What Do Sandy & Pearl Harbor Have In Common? Politicians Exploit Both To Push Cybersecurity Agendas
from the but-of-course dept
Defense Department boss Leon Panetta has been recycling his cyber Pearl Harbor ghost stories for a few years now to push for expansive cybersecurity legislation (i.e. budget and power to spy on people), but Pearl Harbor is a bit outdated these days. So why not shoot for a more contemporary reference? Why not something in the "now"? Well, Homeland Security boss Janet Napolitano (who's in a bit of a turf war with Panetta over who gets control -- again, budget and power to spy on people -- of "cybersecurity") has decided to go with the most contemporary possible reference: Hurricane Sandy. Apparently, to Napolitano, the answer to the question of "how soon is it appropriate to cynically abuse the story of Hurricane Sandy for political gain?" is "right away."Napolitano, who, you may remember, doesn't know how the internet works, went to a cybersecurity event on Wednesday to warn that without cybersecurity legislation, an attack might be just as bad as Hurricane Sandy. Quoting a report from Hillicon Valley:
After Hurricane Sandy wreaked havoc on the East Coast, Napolitano said people should look than no further than the damage caused by the massive storm to understand the need to boost the nation's cybersecurity protections.I'd say that it's not so much the utility downtime that's been the problem with Hurricane Sandy compared to, say, the wind and the copious amounts of water falling from the sky and piling up on the ground. Last I checked, that can't be controlled via a computer (leaving wacky conspiracy theories aside).
"One of the possible areas of attack, of course, is attacks on our nation's control systems — the control systems the operate our utilities, our water plants, our pipelines, our financial institutions," Napolitano said. "If you think that a critical systems attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities."
"The urgency and the immediacy of the cyber problem; the cyberattacks that we are undergoing and continuing to undergo can not be overestimated," she said.
As per usual, when it comes to cybersecurity threats, Napolitano (like pretty much every single other politician pushing for legislation) refused to get into specifics about how real any threat is -- other than to make scary "be afraid, be very afraid!" noises. The one time she was asked about a specific threat, she immediately went vague, but in full-on FUD mode:
When asked by Post editor Mary Jordan about whether hackers are stealing information or money from banks, Napolitano answered "yes" and then quickly added, "I really don't want to go into that per se."Is it really so crazy to think that if the government is going to pass a bill that has broad implications for our privacy, they should at least come up with a legitimate and clear explanation for why it's needed? Instead they toss out scare stories about hackers stealing money, planes falling from skies and utilities shutting down -- without any proof that any of it is actually likely or possible.
"All I want to say is that there are active matters going on with financial institutions," she said.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, fud, grandstanding, homeland security, hurricane sandy, janet napolitano
Reader Comments
Subscribe: RSS
View by: Time | Thread
Sandy, you whore!
I thought you meant something special to everyone!
[ link to this | view in chronology ]
*Drops mic. Walks off stage.*
[ link to this | view in chronology ]
What I would Love to see...
And if the reply is 'They're not', then follow up by asking what precisely the bills they're proposing would do, that simple on-site personnel training and security couldn't do better.
[ link to this | view in chronology ]
Re: What I would Love to see...
I'm pretty sure this one involves a cushy multi-billion dollar contract being handed to a "friend's" cyber-security company.
What we're witnessing is just another symptom of corruption, played out in the public theater.
[ link to this | view in chronology ]
Re: Re: What I would Love to see...
However, if the public forced them to actually admit that, to admit that the efforts they are pushing for would be at best ineffective, and likely to cause much more harm then they are trying to prevent, then there would at least be a chance that the real reasons would come to light, and political reasoning tends to be rather like mold, it does best when it's hidden from view and allowed to grow unchecked.
[ link to this | view in chronology ]
Re: Re: Re: What I would Love to see...
People simply do not pay attention, or do not care enough to do anything.
Those few who do care are marginalized. The man yelling "this will do nothing!" would be removed by security. Later, he'd be smeared on Fox/CNN as a nutter; a crazy conspiracy theorist who's also a racist and a pedophile.
The average (un)informed person would laugh a little about the loud nutjob and continue on, oblivious to what they see but fail to comprehend.
[ link to this | view in chronology ]
Re: What I would Love to see...
The reply would never be "They're not". These people are very good at not answering questions they don't like, so you would get a paragraph of gobbledy-gook that doesn't answer anything.
[ link to this | view in chronology ]
Whew.
After reading the linked article there, I find it reassuring to know that there are people out there who wear their tinfoil hats all the time regardless of who is watching. As opposed to someone like me who occasionally dons on their stylish tinfoil-lined wizard's hat and wades in Conspiracy Land now and then. Makes me feel a little saner I guess.
[ link to this | view in chronology ]
Re: Whew.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Cyberspy on cyberpeople and cyberblock cyberaccess to cybersites... because cybeterrorists? Cyberyes.
[ link to this | view in chronology ]
Re:
I haven't seen examples of this my self, but I have heard from two different sources I trust that they have personally seen people who simply cannot count standard US currency; I am unsure why, but suspect some combination of: they can't count, or their memory is easily corrupted.
Another example are phishing emails: clearly a frightening percentage of our population believes these (and worse, self-selects), otherwise it would not be economically viable to engage in that behavior.
The above two ideas combine to support my point. There simply are some people who will 'fail' in the context of security. There is also, of course, the 'boss'/'ceo' syndrome of poor security when it is inconvenient.
