AOH :: ISN-3277.HTM

Politicians embrace 'cybersecurity' month, but why?

Politicians embrace 'cybersecurity' month, but why?
Politicians embrace 'cybersecurity' month, but why? 

By Declan McCullagh
November 14, 2006

The U.S. House of Representatives on Tuesday took the bold step of 
enhancing America's cybersecurity by approving a resolution in support 
of "National Cyber Security Awareness Month."

The resolution [1], which passed by voice vote, claims the month "will 
provide an opportunity to educate the people of the United States about 
computer security: Now, therefore, be it resolved, that the House of 
Representatives supports the goals and ideals of National Cyber Security 
Awareness Month."

Politicians immediately sent out press releases touting the importance 
of the vote. "National Cyber Security Awareness Month is a chance not 
only to raise awareness about computer vulnerabilities and threats, but 
also to inform people about programs that exist throughout the U.S. to 
educate students, parents, business people, local law enforcement and 
government employees about cyber security and to attract students into 
careers in information technology," said Rep. Bob Inglis, a South 
Carolina Republican.

(They neglected, though, to mention that the vote took place precisely 
six weeks too late: Cyber Security Awareness Month was in October.)

Cyber Security Awareness Month was invented by an industry trade 
association called the National Cyber Security Alliance. It features 
"public relations activities, educational programs, events and 
initiatives throughout October that targets Home Users, Small 
Businesses, Education audiences (K-12 and higher education), and Child 
Safety online."

The vote announcing official support for Cyber Security Awareness Month, 
incidentally, was hardly the only high-profile task facing the House 
Republican leadership during the last days of their tenure. They also 
convened a vote on a not-very-controversial resolution recognizing "the 
important contributions" of the "Christmas tree industry to the United 
States economy."

What might have been a better use of their time? How about these 

* Instead of merely awarding Ds and Fs to federal agencies for 
  lackluster cybersecurity performance, put some teeth behind the 
  ratings. Agencies that don't get at least a gentlemen's C would face 
  budget cuts--a bureaucrat's worst nightmare and a strong incentive for 
  better performance.

* A presidential executive order continues to restrict the unregulated 
  export of encryption products. (Overseas shipments are far easier than 
  they were in the 1990s, but the rules still exist.) Encryption 
  provides necessary security for electronic communications, and 
  nowadays there's no reason for a complex web of export restrictions. 
  Any executive order can be overridden by an act of Congress.

* The Republican-controlled Federal Communications Commission is forcing 
  broadband providers to build in backdoors for government surveillance. 
  But network backdoors intended to be used by police and intelligence 
  agencies can be exploited by malicious hackers, which is why 
  technologists including Vint Cerf, Steven Bellovin and Matt Blaze have 
  warned of the security risks. Any FCC ruling--including this one--can 
  be reviewed and overturned by Congress.

* The Bush administration has been lobbying Congress for data retention 
  laws, which would force Internet companies to keep track of what their 
  customers are doing. Some politicians have already embraced the idea. 
  But a warehouse of users' activities would be a tempting target not 
  just for hackers, but also divorce lawyers and employers hoping to 
  prove what someone did or didn't do online.

* Investigate what took place under the National Security Agency's broad 
  surveillance scheme. While an AT&T whistleblower alleges widescale 
  illegal spying, AT&T and President Bush have acknowledged no 
  wrongdoing. (A lawsuit brought by the Electronic Frontier Foundation 
  is pending, with a hearing set for Friday in San Francisco.) Oversight 
  hearings can answer a key question: Were any laws broken?


Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods