Wyden To White House: Protecting Nuclear Power Plants Is Different Than Protecting Facebook
from the critical-infrastructure dept
Last week, we wrote about a leaked copy of an executive order being worked on by the White House to deal with the lack of "cybersecurity" legislation being passed. We've since learned that this is one of two different executive orders being worked on concerning this issue. We are working on getting the other, more focused, draft as well. That said, we noted numerous problems in the draft we did see, including the broad definition of "critical infrastructure," which basically leaves it pretty open for the feds to declare almost anything "critical infrastructure," thereby putting tremendous pressure on private companies to comply with a set of rules that may not make much sense.This is, quite reasonably, raising some concerns. Senator Ron Wyden has sent a letter to the White House's Cybersecurity
In the case of interactive computer services, such as networks that facilitate commerce, provide search services, or are platforms for social networking and speech, vulnerabilities are unlikely to constitute threats to our national security. It should be clear in any executive order related to cybersecurity that there is a fundamental difference between networks that manage infrastructure critical to public safety, like energy, water, and transportation systems, and those that provide digital goods and services to the public. It would be a profound mistake to subject our growing digital economy to onerous new cyber rules and regulations that stifle innovation, creativity, and job growth. Such rules will not serve to combat the real threat to the nation's critical infrastructure and national security.Indeed. While we tend to agree that various internet services are important to our economy, to argue that social networks are somehow the equivalent of energy systems, water treatment plants or the like seems obviously ridiculous. All it ends up doing is leaving a massive opening for the feds to seek much greater access and control over the internet services we use every day than they really need.
There are reasonable fears that some in the government are really using scare stories about planes falling from the sky due to cyberattacks to really open up access to private communications systems on the internet for surveillance purposes. Given what we've seen with other spying efforts, such worries seem quite justified. This is not unlike supporters of SOPA using the very narrowly focused issue of fake drugs as an excuse to pass expansive copyright laws dealing with file sharing online. In this case, it seems like those who really just want access to online communications may be using claims of "threats" to "critical infrastructure" to backdoor their way in. And the trick is just to define "critical infrastructure" really broadly. Hopefully people recognize that the definitions here really do matter, and that any executive order is very narrowly focused towards actual critical infrastructure.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: critical infrastructure, cybersecurity, ron wyden
Reader Comments
The First Word
“Step 1 for protecting vital electronic infrastructure:
Do not have it connected, or able to connect, to the internet, ever.Subscribe: RSS
View by: Time | Thread
It's worth following the repercutions of this move. In any case, we should be glad we have Wyden and people like him in the US Govt.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Coming soon to a security theater near you
[ link to this | view in thread ]
or should have! those that are trying to bring in this and similar bills are actually really trying to take control of spying on everyone for whatever they might say or do. what i dont understand is why anyone in government would want to do this and brand all citizens as if they are terrorists or subversives. what the hell is wrong with these people? could it be that they are in actual fact the ones that are the terrorists and the subversives and are trying to make sure that anyone that gets close to finding out the truth can be eliminated first? man, that's scary!!
[ link to this | view in thread ]
laws
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
I don't know about you but personally I think we are already well on our way. In fact I already find our "democracy" being pretty repressive.
To fly you have to submit to being groped by one of the fine members of the TSA. A "search" that would be considered sexual assault coming from anyone else. I mean really, you can sue your damn DOCTOR for touching you that way without a good reason.
They also have admitted to spying on us but refuse to really give any details. All this while setting up their own "terrorists" to arrest so they can look good. This helps them justify the road check points they are trying out in different places.
This government long ago strayed from being for the people. It is now running thing behind closed doors all while blowing lots of hot air about "being transparent". I am disgusted with the condition our government has gotten to.
[ link to this | view in thread ]
or that people could not use the internet to plan attacks on critical infrastructure.
also critical infrastructure is a very well defined term we all know what it means..
[ link to this | view in thread ]
Re: laws
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Step 1 for protecting vital electronic infrastructure:
[ link to this | view in thread ]
[ link to this | view in thread ]
Anyway, what makes anyone (especially politicians) think they could design a backdoor that couldn't be used against them? Hackers would love for government backdoors because after a little reverse engineering they could use those same exact backdoors and fuck everyone over.
[ link to this | view in thread ]
"critical infrastructure,"
It started in The un-Patriot act.
https://en.wikisource.org/wiki/Author:George_Herbert_Walker_Bush/Executive_orders
https://e n.wikipedia.org/wiki/List_of_United_States_federal_executive_orders
This seems to be similar to Executive Order 13231.
Ha here it is and it is tied to The Patriot act.
Presidential Directive 7:
http://www.dhs.gov/homeland-security-presidential-directive-7
Critical infrastructure is anything and everything:
http://online.tarleton.edu/ACEF/IFPIL/IFPIL5.html
Obama/Bush= https://timpreuss.files.wordpress.com/2012/04/obamabush.jpg - Same shit, different asshole.
[ link to this | view in thread ]
Re:
Yeah it is anything and everything:
http://online.tarleton.edu/ACEF/IFPIL/IFPIL5.html
Because national monuments are so essential for the functioning of a society and economy. That's why we cant have those damn kids dance round there.
http://www.huffingtonpost.com/2011/05/30/jefferson-memorial-dancing-arrests_n_868719.html
Your/our republic is dying a slow death.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re:
A video on Youtube killed a bunch of people? How does that work?
I thought a bunch of people were manipulated into overreacting to a video posted on Youtube and were then driven to kill others.
[ link to this | view in thread ]
'duh! is there?'
i think he's gonna be out of luck!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
People could sit in a coffee shop and plan attacks on critical infrastructure. Oh noes, we need a coffee shop security act! Camera's and mics focused on every table is a requirement.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
funny thing about all this is, it does not matter at all with good design.. and for the large part in a well designed system (FS/FO) (FAIL SAFE/ FAIL OPERATIONAL), no HUMAN or computer intevention will 'break' the system.
if it is not physically possible to remove the control rods of a nuclear power plant beyond a certain level, no computer or human CAN DO IT...
if you put a physical stop on a throttle setting, NO HUMAN or computer can set the throttle to a level that will distroy the engine.
"Nuclear power plants have controllers that are largely hardware switches and not the computers we have sitting at a desk. There are no "excess ports" to plug infected hardware (like a mouse or thumb drive) into."
not exactly true, they are PLC's, and networked, but they are not accessible from the internet, or any other public network, they DO have access ports, and the ability to reprogram them (PLC stands for PROGRAMMABLE logic controller), so yes they can be programmed, usually by burning an eprom and physicaly seperate from the PLC, then pulling it apart and installing the new programmed chip...
not something you can do from the internet.
SCADA systems do operate on networks, but not public networks, and never accessable from the internet.
it is possible with these networks, to become a node of that network, but with good design, it is still impossible to destroy or damage systems..
again by employing FS/FO design you get just what you design for, fail safe and fail operational, it can be done, and IS done all the time.
[ link to this | view in thread ]
Re: Step 1 for protecting vital electronic infrastructure:
[ link to this | view in thread ]