[manimal]

Thoughts on this?

http://www.atr.org/pcnaa-internets-next-biggest-threat-a5104#

The Protecting Cyberspace as a National Asset Act (PCNAA) is probably the largest threat the Internet has ever faced. This legislation was announced by Senator Joe Lieberman (I-Conn.) with support from fellow Senators Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine). This bill would give the president emergency powers to take control of and shut down portions of the internet.

Read more: http://www.atr.org/pcnaa-internets-next-biggest-threat-a5104##ixzz0sutozEqL

This will lead to command and control, absolute power over the Internet and innovation needed to advance the Internet further will be severely curtailed. The FCC is already attempting to assert control over the Internet under Net Neutrality, and now the Department of Homeland Security is looking to wield power as well. Any exercise of this bill could also have drastic economic effects; no one would be held liable for any losses or damages. Bob Dix, a government affairs and infrastructure protection expert, believes that the government is in no position to interfere in dealing with cyber attacks. He rightly argues that businesses are already fighting against cyber attacks and know what they are doing.

Read more: http://www.atr.org/pcnaa-internets-next-biggest-threat-a5104##ixzz0suu44CyT

http://www.freedomworks.org/blog/ahamadeh/say-no-to-joe-kill-the-kill-switch

Lieberman claims that people are overreacting over the bill, and on State of The Union with Candy Crowley he told Americans to “relax,” and went on to say, "Right now China, the government, can disconnect parts of its Internet in case of war and we need to have that here too.” Joe Lieberman cites China as a model that the United States should follow. Joe fails to mention that in times of “unrest” like government protests, China has shut down the internet to restrict users from communicating to one another

me thinks that this is major overstepping of governmental boundaries but i couldn't find any major networks that picked up this story to compare the the right-wing blogs vs. main stream media versions of this bill.

 

[X3pilot]

I thought all the RM Mods had the kill switch.

 

[Silver]

Can you get some sources that are slightly more reputable? Maybe an HIV infected tranny hooker with open sores?

Jesus...

 

[jonKranked]

actually it's 4chan that has the kill switch for the internet.

 

[bohorec]

The deal is that Sen. Joe Liebermann, of Connecticut, has put forward a bill called the Protecting Cyberspace as a National Asset Act of 2010. You can read the whole thing if you wan, but life is entirely too short for that kind of thing. All you need to knows is that the law would replace a law that dates back to the 1930s. That law already gives the president the ability to kill any form of telecommunication! Granted, it has to be in the interest of national security, so we’d have to be staring down the barrel of a Red Dawn (or its lame re-imagining, Modern Warfare 2) scenario for that to happen.

The new law, as it’s currently written, would actually prevent the president and his peeps from directing much of anything. He (and the director of National Center for Cybersecurity and Communications) would have to work with the owners of critical infrastructure to decide on any plan of action in the event of a national security situation.

So if you want to be mad at anything, be made at an 80-year-old law that was developed decades before the Internet was even around.

http://www.crunchgear.com/2010/06/23/relax-president-obama-will-not-flip-an-internet-kill-switch/

 

[bohorec]

More refined version:

http://tpmdc.talkingpointsmemo.com/2010/06/joe-lieberman-and-the-myth-of-the-internet-kill-switch.php

But, surprising it was -- especially to Lieberman and his staff on the Senate Committee on Homeland Security and Government Affairs. They argued that, in fact, the bill limited the powers already invested in the President to shut down telecommunications providers. Leslie Phillips, the communications director for the committee, said, "The very purpose of this legislation is to replace the sledgehammer of the 1934 Communications Act with a scalpel." So, who is right?

A review of the 1934 Telecommunications Act (as amended in 1996) does indicate that the President has broad powers to simply shut off any and all regulated telecommunications if he deems it necessary for national security. Section 706 of the Act, entitled "War Emergency -- Powers of the President" says:

(c) Upon proclamation by the President that there exists war or a threat of war, or a state of public peril or disaster or other national emergency, or in order to preserve the neutrality of the United States, the President, if he deems it necessary in the interest of national security or defense, may suspend or amend, for such time as he may see fit, the rules and regulations applicable to any or all stations or devices capable of emitting electromagnetic radiations within the jurisdiction of the United States as prescribed by the Commission, and may cause the closing of any station for radio communication, or any device capable of emitting electromagnetic radiations between 10 kilocycles and 100,000 megacycles, which is suitable for use as a navigational aid beyond five miles, and the removal therefrom of its apparatus and equipment, or he may authorize the use or control of any such station or device and/or its apparatus and equipment, by any department of the Government under such regulations as he may prescribe upon Communications Act of 1934 just compensation to the owners. The authority granted to the President, under this subsection, to cause the closing of any station or device and the removal therefrom of its apparatus and equipment, or to authorize the use or control of any station or device and/or its apparatus and equipment, may be exercised in the Canal Zone.