I am, however, beginning to suspect that some kind of 1:2-4 X enciphering system and a modified version of one-time-pads should be used for high security low I/O per second. Data plus replacement key-pad and a bit of channel noise (message padding) could be sent to keep equipment on otherwise public channels communicating in a way that almost not susceptible to any exploitable algorithm (You'd have to slightly obfuscate the data to prevent statistical attacks; but compression and a small bit of scrambling should be more than sufficient).
[ link to this | view in chronology ]
Re: Re:
I do know of one case where writing when sensitive information was safe, and that was writing a PIN on the wall by the cash machine the person always used. It was a popular machine, so it could have belonged to any of thousands of people.
[ link to this | view in chronology ]
Re: Re:
Sure, but those people don't have to work in positions that involve security.
[ link to this | view in chronology ]
If there are any critical systems exposed to the internet, then the IT Engineers involved should be fired. There is no reason I see that we need to be able to remotely control any critical systems off-site.
As long as we have stupid people, we will NEVER be 100% secure with our IT infrastructure. As for using the storm as a comparison, we knew it was coming DAYS in advance.
[ link to this | view in chronology ]
With control should come reponsibility
[ link to this | view in chronology ]
It's stuff like this that proves you're just a yellow journalist, spreading FUD and discrediting everyone who you dislike. You say: "Napolitano, who, you may remember, doesn't know how the internet works . . . ."
That is a completely, 100% bullshit statement. You cite your last article, where you discredited this very well respected and accomplished person for admitting she doesn't use email. You claimed that she was therefore unqualified to do her job (as you so often do while stomping your feet as you discredit others), but you were COMPLETELY UNABLE to name even one thing that she did not understand or could not do.
Please explain how you get her admission that she doesn't USE email to reach your conclusion that she "doesn't know how the internet works." Seriously. Don't run away. Don't mince your words. Just answer the direct question with a direct answer, or admit that you are deliberately lying.
WTF is wrong with you that you feel the need to LIE to discredit those in power? Seriously. I know you won't address any of my points and that you'll run away as you are again called out for your bullshit. You're too much of a coward, and you know it. Seriously, dude, the fact that you lie and claim that she "doesn't know how the internet works" proves that you're a piece of shit who just panders to the lobotomized.
[ link to this | view in chronology ]
Re:
It is? If it's 100% bullshit, then why does she talk so much nonsense about internet security and the best way to address it? If, as you imply, she knows whereof she speaks then she must be being deliberately deceptive.
And personally, I agree with that proposition. I don't think she's stupid about the internet. I think she's lying in an attempt to make people so scared that they're willing to go along with plans to make the internet much less free.
[ link to this | view in chronology ]
Re:
Next, I will ignore the ridiculous ad hominems peppered throughout your comment, and focus on the key issues.
You cite your last article, where you discredited this very well respected and accomplished person for admitting she doesn't use email. You claimed that she was therefore unqualified to do her job (as you so often do while stomping your feet as you discredit others), but you were COMPLETELY UNABLE to name even one thing that she did not understand or could not do.
There are certain things that you cannot understand if you are not engaged in them on a regular basis. How the internet functions is one of those things. She did not admit to just not using email, but also not using internet services. It is my studied and experienced opinion, that if someone does not use the internet, they will have very little understanding of how the internet works, why it's important that it works the way it does, and why blanket statements about threats on the internet may not be accurate.
That's not lying, that is my considered opinion as someone who has been involved in this field for quite some time.
That you take my opinion -- one that I stand behind -- and insist that it is some nefarious plot to lie is an issue for you to deal with. The rest of your comment is nothing but ad hominems and faulty reasoning, so there is nothing else to respond to.
Now, I fully expect that since this answer does not comport to your "expected" answer, that you will continue to freak out. I will request, politely, that perhaps you think twice about that, and realize that, perhaps, I am not the evil strawman you have built up in your head.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
f00k off already
hackers are as important to life as your lungs....
like your war on drugs they will never be eradicated as they are human nature ....
you can't legislate out curiosity from the human race....
[ link to this | view in chronology ]
The secret they don't want you to know
[ link to this | view in chronology ]
F-U-C-K-Ing !
[ link to this | view in chronology ]
The US already stated that a cyberattack is a reason to declare war. So in essence they've already done that with Iran.
If the infrastructure is in such fragile disarray as to be vurnable to cyber attack causing the likes of Pearl Harbor to the US, what is it doing still connected to the internet?
How about our politicians get a clue and go after the makers of SCADA software that did not include security as part of the package? After all we're not talking new software or anything. The whole SCADA system setup is obsolete telephony methods adapted to industry. You'd think in all this time it would have dawned on someone you don't put a default backdoor password in specialized routers that can not be deleted or changed. This is not rocket science. It's basic security.
[ link to this | view in chronology ]
Fear!
OMG terrorists are going to hire Gus Gorman to hack the Vulcan weather satellite and cause hurricanes in NY!!! Someone has to DO SOMETHING!!!1! GIVE US MORE MONEY TO REPEAL THE 4TH AMENDMENT NOW OR WERE ALL DOOOOOOMED!!!1!11!1one
[ link to this | view in chronology ]
Paranoia breeds paranoia
[ link to this | view in chronology ]
[ link to this | view in chronology ]