Jump to content
SubSpace Forum Network

The Cybersecurity Act of 2009 Passes Senate Panel

L.C.

By L.C.
in General Discussion

 Share

Recommended Posts

L.C. Newbie

L.C.

Posted
Posted

Source: http://politics.slashdot.org/story/10/03/30/136249/The-Cybersecurity-Act-of-2009-Passes-Senate-Panel

An anonymous reader writes
"The Cybersecurity Act of 2009 passed a Senate panel, giving the president unprecedented power to issue a nation-wide blackout or restriction on websites without congressional approval. The bill, written by Sen. Jay Rockefeller [D-WV] and revised by Sen. Olympia Snow [R-ME], was drafted in an attempt to thwart internet-based terrorist threats, and gives the president this 'kill switch' without oversight or explanation. The bill is up in for Senate vote."
BDwinsAlt Newbie

BDwinsAlt

Posted
Posted
Isn't Rockefeller the same person who supports a one world government? I think the president should have a kill switch at most to government facilities to protect government buildings and information. Private internet servers shouldn't be affected and they should not cooperate with government officials. I sure as hell wouldn't. If none of the major companies comply, then there isn't anything the government can do but shut them all down, and I HIGHLY doubt they would do that.
L.C. Newbie

L.C.

Posted
  • Author
Posted
If none of the major companies comply, then there isn't anything the government can do but shut them all down, and I HIGHLY doubt they would do that.
;D

 

If none of the major companies comply, then there isn't anything the government can do but shut them all down, and I HIGHLY doubt they would do that.
Except, with a police and military force.
BDwinsAlt Newbie

BDwinsAlt

Posted
Posted

I doubt the people would like that very much. Besides, the internet is used for VoIP phones. My school uses VoIP. The military and many businesses use the internet. Many companies rely on the internet to function. It just wouldn't be good for him if he ever did push the big red button. Imagen how many facebook users would be disappointed. I could see someone getting impeached for pushing this button. It would harm businesses and many other things, which would give us the authority to abolish the government (assuming healthcare doesn't already give us that right), and I don't know why, but we still haven't been able to abolish and start over. If we did, I doubt anyone would re-elect anyone already in office. The country would be less corrupt, for a while, then we would have to do this all over again. Imagen how many people would lose their jobs and source of income, unless we only abolished the 3 branches of government that make decisions.

 

Wow all that over cybersecurity. I'm shocked that this kind of censorship is out there. In the invent of a terrorist attack, I would hope to be able to use the internet to get in touch with family and friends. Maybe the president needs a button to nuke the whole world if needed so we have even less to worry about.

Xog Newbie

»Xog

Posted
Posted

In the immortal words of Admiral Ackbar, "It's a trap!"

 

Seriously, you guys don't see this coming?

 

*something big an important happens*

 

-"NO INTERNET" Button is pressed -

 

*stuff happens*

 

- brought back online after dust settles -

Lynx Newbie

»Lynx

Posted
Posted
Let's face it, it's a worst case scenario bill that's been put into place; but will never actually be used. Probably why it was ushered through without anybody really noticing or caring.
NBVegita Newbie

NBVegita

Posted
Posted
Let's face it, it's a worst case scenario bill that's been put into place; but will never actually be used. Probably why it was ushered through without anybody really noticing or caring.

 

Just for a perspective, if this were done 3 years ago under Bush, EVERYONE would notice and EVERYONE would care.

L.C. Newbie

L.C.

Posted
  • Author
Posted
Let's face it, it's a worst case scenario bill that's been put into place; but will never actually be used. Probably why it was ushered through without anybody really noticing or caring.

 

Just for a perspective, if this were done 3 years ago under Bush, EVERYONE would notice and EVERYONE would care.

I think this primarily depends on how the media spreads the news, and IF they do.
Aileron Newbie

Aileron

Posted
Posted (edited)

Sorry guys. This bill is legit. The Constitutional role of the executive branch is to be able to act unilaterally in the short term situations where only a unilateral solution can work. But, there needs to be a massive and imminent threat to the nation as a whole for this to be justified. The problem is, I don't see how cyberterrorism can be that sort of threat.

 

 

 

One threat is of some foreign power getting our sensitive secrets. However, all classified information can not be stored on any computer with an internet connection. It's illegal. In fact, some places will go so far as taking out the CD Rom and filling the USP and network ports with super glue on a classified computer.

