Wyden To White House: Protecting Nuclear Power Plants Is Different Than Protecting Facebook
from the critical-infrastructure dept
Last week, we wrote about a leaked copy of an executive order being worked on by the White House to deal with the lack of “cybersecurity” legislation being passed. We’ve since learned that this is one of two different executive orders being worked on concerning this issue. We are working on getting the other, more focused, draft as well. That said, we noted numerous problems in the draft we did see, including the broad definition of “critical infrastructure,” which basically leaves it pretty open for the feds to declare almost anything “critical infrastructure,” thereby putting tremendous pressure on private companies to comply with a set of rules that may not make much sense.
This is, quite reasonably, raising some concerns. Senator Ron Wyden has sent a letter to the White House’s Cybersecurity Czar Coordinator, J. Michael Daniel, to point out that there’s a pretty big difference between things like nuclear power plants and social networks online — and any executive order that fails to take that into account seems problematic. The full letter is embedded below, but a snippet:
In the case of interactive computer services, such as networks that facilitate commerce, provide search services, or are platforms for social networking and speech, vulnerabilities are unlikely to constitute threats to our national security. It should be clear in any executive order related to cybersecurity that there is a fundamental difference between networks that manage infrastructure critical to public safety, like energy, water, and transportation systems, and those that provide digital goods and services to the public. It would be a profound mistake to subject our growing digital economy to onerous new cyber rules and regulations that stifle innovation, creativity, and job growth. Such rules will not serve to combat the real threat to the nation’s critical infrastructure and national security.
Indeed. While we tend to agree that various internet services are important to our economy, to argue that social networks are somehow the equivalent of energy systems, water treatment plants or the like seems obviously ridiculous. All it ends up doing is leaving a massive opening for the feds to seek much greater access and control over the internet services we use every day than they really need.
There are reasonable fears that some in the government are really using scare stories about planes falling from the sky due to cyberattacks to really open up access to private communications systems on the internet for surveillance purposes. Given what we’ve seen with other spying efforts, such worries seem quite justified. This is not unlike supporters of SOPA using the very narrowly focused issue of fake drugs as an excuse to pass expansive copyright laws dealing with file sharing online. In this case, it seems like those who really just want access to online communications may be using claims of “threats” to “critical infrastructure” to backdoor their way in. And the trick is just to define “critical infrastructure” really broadly. Hopefully people recognize that the definitions here really do matter, and that any executive order is very narrowly focused towards actual critical infrastructure.
Filed Under: critical infrastructure, cybersecurity, ron wyden
Comments on “Wyden To White House: Protecting Nuclear Power Plants Is Different Than Protecting Facebook”
Sanity! I like Wyden, he seems to be a beacon of sanity amidst all the madness in the US Govt (there are other ‘beacons’ mind you). I’d go further and ask WHY any critical infrastructure is actually connected to the Internet anyway.
It’s worth following the repercutions of this move. In any case, we should be glad we have Wyden and people like him in the US Govt.
Re: Re:
*repercussions
Re: Re:
Not enough of them in Government.If they just keep taking away our Rights they will be leading us towards a Dictatorship or some other form of Repressive Government.If so then let the Revolution come.And let them be tarred & feathered who would steal our Freedoms.
Re: Re: Re:
“If they just keep taking away our Rights they will be leading us towards a Dictatorship or some other form of Repressive Government”
I don’t know about you but personally I think we are already well on our way. In fact I already find our “democracy” being pretty repressive.
To fly you have to submit to being groped by one of the fine members of the TSA. A “search” that would be considered sexual assault coming from anyone else. I mean really, you can sue your damn DOCTOR for touching you that way without a good reason.
They also have admitted to spying on us but refuse to really give any details. All this while setting up their own “terrorists” to arrest so they can look good. This helps them justify the road check points they are trying out in different places.
This government long ago strayed from being for the people. It is now running thing behind closed doors all while blowing lots of hot air about “being transparent”. I am disgusted with the condition our government has gotten to.
Re: Re: Re: Re:
Oh Machin, why do you hate democracy? And freedom, liberty, puppies, kittens, and apple pie? A TSA reeducation squad has been dispatched, please do not resist.
Coming soon to a security theater near you
Next the FBI will be thwarting its own terrorist plots on Facebook and Twitter. See, we needed the executive order!
‘for the feds to seek much greater access and control over the internet services we use every day than they really need’
or should have! those that are trying to bring in this and similar bills are actually really trying to take control of spying on everyone for whatever they might say or do. what i dont understand is why anyone in government would want to do this and brand all citizens as if they are terrorists or subversives. what the hell is wrong with these people? could it be that they are in actual fact the ones that are the terrorists and the subversives and are trying to make sure that anyone that gets close to finding out the truth can be eliminated first? man, that’s scary!!
Re: Re:
Fact is the US government has been the biggest terrorist organization on the planet for some time now.
laws
I just have to think of how “well” dmca is actually used for its intended purpose. Seems like it’s always used for the wrong purposes. Makes me not trust any SOPA regulation idea’s.
