Wyden To White House: Protecting Nuclear Power Plants Is Different Than Protecting Facebook

from the critical-infrastructure dept

Last week, we wrote about a leaked copy of an executive order being worked on by the White House to deal with the lack of “cybersecurity” legislation being passed. We’ve since learned that this is one of two different executive orders being worked on concerning this issue. We are working on getting the other, more focused, draft as well. That said, we noted numerous problems in the draft we did see, including the broad definition of “critical infrastructure,” which basically leaves it pretty open for the feds to declare almost anything “critical infrastructure,” thereby putting tremendous pressure on private companies to comply with a set of rules that may not make much sense.

This is, quite reasonably, raising some concerns. Senator Ron Wyden has sent a letter to the White House’s Cybersecurity Czar Coordinator, J. Michael Daniel, to point out that there’s a pretty big difference between things like nuclear power plants and social networks online — and any executive order that fails to take that into account seems problematic. The full letter is embedded below, but a snippet:

In the case of interactive computer services, such as networks that facilitate commerce, provide search services, or are platforms for social networking and speech, vulnerabilities are unlikely to constitute threats to our national security. It should be clear in any executive order related to cybersecurity that there is a fundamental difference between networks that manage infrastructure critical to public safety, like energy, water, and transportation systems, and those that provide digital goods and services to the public. It would be a profound mistake to subject our growing digital economy to onerous new cyber rules and regulations that stifle innovation, creativity, and job growth. Such rules will not serve to combat the real threat to the nation’s critical infrastructure and national security.

Indeed. While we tend to agree that various internet services are important to our economy, to argue that social networks are somehow the equivalent of energy systems, water treatment plants or the like seems obviously ridiculous. All it ends up doing is leaving a massive opening for the feds to seek much greater access and control over the internet services we use every day than they really need.

There are reasonable fears that some in the government are really using scare stories about planes falling from the sky due to cyberattacks to really open up access to private communications systems on the internet for surveillance purposes. Given what we’ve seen with other spying efforts, such worries seem quite justified. This is not unlike supporters of SOPA using the very narrowly focused issue of fake drugs as an excuse to pass expansive copyright laws dealing with file sharing online. In this case, it seems like those who really just want access to online communications may be using claims of “threats” to “critical infrastructure” to backdoor their way in. And the trick is just to define “critical infrastructure” really broadly. Hopefully people recognize that the definitions here really do matter, and that any executive order is very narrowly focused towards actual critical infrastructure.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Wyden To White House: Protecting Nuclear Power Plants Is Different Than Protecting Facebook”

Subscribe: RSS Leave a comment
Ninja (profile) says:

Sanity! I like Wyden, he seems to be a beacon of sanity amidst all the madness in the US Govt (there are other ‘beacons’ mind you). I’d go further and ask WHY any critical infrastructure is actually connected to the Internet anyway.

It’s worth following the repercutions of this move. In any case, we should be glad we have Wyden and people like him in the US Govt.

Machin Shin (profile) says:

Re: Re: Re:

“If they just keep taking away our Rights they will be leading us towards a Dictatorship or some other form of Repressive Government”

I don’t know about you but personally I think we are already well on our way. In fact I already find our “democracy” being pretty repressive.

To fly you have to submit to being groped by one of the fine members of the TSA. A “search” that would be considered sexual assault coming from anyone else. I mean really, you can sue your damn DOCTOR for touching you that way without a good reason.

They also have admitted to spying on us but refuse to really give any details. All this while setting up their own “terrorists” to arrest so they can look good. This helps them justify the road check points they are trying out in different places.

This government long ago strayed from being for the people. It is now running thing behind closed doors all while blowing lots of hot air about “being transparent”. I am disgusted with the condition our government has gotten to.

Anonymous Coward says:

‘for the feds to seek much greater access and control over the internet services we use every day than they really need’

or should have! those that are trying to bring in this and similar bills are actually really trying to take control of spying on everyone for whatever they might say or do. what i dont understand is why anyone in government would want to do this and brand all citizens as if they are terrorists or subversives. what the hell is wrong with these people? could it be that they are in actual fact the ones that are the terrorists and the subversives and are trying to make sure that anyone that gets close to finding out the truth can be eliminated first? man, that’s scary!!

weneedhelp (profile) says:

Re: Re:

“critical infrastructure is a very well defined term we all know what it means”

Yeah it is anything and everything:

Because national monuments are so essential for the functioning of a society and economy. That’s why we cant have those damn kids dance round there.

Your/our republic is dying a slow death.

Anonymous Coward says:

This really should be a well duh moment. Nuclear power plants have controllers that are largely hardware switches and not the computers we have sitting at a desk. There are no “excess ports” to plug infected hardware (like a mouse or thumb drive) into.

Anyway, what makes anyone (especially politicians) think they could design a backdoor that couldn’t be used against them? Hackers would love for government backdoors because after a little reverse engineering they could use those same exact backdoors and fuck everyone over.

weneedhelp (profile) says:

"critical infrastructure,"

Bush set the stage using “critical infrastructure” as the loophole to be able to declare Marshall law.
It started in The un-Patriot act.


This seems to be similar to Executive Order 13231.

Ha here it is and it is tied to The Patriot act.
Presidential Directive 7:

Critical infrastructure is anything and everything:

Obama/Bush= https://timpreuss.files.wordpress.com/2012/04/obamabush.jpg – Same shit, different asshole.

Anonymous Coward says:

“The weakest link in protecting any system is humans, but I have never seen humans so far removed from the systems able to screw them up even more. Amazing.”

funny thing about all this is, it does not matter at all with good design.. and for the large part in a well designed system (FS/FO) (FAIL SAFE/ FAIL OPERATIONAL), no HUMAN or computer intevention will ‘break’ the system.

if it is not physically possible to remove the control rods of a nuclear power plant beyond a certain level, no computer or human CAN DO IT…

if you put a physical stop on a throttle setting, NO HUMAN or computer can set the throttle to a level that will distroy the engine.

“Nuclear power plants have controllers that are largely hardware switches and not the computers we have sitting at a desk. There are no “excess ports” to plug infected hardware (like a mouse or thumb drive) into.”

not exactly true, they are PLC’s, and networked, but they are not accessible from the internet, or any other public network, they DO have access ports, and the ability to reprogram them (PLC stands for PROGRAMMABLE logic controller), so yes they can be programmed, usually by burning an eprom and physicaly seperate from the PLC, then pulling it apart and installing the new programmed chip…

not something you can do from the internet.

SCADA systems do operate on networks, but not public networks, and never accessable from the internet.

it is possible with these networks, to become a node of that network, but with good design, it is still impossible to destroy or damage systems..

again by employing FS/FO design you get just what you design for, fail safe and fail operational, it can be done, and IS done all the time.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...