 

The prospects of a hacker shutting down utilities are even more laughable. The hacker seeking to shut down the US power grid would quickly find that few of the machines involved with the process even have a computer in them, and most that do are controlled by a computer with an actual operating system. (Your car most likely has a computer that regulates engine functions, but doesn't have an operating system.) Of the scant few machines run by a computer that has an operating system, none are hooked up to the internet because there is no reason for any utility company to install an internet connection onto that computer.

 

It would be like me using the computer I'm on to hack into your house and set your microwave to 12 minutes. You don't have the hardware for that to be possible and you have no motive for installing such hardware. Now, I could still sneak into your house when you aren't around and f___ with your microwave, but that's not a cyber attack, that's a physical one.

 

Stealing, manipulating, erasing, etc. financial data on the national economy crashing scale the President should be concerned with would be possible if the majority of major corporations didn't keep analog backups, but they do. On the smaller scale, that's called identity theft and obviously happens, and identity theft is combated by organizations which fall under the executive branch, so there is legal wiggle room here.

 

What a cyber attack is in reality is usually some sort of method to flood a server with activity until it has to be shut down. It costs money and p___es people off, but doesn't really qualify as a national emergency. Ofcourse, trying to prevent servers from being shut down by shutting down servers is kinda like putting out a brush fire with a flamethrower, which oddly enough is called 'backburning' and works if done intelligently.

 

 

Now, Xog may have hit the nail on the head in terms of how this bill might actually be used in real life. This bill needs to be very well worded so that the outcome is something that shuts down a utility in a national emergency rather than something that limits free speech when somebody is embarrassed.

Edited by Aileron
NBVegita Newbie

NBVegita

Posted
Posted

Oh the US electrical grid has been hacked? You do realize that there is no single nation wide "grid" that is run and managed centrally?

 

Yes, a utility may have been hacked, or more so part of their infrastructure, but working for the second largest utility in America, we were not compromised at all.

 

All of this hoopla is over the fact that AMI (Smart metering) will allow the AMI network to become more vulnerable. Even at that, most utilities will not be converted to fully functioning AMI for another 15-20 years. As with anything, there will be risks and security designed to minimize those risks.

 

The core components of the electrical grid will always be protected at a root level. Even at a full AMI, everything could be underwritten manually, in which there are always people located in very close proximity with the proper training. Any core facility will have enhanced AMI metering allowing them to further manipulate there security and accessibility.

 

If a "Kill switch" was ever to be needed, it should be the individual utilities killing their own systems, the people like me, trained to know the impact of every load and signal on my system, not the government who screws up just about everything they try to do. Even at that, the AMI network is only a network of access and control of a manual network. If you were an AMI customer and I were to cut AMI network communications to your meter, you'd still have power. If I were to cut the entire AMI communication network (IE your kill switch), you'd all still have power, just like you have power today with no AMI network.

 

Please don't take Die Hard 4 very seriously.

Lynx Newbie

»Lynx

Posted
Posted

And if you'd have paid any attention you'd note that the 'kill switch' you keep yabbering on about isn't in the bill, and the fact still remains that critical infrastructure has been compromised, so therefore your whole point is moot. Focusing security within a network alone is always a bad idea; hence why common sense applies here.

 

Also, just because when grids were compromised and it never ended in catastrophe, doesn't mean that further safety measures should be put into place for the future.

NBVegita Newbie

NBVegita

Posted
Posted

What is you idea of compromised?

 

If I were to hack into a Social Security administration computer that had no impact on client information, what was really compromised? A non-critical network containing no private information?

 

As I stated before, even with a full AMI, anything and everything that could be done remotely, can be overwritten manually. The only chance your "compromised grid" would have an impact on the actual power flow is if someone hacked into the grid and were not monitored doing dozen of things (with out getting too technical) which are monitored out of your arse. So yes, if your system is infiltrated and you do not monitor your system, then yes, you have a risk. In reality, it would not happen. To tell you the absolute truth, you could do more damage by hiring a crew to break into a substation than you could do via anything over the internet and at that, the damage would be minimal.

 

And if you'd have paid any attention you'd note that the 'kill switch' you keep yabbering on about isn't in the bill, and the fact still remains that critical infrastructure has been compromised, so therefore your whole point is moot. Focusing security within a network alone is always a bad idea; hence why common sense applies here.

