Wyden To White House: Protecting Nuclear Power Plants Is Different Than Protecting Facebook

from the critical-infrastructure dept

Last week, we wrote about a leaked copy of an executive order being worked on by the White House to deal with the lack of "cybersecurity" legislation being passed. We've since learned that this is one of two different executive orders being worked on concerning this issue. We are working on getting the other, more focused, draft as well. That said, we noted numerous problems in the draft we did see, including the broad definition of "critical infrastructure," which basically leaves it pretty open for the feds to declare almost anything "critical infrastructure," thereby putting tremendous pressure on private companies to comply with a set of rules that may not make much sense.

This is, quite reasonably, raising some concerns. Senator Ron Wyden has sent a letter to the White House's Cybersecurity Czar Coordinator, J. Michael Daniel, to point out that there's a pretty big difference between things like nuclear power plants and social networks online -- and any executive order that fails to take that into account seems problematic. The full letter is embedded below, but a snippet:
In the case of interactive computer services, such as networks that facilitate commerce, provide search services, or are platforms for social networking and speech, vulnerabilities are unlikely to constitute threats to our national security. It should be clear in any executive order related to cybersecurity that there is a fundamental difference between networks that manage infrastructure critical to public safety, like energy, water, and transportation systems, and those that provide digital goods and services to the public. It would be a profound mistake to subject our growing digital economy to onerous new cyber rules and regulations that stifle innovation, creativity, and job growth. Such rules will not serve to combat the real threat to the nation's critical infrastructure and national security.
Indeed. While we tend to agree that various internet services are important to our economy, to argue that social networks are somehow the equivalent of energy systems, water treatment plants or the like seems obviously ridiculous. All it ends up doing is leaving a massive opening for the feds to seek much greater access and control over the internet services we use every day than they really need.

There are reasonable fears that some in the government are really using scare stories about planes falling from the sky due to cyberattacks to really open up access to private communications systems on the internet for surveillance purposes. Given what we've seen with other spying efforts, such worries seem quite justified. This is not unlike supporters of SOPA using the very narrowly focused issue of fake drugs as an excuse to pass expansive copyright laws dealing with file sharing online. In this case, it seems like those who really just want access to online communications may be using claims of "threats" to "critical infrastructure" to backdoor their way in. And the trick is just to define "critical infrastructure" really broadly. Hopefully people recognize that the definitions here really do matter, and that any executive order is very narrowly focused towards actual critical infrastructure.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Ninja (profile), Sep 18th, 2012 @ 5:17am

    Sanity! I like Wyden, he seems to be a beacon of sanity amidst all the madness in the US Govt (there are other 'beacons' mind you). I'd go further and ask WHY any critical infrastructure is actually connected to the Internet anyway.

    It's worth following the repercutions of this move. In any case, we should be glad we have Wyden and people like him in the US Govt.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Sep 18th, 2012 @ 5:17am

      Re:

      *repercussions

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      gorehound (profile), Sep 18th, 2012 @ 5:36am

      Re:

      Not enough of them in Government.If they just keep taking away our Rights they will be leading us towards a Dictatorship or some other form of Repressive Government.If so then let the Revolution come.And let them be tarred & feathered who would steal our Freedoms.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Machin Shin (profile), Sep 18th, 2012 @ 6:17am

        Re: Re:

        "If they just keep taking away our Rights they will be leading us towards a Dictatorship or some other form of Repressive Government"

        I don't know about you but personally I think we are already well on our way. In fact I already find our "democracy" being pretty repressive.

        To fly you have to submit to being groped by one of the fine members of the TSA. A "search" that would be considered sexual assault coming from anyone else. I mean really, you can sue your damn DOCTOR for touching you that way without a good reason.

        They also have admitted to spying on us but refuse to really give any details. All this while setting up their own "terrorists" to arrest so they can look good. This helps them justify the road check points they are trying out in different places.

        This government long ago strayed from being for the people. It is now running thing behind closed doors all while blowing lots of hot air about "being transparent". I am disgusted with the condition our government has gotten to.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          el_segfaulto (profile), Sep 18th, 2012 @ 8:33am

          Re: Re: Re:

          Oh Machin, why do you hate democracy? And freedom, liberty, puppies, kittens, and apple pie? A TSA reeducation squad has been dispatched, please do not resist.