(d) Upon proclamation by the President that there exists a state or threat of war involving the United States, the President, if he deems it necessary in the interest of the national security and defense, may, during a period ending not later than six months after the termination of such state or threat of war and not later than such earlier date as the Congress by concurrent resolution may designate, (1) suspend or amend the rules and regulations applicable to any or all facilities or stations for wire communication within the jurisdiction of the United States as prescribed by the Commission, (2) cause the closing of any facility or station for wire communication and the removal therefrom of its apparatus and equipment, or (3) authorize the use or control of any such facility or station and its apparatus and equipment by any department of the Government under such regulations as he may prescribe, upon just compensation to the owners.

In other words, as Phillips told us, the President already has an Internet kill switch: he can't shut off a website, but he can shut off any and all wireless or wired Internet access.

Lieberman's Protecting Cyberspace as a National Asset Act of 2010 (S. 3480) is, thankfully, somewhat more complex than that. It requires that owners of critical infrastructure, a definition that dates to the PATRIOT Act, work with the newly created director of the National Center for Cybersecurity and Communications within the Department of Homeland Security, to develop a risk assessment and a plan to mitigate their risks in the case of a national cyber emergency. If an emergency is declared, that director will:

(A) immediately direct the owners and operators of covered critical infrastructure subject to the declaration under paragraph (1) to implement response plans required under section 248(b)(2)(C);

(B) develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure;

(C) ensure that emergency measures or actions directed under this section represent the least disruptive means feasible to the operations of the covered critical infrastructure

None of those response plans expressly require that telecommunications providers develop a kill switch; in fact, the director is prohibited from requiring an critical infrastructure owner or operators from using any specific mechanism.

The owners and operators of covered critical infrastructure shall have flexibility to implement any security measure, or combination thereof, to satisfy the security performance requirements described in subparagraph (A) and the Director may not disapprove under this section any proposed security measures, or combination thereof, based on the presence or absence of any particular security measure if the proposed security measures, or combination thereof, satisfy the security performance requirements established by the Director under this section.

Phillips reiterated this point with TPMDC: "There is not a 'kill switch.'" When asked what measures might be envisioned by the legislation, she said, "A software patch, or a way to deny traffic from a certain country. All these measures were be developed with the private sector, not imposed on it."

 

[Pesqueeb]

Richard Clarke has been saying for a while that the internet is probably the most vunerable part of US infastructure. Look at what a foriegn power could do if so inclined, disrupt power supplies, eff-up air trafic control, etc, etc. When I have some more time I'll see if I can find some of his quotes but its pretty scary stuff.

also I predict the crowd to chime in in 3....2....1.....

 

[DamienC]

Richard Clarke has been saying for a while that the internet is probably the most vunerable part of US infastructure. Look at what a foriegn power could do if so inclined, disrupt power supplies, eff-up air trafic control, etc, etc. When I have some more time I'll see if I can find some of his quotes but its pretty scary stuff.

also I predict the crowd to chime in in 3....2....1.....

When a foreign power takes over Big Porn it will be like 91,100.

 

[Pesqueeb]

Found the interview I was thinking off. 45 minutes from NPR or you can read the transcript @ work.

Synopsis:

Richard Clarke served as a counterterrorism adviser to Presidents Bill Clinton and George W. Bush. He spent much of 2001 warning members of the Bush administration about the possibility of an impending al-Qaida attack.

Clarke has now turned his attention to another potential security catastrophe: computer-based terrorism attacks. In his new book, Cyberwar: The Next Threat to National Security and What to Do About It, he and co-author Robert Knake sketch out a scenario in which hackers could hypothetically cripple the United States from behind a computer screen.
"A cyberattack could disable trains all over the country," he tells Fresh Air host Terry Gross. "It could blow up pipelines. It could cause blackouts and damage electrical power grids so that the blackouts would go on for a long time. It could wipe out and confuse financial records, so that we would not know who owned what, and the financial system would be badly damaged. It could do things like disrupt traffic in urban areas by knocking out control computers. It could, in nefarious ways, do things like wipe out medical records."