Re: laws
Good ghandi are you spambots sifting through old articles…
But Mike! Don’t you know you can hack a car (http://www.cnn.com/2012/03/02/tech/mobile/mobile-car-hacking/index.html
Re: Re:
gah – formatting monster ate the rest of the sarc comment. And I have no idea what I wrote. Oh well – I’ll await that edit button.
The true problem is with the Executive branch of the government using diktats and signing letters to usurp the will of the people and their rights under the constitution.
yes, it’s not like if someone posted a video on youtube that would result in the deaths of alot people.
or that people could not use the internet to plan attacks on critical infrastructure.
also critical infrastructure is a very well defined term we all know what it means..
Re: Re:
“critical infrastructure is a very well defined term we all know what it means”
Yeah it is anything and everything:
http://online.tarleton.edu/ACEF/IFPIL/IFPIL5.html
Because national monuments are so essential for the functioning of a society and economy. That’s why we cant have those damn kids dance round there.
http://www.huffingtonpost.com/2011/05/30/jefferson-memorial-dancing-arrests_n_868719.html
Your/our republic is dying a slow death.
Re: Re:
yes, it’s not like if someone posted a video on youtube that would result in the deaths of alot people.
A video on Youtube killed a bunch of people? How does that work?
I thought a bunch of people were manipulated into overreacting to a video posted on Youtube and were then driven to kill others.
Re: Re: Re:
by our govt? no sarcasm intended
Re: Re: Re:
a video resulted in the death of people,
Re: Re:
We should probably ban written language then, what if someone read something that drove them to kill or wrote down plans for attacks on critical infrastructure?
Re: Re:
or that people could not use the internet to plan attacks on critical infrastructure
People could sit in a coffee shop and plan attacks on critical infrastructure. Oh noes, we need a coffee shop security act! Camera’s and mics focused on every table is a requirement.
Re: Re: Re:
This shit would just kill Frank!
Step 1 for protecting vital electronic infrastructure:
Do not have it connected, or able to connect, to the internet, ever.
Re: Step 1 for protecting vital electronic infrastructure:
Have any of the boneheaded managers who violated that rule been punished in any way?
This post brought to you by the WydenPAC Unofficial.
This really should be a well duh moment. Nuclear power plants have controllers that are largely hardware switches and not the computers we have sitting at a desk. There are no “excess ports” to plug infected hardware (like a mouse or thumb drive) into.
Anyway, what makes anyone (especially politicians) think they could design a backdoor that couldn’t be used against them? Hackers would love for government backdoors because after a little reverse engineering they could use those same exact backdoors and fuck everyone over.
"critical infrastructure,"
Bush set the stage using “critical infrastructure” as the loophole to be able to declare Marshall law.
It started in The un-Patriot act.
https://en.wikisource.org/wiki/Author:George_Herbert_Walker_Bush/Executive_orders
https://en.wikipedia.org/wiki/List_of_United_States_federal_executive_orders
This seems to be similar to Executive Order 13231.
Ha here it is and it is tied to The Patriot act.
Presidential Directive 7:
http://www.dhs.gov/homeland-security-presidential-directive-7
Critical infrastructure is anything and everything:
http://online.tarleton.edu/ACEF/IFPIL/IFPIL5.html
Obama/Bush= https://timpreuss.files.wordpress.com/2012/04/obamabush.jpg – Same shit, different asshole.
so, if Wyden is expecting any sort of response other than
‘duh! is there?’
i think he’s gonna be out of luck!
The weakest link in protecting any system is humans, but I have never seen humans so far removed from the systems able to screw them up even more. Amazing.
“The weakest link in protecting any system is humans, but I have never seen humans so far removed from the systems able to screw them up even more. Amazing.”
funny thing about all this is, it does not matter at all with good design.. and for the large part in a well designed system (FS/FO) (FAIL SAFE/ FAIL OPERATIONAL), no HUMAN or computer intevention will ‘break’ the system.
if it is not physically possible to remove the control rods of a nuclear power plant beyond a certain level, no computer or human CAN DO IT…
if you put a physical stop on a throttle setting, NO HUMAN or computer can set the throttle to a level that will distroy the engine.
“Nuclear power plants have controllers that are largely hardware switches and not the computers we have sitting at a desk. There are no “excess ports” to plug infected hardware (like a mouse or thumb drive) into.”
not exactly true, they are PLC’s, and networked, but they are not accessible from the internet, or any other public network, they DO have access ports, and the ability to reprogram them (PLC stands for PROGRAMMABLE logic controller), so yes they can be programmed, usually by burning an eprom and physicaly seperate from the PLC, then pulling it apart and installing the new programmed chip…
not something you can do from the internet.
SCADA systems do operate on networks, but not public networks, and never accessable from the internet.
it is possible with these networks, to become a node of that network, but with good design, it is still impossible to destroy or damage systems..
again by employing FS/FO design you get just what you design for, fail safe and fail operational, it can be done, and IS done all the time.