           

          reply to this | link to this | view in chronology ]

  •  
    icon
    Josef Anvil (profile), Sep 18th, 2012 @ 5:48am

    Coming soon to a security theater near you

    Next the FBI will be thwarting its own terrorist plots on Facebook and Twitter. See, we needed the executive order!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 18th, 2012 @ 5:57am

    'for the feds to seek much greater access and control over the internet services we use every day than they really need'

    or should have! those that are trying to bring in this and similar bills are actually really trying to take control of spying on everyone for whatever they might say or do. what i dont understand is why anyone in government would want to do this and brand all citizens as if they are terrorists or subversives. what the hell is wrong with these people? could it be that they are in actual fact the ones that are the terrorists and the subversives and are trying to make sure that anyone that gets close to finding out the truth can be eliminated first? man, that's scary!!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    SimonTek, Sep 18th, 2012 @ 6:02am

    laws

    I just have to think of how "well" dmca is actually used for its intended purpose. Seems like it's always used for the wrong purposes. Makes me not trust any SOPA regulation idea's.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 18th, 2012 @ 6:03am

    But Mike! Don't you know you can hack a car (http://www.cnn.com/2012/03/02/tech/mobile/mobile-car-hacking/index.html

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Sep 18th, 2012 @ 6:29am

      Re:

      gah - formatting monster ate the rest of the sarc comment. And I have no idea what I wrote. Oh well - I'll await that edit button.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 18th, 2012 @ 6:16am

    The true problem is with the Executive branch of the government using diktats and signing letters to usurp the will of the people and their rights under the constitution.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 18th, 2012 @ 6:19am

    yes, it's not like if someone posted a video on youtube that would result in the deaths of alot people.

    or that people could not use the internet to plan attacks on critical infrastructure.

    also critical infrastructure is a very well defined term we all know what it means..

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    That One Guy (profile), Sep 18th, 2012 @ 6:41am

    Step 1 for protecting vital electronic infrastructure:

    Do not have it connected, or able to connect, to the internet, ever.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Sep 19th, 2012 @ 7:53pm

      Re: Step 1 for protecting vital electronic infrastructure:

      Have any of the boneheaded managers who violated that rule been punished in any way?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 18th, 2012 @ 7:08am

    This post brought to you by the WydenPAC Unofficial.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 18th, 2012 @ 7:16am

    This really should be a well duh moment. Nuclear power plants have controllers that are largely hardware switches and not the computers we have sitting at a desk. There are no "excess ports" to plug infected hardware (like a mouse or thumb drive) into.

    Anyway, what makes anyone (especially politicians) think they could design a backdoor that couldn't be used against them? Hackers would love for government backdoors because after a little reverse engineering they could use those same exact backdoors and fuck everyone over.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    weneedhelp (profile), Sep 18th, 2012 @ 7:32am

    "critical infrastructure,"

    Bush set the stage using "critical infrastructure" as the loophole to be able to declare Marshall law.
    It started in The un-Patriot act.
    https://en.wikisource.org/wiki/Author:George_Herbert_Walker_Bush/Executive_orders

    https://e n.wikipedia.org/wiki/List_of_United_States_federal_executive_orders

    This seems to be similar to Executive Order 13231.

    Ha here it is and it is tied to The Patriot act.
    Presidential Directive 7:
    http://www.dhs.gov/homeland-security-presidential-directive-7

    Critical infrastructure is anything and everything:
    http://online.tarleton.edu/ACEF/IFPIL/IFPIL5.html

    Obama/Bush= https://timpreuss.files.wordpress.com/2012/04/obamabush.jpg - Same shit, different asshole.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 18th, 2012 @ 9:40am

    so, if Wyden is expecting any sort of response other than

    'duh! is there?'

    i think he's gonna be out of luck!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    That Anonymous Coward (profile), Sep 18th, 2012 @ 3:51pm

    The weakest link in protecting any system is humans, but I have never seen humans so far removed from the systems able to screw them up even more. Amazing.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 18th, 2012 @ 6:32pm

    "The weakest link in protecting any system is humans, but I have never seen humans so far removed from the systems able to screw them up even more. Amazing."

    funny thing about all this is, it does not matter at all with good design.. and for the large part in a well designed system (FS/FO) (FAIL SAFE/ FAIL OPERATIONAL), no HUMAN or computer intevention will 'break' the system.

    if it is not physically possible to remove the control rods of a nuclear power plant beyond a certain level, no computer or human CAN DO IT...

    if you put a physical stop on a throttle setting, NO HUMAN or computer can set the throttle to a level that will distroy the engine.

    "Nuclear power plants have controllers that are largely hardware switches and not the computers we have sitting at a desk. There are no "excess ports" to plug infected hardware (like a mouse or thumb drive) into."

    not exactly true, they are PLC's, and networked, but they are not accessible from the internet, or any other public network, they DO have access ports, and the ability to reprogram them (PLC stands for PROGRAMMABLE logic controller), so yes they can be programmed, usually by burning an eprom and physicaly seperate from the PLC, then pulling it apart and installing the new programmed chip...

    not something you can do from the internet.

    SCADA systems do operate on networks, but not public networks, and never accessable from the internet.

    it is possible with these networks, to become a node of that network, but with good design, it is still impossible to destroy or damage systems..

    again by employing FS/FO design you get just what you design for, fail safe and fail operational, it can be done, and IS done all the time.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This