[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: Richard Forno on Congress' "cyberterrorism" bills




------- Forwarded message follows -------
Date sent:      	Sat, 2 Feb 2002 01:02:59 -0800 (PST)
From:           	Declan McCullagh <declan@well.com>
To:             	politech@politechbot.com
Subject:        	FC: Richard Forno on Congress' "cyberterrorism" bills
Send reply to:  	declan@well.com



---------- Forwarded message ----------
Date: Fri, 01 Feb 2002 12:24:54 -0500
From: Richard Forno <rforno@infowarrior.org>
To: declan@well.com, politech@politechbot.com
Subject: Comments on Recent Security Legislation Proposals

A few comments on the two pieces of legislation making the security
news this week - the "Cyberterrorism Preparedness  Act" and the
"Cyberterrorism Preparedness  Act" of 2002. Pardon the parts that
sound like a rant, but sometimes, a rant is a good thing. :)

Reference: http://www.fas.org/irp/congress/2002_cr/s1900.html

When will Congress and the US Government get over their infatuation
with the sensational term "Cyber"?? Professionals in the security
field rarely if ever use the term "cyber" anymore.  Our elected
leaders sound like a bunch of uninformed cable news analysts with
their constant use of 'cyber' buzzwords - although the moniker 
'cyber-clueless' seems appropriate for many of these folks given what
I've seen so far. 'Cybersecurity' is a meaningless term that tells me
that nine times out of ten, the person saying it has little or no
understanding of information assurance practices.

Note both of these proposed Acts throw large money for research and
long-term analysis of security-related problems. It seems to me
there's more money being spent analyzing our problems than actually
addressing them, even though we already KNOW what (and where) the
problems are!

For those that don't yet know, the government continues to ignore the
clear, present, and immediate issues in favor of long-term 'problem
deferrments' because of two words - ignorance and politics...the
things that make Washington go 'round and 'round year after year.

Comments on  - "Cyberterrorism Preparedness  Act of 2002".

Note in the definitions for this bill there is not one reference to
"cyberterrorism" yet it's the short name of the introduced
legislation. One wonders again how many times we'll see "terrorism" in
the short name of a bill just to garner attention and make it sound
Homeland-Security-ish.

Seems like anything with the word "terrorism" in it is almost
guaranteed to reach a floor vote in the House and Senate these days.
That being said, I wonder how long until our favorite industry cartels
- the RIAA and MPAA  - begin lobbying to introduce the "Entertainment
Terrorism Prevention Act" to classify anyone not buying multiple
identical copies of copy-protected content as terrorists and a threat
to national economic welfare and security (wait - Jack Valenti did
that two years ago in a Senate hearing); and if certain folks in
government and the private sector have their way, the "Knowledge-Based
Terrorism Preparadness Act" will prohibit anyone from knowing anything
that could harm anyone at any time in any fashion. (Okay, that's a bit
far, but you get the idea....)

FWIS, this Act proposes to create yet another government bureaucracy
to support long-term projects, research, and guidance. Yet there's
once again NOTHING to address immediate, tactical, already-known
vulnerabilities in our national information infrastructure.

This is simply another strategic, not tactical or operational,
approach to a partial solution. 

Comments on - "Cyberterrorism Preparedness  Act of 2002".

How quickly people forget that waving a magic wand, getting a
certification or degree does not make someone an instant professional
in ANY discipline, contrary to what the companies/vendors/lawmakers
preach and think.

In this Act, the definition of what constitutes courses in
'cybersecurity' leads me to believe that any institution teaching
students how to deploy routers, build networks, or troubleshoot
Windows could qualify it under this program. An interesting stretch,
if not a partially  valid statement. For now, I'll agree with it.

FWIS, this proposed bill establishes professional criteria for the
initial crop of 'cybersecurity professors' but does not specify what
criteria or professional involvement/activities they must continue to
perform to remain eligible for program participation, nor does it
specify what the school must do to insure that their intitial crop of
'cybersecurity' professors don't become tenured and fall into that
'tenured tunnel-vision job-is-safe rut' that many of us have suffered
through as either students or departmental colleagues - leading to
poor education and classroom lectures based on antequated knowledge.
We need to ensure these professors have, and continue to conduct,
truly recognized research, writing, and operational work in the
security arena, otherwise this grant program becomes nothing more than
academic welfare for our universities and will hinder, not help, our
national information security posture.

If done correctly - this could become a beneficial program for the
security profession - and as a security professional, I'm thankful for
any qualified assistance we could get in this field. As with all
things, the proof will be in the first crop or two of graduates. If
this program can produce graduates that have the academic technical
background -and- the appropriate hands-on expertise (from internships
or relevant lab work) it may indeed become a good
program....book-smarts, like an industry or vendor certification,
won't cut it alone. 

Time will tell on this one.

(See also my Securityfocus column "White House CyberSecurity - Jobs,
Research, and Rhetoric, but Few Results" at
http://www.securityfocus.com/columnists/46)


Just a few thoughts.

Rick
infowarrior.org






----------------------------------------------------------------------
--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. Declan McCullagh's photographs are at
http://www.mccullagh.org/ To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/
----------------------------------------------------------------------
--- Events: Congreso Nacional de Periodismo Digital in Huesca, Spain
from Jan. 17-18 (http://www.congresoperiodismo.com) and the Second
International Conference on Web-Management in Diplomacy in Malta from
Feb. 1-3. (http://www.diplomacy.edu/Web/conference2/)
----------------------------------------------------------------------
---

------- End of forwarded message -------


-- 
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de