 

Simply the fact that the "kill switch" was originally in the bill shows that arguing against it is NOT a moot point. It could have very easily been left in the bill.

 

I don't get where you're going with your whole "security within a network alone is a bad idea", nor where your "common sense" applies. Please elaborate.

 

Also please elaborate into what critical and catastrophic flaws are in the system, or simply what damage you think could be done that would involve further government oversight at any level.

Lynx Newbie

»Lynx

Posted
Posted

http://online.wsj.com/article/SB123914805204099085.html

 

It wasn't a small story, and the underlying factor is that national security professionals have said that the grid has been compromised, and the malicious software left behind could have disrupted the grid. I'm not going to dilly dally over what damage could have been done; but leave it as damage could have been done. Whether you think that this damage could have been fatal to peoples lives, or injure people, or just be a pain in the arse isn't something I am going to argue over because in all honesty, I don't know enough about all the problems that could arise to have such an argument. I do know, however, that if critical infrastructure goes down, there will be problems.

 

Due to the system already being compromised, it's clear that the engineers overseeing security at whatever grid that was attacked aren't doing a very good job; and simply relying on one point of failure (which has already failed) is naive. To make a bad analogy, you get a pilot and a co-pilot. If the pilot has a heart attack, at least there's somebody else to take over when shit does inevitably go pair shaped.

 

Another thing that irks me about the whole situation is that many of the security attacks against critical infrastructure aren't caught by engineers working for the grids etc, but by Government Intel. agencies; which you seem to be demonising so much.

 

And just for the record; bills are changed, often many times before they're finalised. Yes, arguing over a non-issue like the kill-switch is a moot point.

Dr Brain Newbie

Dr Brain

Posted
Posted

You two are talking about completely different things.

 

Detecting and preventing foreign cyber attacks are what the NSA is for. Adding a kill switch for the politicians is a separate issue entirely.

 

Lynx, your post talks about attacks, but according to that story there was no attack. They briefly mention an unrelated physical attack in Australia, as if it were relevant. There was only probing and possible preparation for future attacks. That's entirely different. Local personnel are still the best choice in responding to an actual attack.

NBVegita Newbie

NBVegita

Posted
Posted (edited)
It wasn't a small story, and the underlying factor is that national security professionals have said that the grid has been compromised, and the malicious software left behind could have disrupted the grid. I'm not going to dilly dally over what damage could have been done; but leave it as damage could have been done.

 

No, as someone intimately involved with the infrastructure of a utility system and power grid, I won't just leave it. Please elaborate on what exactly you believe could be done. The article states that some "Current and former national security officials" say that certain things may be done, yet there is no evidence of anyone actually being able to do what they claim. I'm coming from first hand knowledge of at least one utility system.

 

I don't know enough about all the problems that could arise to have such an argument. I do know, however, that if critical infrastructure goes down, there will be problems.

 

As I've stated before, this is not Die Hard 4. It is physically impossible to take down the power grid with the internet. You could not even significantly impact a power grid with the internet. That is what I've been arguing in the first place.

 

Due to the system already being compromised, it's clear that the engineers overseeing security at whatever grid that was attacked aren't doing a very good job; and simply relying on one point of failure (which has already failed) is naive.

 

So if the security at one bank is compromised, security at all banks needs to become redundant? Being they didn't name the "grid" <-- wrong terminology anyway, that was compromised, it could have been run by a small municipality or company. They didn't outline what safety procedures were in place or how strong the security was. To make the blanket statement above is pretty naive.

 

Another thing that irks me about the whole situation is that many of the security attacks against critical infrastructure aren't caught by engineers working for the grids etc, but by Government Intel. agencies; which you seem to be demonising so much.

 

Ironically, legally the U.S. government cannot have monitoring abilities over the systems in a non government owned utility. See the post above about small utilities/government run. I'd be curious as to just how they found those attacks.

 

The whole article wreaks of propaganda, they don't cite any sources or details, use inaccurate terminology, don't define finite threats or impacts and doesn't hold up to any sort of scrutinizing. The problem is that being 99% of people know nothing not only concerning utilities, but the power grids construction, redundancy, application ect ect ect., which allows articles like that to actually make an impact on the general populace.

Edited by NBVegita
Lynx Newbie

»Lynx

Posted
Posted

No, as someone intimately involved with the infrastructure of a utility system and power grid, I won't just leave it. Please elaborate on what exactly you believe could be done. The article states that some "Current and former national security officials" say that certain things may be done, yet there is no evidence of anyone actually being able to do what they claim. I'm coming from first hand knowledge of at least one utility system.