Clarke says that cyberattacks can come from another country — or from a lone individual. Malicious code may infect a computer via a security flaw in a Web browser, or it could be distributed through secret back doors built into computer hardware. And though the government has set up security measures to protect military and intelligence networks, he worries that not enough is being done to protect the private sector — which includes the electrical grid, the banking system and our health care records.

"The Pentagon is all over this," he says. "The Pentagon has created a four-star general command called Cyber Command, which is a military organization with thousands of people in it to go to war using these [cyber]weapons. And also, Cyber Command's job is to defend the Pentagon. Now, who's defending us? Who's defending those pipelines and the railroads and the banks? The Obama administration's answer is pretty much, 'You're on your own,' that Cyber Command will defend our military, Homeland Security will someday have the capability to defend the rest of the civilian government — it doesn't today — but everybody else will have to do their own defense. That is a formula that will not work in the face of sophisticated threats."
Clarke says that one common attack is for hackers to take over a series of home computers through backdoor security exploits. For example, malicious software can be downloaded onto a hard drive after you accidentally visit a compromised website. Your computer can then be used in conjunction with other compromised computers to engage in a large-scale attack. The average computer user may not realize when their computer has been drafted into a cyberattack.

"Maybe your computer will be running a little slowly that day," he says. "Maybe your bandwidth won't look like it's normal. But while you're doing your e-mails, your computer could be sending out denial of service attacks as part of a million other computers all trying to knock off a bank."

There are ways to make your computer less vulnerable to one of these attacks. Clarke recommends never using your work computer at home, where it may be unintentionally compromised by another member of your family. And, he says, make sure your online banks have more than just a password for security protection.

"Good hackers can get through any password," he says. "If you're going to buy things online, have a credit card for that purpose with a low credit limit. Don't do banking or stockbrokering online and have a lot of money at risk — unless your stockbroker gives you more than just a password — a two-step process for getting in. It won't just be a name and password."

Clarke now heads a security consulting firm in Virginia and is a contributor to ABC News. He also teaches at Harvard's Kennedy School of Government. His 2004 memoir is entitled Against All Enemies: Inside America’s War on Terror. He is also the author of Your Government Failed You: Breaking the Cycle of National Security Disasters and The Scorpion's Gate.

 

[Pesqueeb]

Intersting counter point from Wired.com. Although I think it should be pointed out that Mr. Clarke was being dismissed just as off handedly when he was running around screaming bloody murder about some nutjob out in the desert that no one had ever heard of named Osama bin Laden.

Readers of Richard Clarke’s new book Cyberwar who want to jump to the steamy parts should start at page 64 in the chapter “Cyber Warriors.” It’s there you’ll find the Book of Revelation re-written for the internet age, with the end-times heralded by the Four Trojan Horses of the Apocalypse.

Chinese hackers take down the Pentagon’s classified and unclassified networks, trigger explosions at oil refineries, release chlorine gas from chemical plants, disable air traffic control, cause trains to crash into each other, delete all data — including offsite backups — held by the federal reserve and major banks, then plunge the country into darkness by taking down the power grid from coast-to-coast. Thousands die immediately. Cities run out of food, ATMs shut down, looters take to the streets.

That electronic Judgment Day is not the stuff of bad movies or sci-fi novels, according to Clarke, who writes, “A sophisticated cyber war attack by one of several nation-states could do that today, in fifteen minutes.”

That’s right. In less time than it takes to download Live Free or Die Hard, foreign hackers could make it real.

A former top counter-terrorism advisor under President Clinton, who later served as President Bush’s cybersecurity czar, Richard Clarke has been sounding the alarm on cyberwar for more than a decade, rarely letting up, even through two real wars and one massive domestic terrorist attack. Now Chairman of Good Harbor Consulting, Clarke is going full-out Jerry Bruckheimer in an effort to get America to take seriously what he clearly sees as a (perennially) looming existential threat to the nation.

And it turns out that in Cyberwar, like in real war, truth is the first casualty.

