, let me volunteer to be part of the solution. I'm happy to revise your "Cyber Security Professional" exam, which is guaranteed to be idiotic and useless, because it will be written by the people who let this happen.



P.S. Oh, and can you please show me where in the Constitution it lets you make me get "certified" so that I can run my own Internet site?

Morons. Fix your own house before you start telling me what do do with mine.

Hat tip: Bitmap.

UPDATE 29 August 2009 13:51: Looks like we've found someone even dumber than the U.S. Senate:

Australia's leading criminologist thinks online scams have escalated to such a point that first-time users of computers should have to earn a licence to surf the web.

Russel Smith, principal criminologist at the Australian Institute of Criminology said the concept of a "computer drivers licence" should be taken seriously as an option for combating internet-related crime.

Russel Smith of Australia, I'd call you an idiot, but I've already said you're dumber than the low-watt bulbs that we've sent to the Senate. A helpful hint, though: Vegemite Soylent is people!

UPDATE 29 August 2009 14:08: More at Slashdot, including this gem of wisdom:

Say we get in a war with China and they attack our power stations in the US via a massive cyber attack - do you want there not to be guidelines at that time?

Sensitive facilities like power stations should not be directly connected to the internet in the first place!

Yup. You'd almost think that the Fed.Gov was less interested in protecting critical infrastructure than grabbing power and bossing people around, or something. But you'd be a hater if you thought that. Or something.

UPDATE 29 August 2009 22:09: Welcome visitors from! Please take a look around. In particular, How to hack a classified network describes the trouble the Defense Department has in keeping the Bad Guys out of the classified networks (the unclassified federal infrastructure is a security nightmare, but the problem is even on the classified part as well). General security stuff here, and Security Kabuki is here.


"Zack" said...

Heh. I was waiting for you to jump all over this... I knew it was coming... sooner or later Borepatch was gonna strike on this like a viper on a warm rat.

Let's see here... da enemies wanna take down our net... now all they have to do is panic the POTUS into pulling da plug for them. Yep yep yep; our cyber security plan is sound...

NotClauswitz said...

Our power stations MUST to be linked to the Internet so that Gubb'mint Officials can observe the Webcam that shows the voltage-meters there, and workers can download Pr0n and upload YouTube to their Blogs!