 

Jianwei Wang wrote this paper (this paper is part of the reason the bill was drafted) describing how a cascading attack could disable not just one grid (I don't care what the proper terminology is, and stop being a douche) but could disable multiple grids. For evidence that cascading issues can occur refer to the 2003 incident where ~100 million homes were left without electricity due to the failure of just one plant during a high energy use period.

 

As I've stated before, this is not Die Hard 4. It is physically impossible to take down the power grid with the internet. You could not even significantly impact a power grid with the internet. That is what I've been arguing in the first place.

 

And seeing as there was malicious software that [according to security officials from the attacked providers] could have damaged plants, I'd be inclined not to believe you.

 

So if the security at one bank is compromised, security at all banks needs to become redundant? Being they didn't name the "grid" <-- wrong terminology anyway, that was compromised, it could have been run by a small municipality or company. They didn't outline what safety procedures were in place or how strong the security was. To make the blanket statement above is pretty naive.

 

Nope, you've just made an unrelated analogy. The bottom line is that relying on only one point of failure is naive. I'm not arguing that the security personnel at the plants should become redundant, but I am arguing that getting butt-hurt over the Government lending a hand is nothing short of ludicrous.

 

Ironically, legally the U.S. government cannot have monitoring abilities over the systems in a non government owned utility. See the post above about small utilities/government run. I'd be curious as to just how they found those attacks.

 

Clearly, the department of homeland security is lying to us all.

NBVegita Newbie

NBVegita

Posted
Posted (edited)
Jianwei Wang wrote this paper (this paper is part of the reason the bill was drafted) describing how a cascading attack could disable not just one grid (I don't care what the proper terminology is, and stop being a douche) but could disable multiple grids. For evidence that cascading issues can occur refer to the 2003 incident where ~100 million homes were left without electricity due to the failure of just one plant during a high energy use period.

 

First the paper is written in complete theory. In her entire paper she uses assumptions based on system architecture, transformers, transistors ect ect ect. Again, also assumptions are made on the precaution, monitoring and fail safe's in such a system. Her paper is focused on the physics of a possibility, yes a theory, not a probability. Is it physically possible? Yes, under the right circumstances a cascading failure could occur, I've never argued that it couldn't, yet it would be NEARLY IMPOSSIBLE for that to happen via an internet attack. The blackout of 03 had absolutely nothing to do with a cyber attack and is unlikely to ever occur again. Technology has improved a lot since 2003. In 2003, AMR was a concept, now AMI is a reality.

 

And seeing as there was malicious software that [according to security officials from the attacked providers] could have damaged plants, I'd be inclined not to believe you.

 

How could it have damaged substations!? If I told you I hacked into the transit authority and installed a malicious software that could damage the system, you'd ask me "how can you damage the system?" In fact I don't care if you don't believe me (as you don't know me from the next guy), but it is utterly ludicrous to take a paper thin article, with no details, citations, evidence, ect. and present it to be accurate. Of course I do suppose our society is based on that nowadays, you don't need FACTS to form an opinion.

 

Nope, you've just made an unrelated analogy. The bottom line is that relying on only one point of failure is naive. I'm not arguing that the security personnel at the plants should become redundant, but I am arguing that getting butt-hurt over the Government lending a hand is nothing short of ludicrous.

 

What is the one point of failure? In fact I dare you to name a single point of failure. How can you even argue a point of failure on a system you know nothing about?

 

lol ludicrous? I'm getting upset because the government wants to interfere further in the security and operation of private and publicly owned companies and I'm ludicrous for that? The hardest part of the utility industry is dealing with government energy agencies FERC, NERC, NYSIO, LIPA, ect.

 

Clearly, the department of homeland security is lying to us all.

 

Since when has the DHS ever been bound by the law? In fact haven't there been dozens of topics/posts in topics agonizing over things the DHS does, or tries to do that they "should not be" doing?

 

 

This entire argument is going no where. I really don't feel I need to continue arguing the architecture points of a system where the only counter argument is a news article with no facts, evidence or citations contained in it. Hell if I can say something is true without providing any supporting evidence, I think I'm in the wrong profession.

 

I've said my peace.

 

Reason for Edit: Forum being wacky

Edited by NBVegita

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...