Critical infrastructure protection: Maybe thinking good thoughts will make us safe
Network World - Joe Lieberman (I-Conn.) retired in January after quite a colorful two-dozen years in the U.S. Senate. One of the major issues he pushed for during his last few years in office was protection of the U.S. critical infrastructure. Along with Sen. Susan Collins (R-Maine), Lieberman put forth a series of bills aimed at requiring some level of protection for such infrastructure, the last of these being voted down in November.A
President Obama has now issued a "Presidential Policy Directive" on "Critical Infrastructure Security and Resilience." This directive was accompanied by an Executive Order on "Improving Critical Infrastructure Cybersecurity." Sadly, the president's efforts may turn out to be about as useful as Lieberman's.
[ RELATED: Obama signs cybersecurity order ]
The senator's efforts ultimately failed because 2012 was an election year. But the big beef against his bill was that it actually called for companies to take responsibility for the risks that they had created. Sen. John McCain (R-Ariz.) headed the attacks saying, "unelected bureaucrats at the DHS could promulgate prescriptive regulations on American businesses, which own roughly 90% of critical cyber infrastructure."
I will admit that the fact that the Lieberman/Collins bill would have put the Department of Homeland Security -- you know, the people that bring you the security theater that is the TSA -- in charge of protecting critical infrastructure made it a lot harder to take the proposal seriously. But the McCain assumption that the folks that run our power plants, hospitals, transportation and financial networks will suddenly wake up on their own and start protecting the infrastructures they have so carelessly and assiduously left exposed strains credibility.
The Obama executive order says that the "critical infrastructure" of concern is "where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security." OK, you got me at "catastrophic ... effects." According to the dictionary that came with my Mac, "catastrophic" means "involving or causing sudden great damage or suffering." The type of things that Joel Brenner wrote about in his book "America the Vulnerable." Lots of people dying, the economy collapsing -- fun things like that.
Right now there is no actual legal requirement that the controls for a power company's plants be secure from hacking. There is also no personal liability for anyone working at the power company if they do not exercise common sense to try to protect against vendor stupidity that builds in security vulnerabilities. Nor is there any liability for a vendor that purposefully decides to make its products insecure and fails to tell customers.A
There are regulations that require hospitals to protect medical records and universities to protect student educational records, but there are none that require a power company to protect its generating capacity or a hospital to protect its physical plant -- which is just as important to patient care as are the records. Imagine, if you will, what might happen to critically ill patients in a hospital in Dallas if the AC was turned off in mid-August. In this case the hacker went to jail, but what about the hospital engineers who installed the AC controllers in such a way that they were accessible over the Internet? In my opinion, they should share the blame.
The Obama effort bows to those in Congress who care less about protecting our health and safety than they do about protecting the pocketbooks of their campaign donors. That is not only sad, but it is a clear and present danger to us all. Prediction: Real requirements and liability will be established in law only after a major example of why it has been needed for years -- i.e., the Federal Aviation Administration style of fatality-based regulating.
Disclaimer: In spite of Harvard's feeling of self-importance I am not sure that any of its facilities would meet an objective definition of critical infrastructure. In any case, I have heard no opinions from the university on this topic, so the above lament about administration and congressional impotence is my own.
Read more about wide area network in Network World's Wide Area Network section.
- Top 12 Laptop Bags for Mobile Pros
- Think Deleted Text Messages Are Gone Forever? Think Again
- 7 New Faces of the C-suite
- 5 Ways CIOs Can Rationalize Application Portfolios
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
NSA: Riding on Facebook's horse tail.
The U.S. National Security Agency (NSA) is once again close to denying reports that it is indiscriminately monitoring every computer on planet Earth. This time, the freshest, newest, most recent report of NSA mass-surreptitiousness (courtesy Edward Snowden -- ta) alleges the sneaky agency infects computers with malware via a fake Facebook (NASDAQ:FB) login page.
In IT Blogwatch, bloggers play keep-away with the man-in-the-middle.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Infographic: Team Effectiveness
- Work is changing. We're global, mobile and distributed - we're virtual teams. This infographic illustrates our 2013 survey of over 1700 people around...
- Unify top five predictions in enterprise communications for 2014
- Around the globe, a new way to work is taking hold - and 2014 will be a turning point.
- The Business Case for the Enterprise Cloud
- This article aims to explore the business case for the enterprise cloud, focusing on public cloud Infrastructure-as-a-Service (IaaS). The discussion will examine the...
- Four Myths of High-Productivity App Dev Debunked
- Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them. All Government IT White Papers
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
- Top 8 Communications Tools for Small Businesses Powerful technology is available to help your small business improve its communications with customers, employees and suppliers. View this free On-Demand Webcast produced...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- All Government IT Webcasts