Bill would give DHS broader control of cybersecurity, follows corporate-sponsored MIT study recommendations
By End the Lie
In December of last year I covered a study conducted by MIT with the help of “advisers” from the exact corporations which would benefit from the implementation of the recommendations of the report, and now it appears that these ideas have made their way all the way to Capitol Hill.
This bill, which is reportedly currently before Congress, would give the Department of Homeland Security (DHS) significantly more monitoring power of the cybersecurity practices of private industries and services which are supposedly part of the United States’ critical infrastructure.
The details of the bill have yet to be released, and I have not even been able to track down a number for the legislation yet so I can actually read it (if anyone can help me out with this I would be quite grateful).
The small portions of the bill which have been made public attempt to define which companies are covered by the bill, although it is hardly as precise as one might like.
Furthermore, I find it laughable that any legislation is allowed to be kept from the public at all, although given that our current government refuses to even justify why they think they are able to murder Americans without charge or trial, this is hardly unusual.
The companies which will be affected by the bill have systems “whose disruption could result in the interruption of life-sustaining services, catastrophic economic damage or severe degradation of national security capabilities.”
As I’m sure you can tell, this leaves a lot of wiggle room, something which legislators and bureaucrats love because it allows them to exploit the legislation as much as possible without technically violating it.
A recent article in the Washington Post claims that the bill is just going to allow DHS to inspect the computer systems and networks which fall under this jurisdiction in order to determine if they are sufficiently secured against cybersecurity threats.
I’m not sure if DHS and our so-called Representatives are aware, but our own deadly drone fleets are infected with malware. Maybe they should worry about securing the most critical of government systems before beginning to impose themselves on private industries.
If they can’t even manage to secure unmanned aerial vehicles or Pentagon networks, who in their right mind would trust them to tell private industries what to do when it comes to securing their networks?
This bill would allow the DHS to actually require companies to upgrade their systems and improve security if they decide they do not meet their arbitrary standards.
Apparently the legislation was mostly written by the Senate Commerce, Science and Transportation Committee along with the Senate’s homeland panel.
Observers have reportedly noted that there isn’t a “kill switch” provision in the bill which would give the president the authority to shut down internet traffic to anywhere and everywhere whenever he pleased, although of course it is claimed it would only be utilized in a so-called national emergency.
This is likely due to the fact that the concept of a kill switch has been so radically unpopular with the public and created a great deal of backlash and negative publicity.
That being said, a more informal system without the title of “kill switch” could very well be implemented under these network guidelines, although since the bill does not seem to be publicly available at this point it is impossible to tell what those actual requirements will be.
So far some technology companies and the United States Chamber of Commerce have opposed the legislation, saying that voluntary industry self-regulation along with government consultation would be more effective than a brand new set of cybersecurity laws.
Indeed the massive incompetence of individuals in our government, especially when it comes to anything computer-related, should be a matter of considerable concern when dealing with legislation like this.
Stewart Baker, a former assistant secretary at the Department of Homeland Security does not seem to find the concerns of industry professionals to be valid.
Baker believes that the behemoth federal government must get involved in yet another sector about which they know nothing and have demonstrated a complete lack of competence.
He thinks that the concerns of those in the industry who would actually be affected by this legislation are ingenuous because of breaches of computer systems in the past which allegedly show that hackers and governments like Russia and China have already infiltrated industry networks.
Of course the evidence for this is so thin it is almost laughable for Baker to be treating it in this manner, especially given the past history with threats hyped up to a fever pitch, only to turn out to be completely false.
“[Critical infrastructure companies] already have governments in their business, just not the U.S.,” Baker said. “For them to say they don’t want this suggests they don’t really understand how bad this problem is.”
Or, perhaps they understand that turning to the American government is the last thing you want to do if you want to actually be effective and efficient.
Maybe if the government could show that they can actually secure their own networks they might have a right to start telling private entities how to operate. Yet that is obviously not the case and thus I think it ludicrous for them to be attempting to control the operations of outside companies.
I think of it like if I just witnessed a man get beaten to a pulp just to have him get up and try to tell me how to defend myself. In both situations I would have no choice but to laugh say, “You can’t be serious.”
Unfortunately, the Department of Homeland Security and our clueless legislators are indeed serious and their meddling could not only cost the taxpayer countless dollars which we do not even have, but it could also hurt companies and actually make it easier for hackers to take down the system after it has been centralized and standardized.