It’s not just Clarke’s 15-minutes-to-doomsday scenario that stretches credulity. Like most cyberwar pundits, Clarke puts a shine on his fear mongering by regurgitating long-ago debunked hacker horror stories. In his world, the Slammer worm was partially responsible for the Northeast blackout of 2003 — the Energy Department concluded otherwise. A power outage in Brazil is similarly attributed to a hacker, when the real-life evidence points to sooty insulators. Clarke describes the Russian denial-of-service attacks against Estonian servers in 2007 as the “largest ever seen” (not even close). He claims that foreign hackers stole the plans to the F-35 Joint Strike Fighter fighter, when they actually nabbed unclassified information on the plane’s self-diagnostic system.

So much of Clarke’s evidence is either easily debunked with a Google search, or so defies common sense, that you’d think reviewers of the book would dismiss it outright. Instead, they seem content to quote the book liberally and accept his premise that cyberwar could flatten the United States, and no one in power cares at all. Of course, the debunking would be easier if the book had footnotes or endnotes, but neither are included — Revelation doesn’t need sources.

Clarke returns over and over to the security of the power grid, focusing on the systems known as SCADA that allow utilities to remotely monitor and control electric generation and transmission equipment. Here, he starts reasonably enough: Good security practices dictate that these systems should be unreachable from the public net, and, unfortunately, that’s not always the case. But from there, he quickly moves back to fantasy. He suggests darkly throughout the book that the nation’s power and chemical plants are all shot through with secret backdoors implanted by the Russian, North Korean and Chinese governments, even though there’s never been a single publicly documented case, outside of a vague and anonymously sourced article in the Wall Street Journal

Clarke’s prescriptions are manyfold. First, the nation’s backbone carriers — the ones with fiber optic networks crisscrossing the country — should be required to inspect all packets, and delete the ones that match known signatures of viruses and other malware. While that might seem like a fine idea, the security industry is already moving away from signature-based strategies, since malware-makers have taken to testing their payloads against anti-virus software before deploying it.

ISPs already have the ability, and the legal right, to filter out known bad packets, but requiring it — as Clarke would do — would not only be ineffective, but it would inevitably lead to other demands to filter content, first child pornography, then perceived copyright violations, and finally unwanted speech of all sorts. Clarke fails to consider the contents of the Pandora’s box he seeks to open.

More persuasively, Clarke argues the feds need to set some real, auditable and binding rules for companies that run critical infrastructure, such as the electrical grid. The current policy is driven by the rationale that private-sector companies have enough financial incentive to protect their network, and the government’s role should be limited to helping share information about threats among the stakeholders. That policy works well when it comes to companies like Google and Chase, which could lose customers if their networks are routinely hacked, but isn’t as effective for your energy company, which likely has no real competition.

So, even if you don’t accept Clarke’s doomsday predictions, there’s a good case to be made that the feds ought to have strong rules governing these systems, and, as he suggests, a crew of white hat hackers tasked with trying to bust into the grid on a daily basis.

And there’s something to be gained by thinking about the consequences and morality of militaries infiltrating other country’s power grids, or whether the government ought to be able to take down Al Qaeda websites, or whether the military should ever hack into the financial system. These are fun and not unimportant debates to have.

But the Chinese can’t blunt the power of 15 carrier groups with some fancypants, unheard of ninja cybercoding tricks. Live Free or Die Hard was a bad movie, not a prescient one (it’s one of many Hollywood references Clarke makes to bolster his case). The Chinese and Russians don’t have secret backdoors into the transformer outside your house, and if it blows up, it’s more likely a rodent chewing through the casing than a cyberwarrior sitting in an internet cafe in Shanghai.

The cyberwar rhetoric is dangerous. Its practitioners are artists of exaggeration, who seem to think spinning tall tales is the only way to make bureaucracies move in the right direction. But yelling “Cyberwar” in a crowded internet is not without consequence. Not only does it promote unnecessary fear, it feeds the forces of parochial nationalism and militarism — undermining a communications system that has arguably done more to connect the world’s citizens than the last 50 years of diplomacy.

And, let’s be honest, your photocopier will never, ever catch on fire due to a hacker, like it does in Cyberwar.

Except, of course, in the movie version of this book, which undoubtedly, will star Bruce Willis or Keifer Sutherland.

Read More http://www.wired.com/threatlevel/2010/04/cyberwar-richard-clarke/#ixzz0svcMTW4w