If There's A National Cybersecurity Policy, What Should It Cover?

from the if-anything... dept

Mon, Dec 8th 2008 5:33pm — Mike Masnick

A bunch of folks have been sending in the various news stories about a new report recommending to the incoming presidential administration a set up a national cybersecurity policy, which is the sort of broad pronouncement that many people would instinctively agree with. However, it's not really clear what this covers. The report covers both government and private companies' computer networks, as if the issues and challenges facing each should be covered under a single plan. There's also talk of some new kind of warrant called "data warrants" rather than search warrants. Obviously, protecting internet infrastructure from foreign attacks is a good thing, but there's a lot here that seems like a grab for power -- and the ability to more closely gather and monitor data.

The fact that government networks and security of government computers is a mess is one issue, but it shouldn't be mixed in with private companies protecting their own data. The two issues should be tackled separately. If the government needs to fix its own computer network and security policies, that seems like a reasonable job for the national CIO that Obama has indicated is a part of his plan, rather than a separate cybersecurity policy.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, national policy

6 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 8 Dec 2008 @ 11:20pm

"Power corrupts, and absolute power corrupts absolutely." - Lord Acton

Too many of our rights are being taken with anyone standing up.
[ link to this | view in chronology ]
Matt Goldman, 9 Dec 2008 @ 5:25am

Natl Cybersecurity Policy
We don't need the fed govt getting into the IT racket. Mainly because it would most likely result in further erosion of privacy under the guise of protection. It would also most likely result in a clusterf**k.
[ link to this | view in chronology ]
Cyber Operations Officer, 9 Dec 2008 @ 7:41am

National Unity with respect to Cyber Operations is a good thing
If you conduct business with the Government such as various contracted organizations then you should definitely comply and possibly be on a private network. As far as individuals that choose not to comply then you should have limited access to Government systems. It's time to lock down our systems. We are far to open and the President should decide whether to lock it down or shut it down since terabytes of data are streaming into Russia, China, mobs, private hacking orgs, etc. stealing everything from personal identity information and credit card info to leaked classified data. This is not just from the Government, it is from .com's also (Health care, Banking, e-commerce, etc.). There is a coordinated effort from our enemies to take us down in cyberspace and they are winning. With no coordinated response plan then the Internet that we have created will become/has become our Achilles's Heal and China and Russia both know it and are pouring billions into security companies such as Kaspersky to undermine and covertly tunnel data out of the country. Make no mistake the war is on and while our attention is focused on Iraq, Iran, North Korea, stan's, India, we're losing the secret cyber war... and all to protect your rights such as the Anonymous Coward...
[ link to this | view in chronology ]
Greg Schwartz, 9 Dec 2008 @ 11:09am

The Fed govt is already into the IT racket
See my story this week:

The panopticon economy
The NSA’s new data-mining facility is one component of a growing local surveillance industry
by Greg M. Schwartz
http://sacurrent.com/news/story.asp?id=69607
[ link to this | view in chronology ]
Pierre, 9 Dec 2008 @ 12:12pm

Definitions don't hurt
I've not read the report in question, so maybe I'm missing some big pieces here, but Masnick's complaint cites the existence of a new "data warrant", and then goes on to state that it looks like a power grab.

I consistently notice that many people have problems adapting old concepts of property and space to the new information-based world - reference the continued (and correct) postings about using free to drive market demand.

Isn't this just a way for the gov't to recognize that, when it is seizing hard drives, it is not the actual hard drive that is being targeted, but the data it contains? I think it is better for the government to get warrants for the things they actually want, rather than something that contains it?
[ link to this | view in chronology ]
Xiera, 9 Dec 2008 @ 4:14pm

What it should cover
I think there are two things to consider here:

1) National security - there are already standards in place to protect classified government information and these clearly apply to electronic data as well. Persons or organisations with access to the classified information must have the necessary clearance and a need to know. It is then their responsibility to safeguard the information. This isn't so much a technology issue -- though technology such as data encryption should obviously be used -- as much as it's a social issue. Because the existing system is based on trust (and background checks), the answer, it would seem, is harsher punishment for breaking these laws. Granted, it doesn't do much in the way of prevention, but some things (particularly social things) cannot be solved with technology.

2) Personal security - the only other area of concern, as far as I can tell, is safeguarding personal information. This includes credit card information, social security numbers, etc. While any and all services that require this kind of information should take every measure possible to protect it, the protection provided is not always sufficient. If the government is going to impose IT laws, it should be the information security aspect that is the central theme. Personal information of any kind should be treated like classified information with suggestions and guidelines to follow to secure the information and harsh penalties for not following the regulations.

Imposing legislation on any matter other than national or personal security is wrong and a violation of the greatest right in America: choice. Persons and organisations should maintain the right of choice in all matters, so long as their choices do not negatively impact the security of others.
[ link to this | view in chronology ]