Feeds

Fed cybersecurity initiative boosts TCPA

The White House likes Palladium

  • alert
  • submit to reddit

The next step in data security

On Wednesday a group of federal bureaucrats, business representatives and industry lobbyists will be rolling out a draft of the White House's new initiative to enlist the computing public in the task of defending cyberspace. Originally, the Feds had planned to roll out a final draft, but this has been delayed due to unresolved conflicts among the technology companies the scheme will be affecting.

An earlier draft of the White House plan, drawn up under the direction of cybersecurity Czar Richard Clarke, has been leaked. We don't know how up-to-date it is; but it's been posted on-line as a series of .jpeg images in no particular order. Tomorrow, with luck, we'll get to see an updated 'official' version, but this one should help satisfy curiosity in the mean time, even if it's outdated.

A lot of it, I must say, is good old-fashioned common-sense. The government feels that the Internet's BGP (Border Gateway Protocol) is too easy to attack; and they're right. They recommend the adoption of a secure version (S-BGP) which is already in development. But uptake has been slow because it involves investment in new kit, and like most bureaucratic efforts, this one neglects to solve the basic problem: how do we entice, shame, cajole, threaten, bribe, private companies into discarding their property and buying new stuff to replace it?

Routers and switches and their operating systems should be beefed up, we're told. Fine, but who's going to pay for that? SCADA systems need stronger authentication mechanisms; but of course this involves a performance hit so we'll need very low-latency auth devices. And that's an excellent idea. Anyone care to donate the hundreds of millions of dollars needed? Bill Gates, are you there, buddy?

ISPs should implement ingress and egress filtering to make attacks involving IP spoofing more difficult. Yup, they should all right. Who's going to make them do it? Congress? Right; Congress doesn't know the difference between a packet filter and a packet of dust filters.

We're talking about companies here with (severely battered) shareholders to answer to. You don't just tell them, 'gee, it would be great if y'all would spend a few billion dollars making the Internet a bit safer for us all to use.' It has to make business sense, it has to pay off somehow; and that's chiefly what's lacking in the White House scheme. Basically it's a wish-list of the sort anyone with a background in network security would draw up.

Mining for Palladium

Clarke's lieutenant, Critical Infrastructure Vice-chairman Howard Schmidt, is an old Microserf. In fact, he was in charge of security during the days (not long ago) when Outlook was configured to launch executables without user intervention. As soon as Billg decreed that Trustworthy Computing shall be Law, they gave Schmidt the sack, and he was then salvaged by the White House's National Security Council.

Thus it comes as no surprise that such familiar phrases as 'trustworthy platform', 'trustworthy operating system' and the like should be sprinkled throughout the draft. I didn't actually spot the 'P-word', but one can read between the lines well enough. Palladium and schemes like it, which turn the personal computer into a set-top box for controlled computing under the label, 'secure computing', do have a nice potential to turn profits for the software and media industries if they can be forced on consumers.

There actually are some benefits to naive, casual users from devices of this sort. If you're the kind of person who wants to use a computer for simple tasks on-line and off, and who's concerned about security, but who has no interest in learning about either the computer or security, then this product is for you. It will undoubtedly make the millions of Windows machines carelessly connected to the Net by people who just don't want to be bothered more resistant to attack and exploitation.

But the technology itself is very much open to exploitation by the software and media industries, who can use it to restrict access to their priceless jewels, which, as you know, you no longer purchase, but merely lease. The potential for Corporate America to use something like this to screw the consumer is so great that I personally believe it outweighs all the possible security benefits.

The problem here is the incomparable greed and arrogance of the software and media giants we deal with every day, and their paramilitary lobbies like the BSA and the RIAA. They've got a well-established and very unattractive record of abusing consumers. We know these companies and lobbying groups are going to screw us to the nth degree for all eternity. They've signalled this in a hundred ways: punitive BSA audits, EULAs demanding root privileges; shrink-wrap contracts with preposterous terms; the UCITA Trojan legislation which absolves software companies of all responsibilities; the DMCA; copy-proof CDs; Fritz Hollings and his efforts to mandate DRM in all household hardware; Howie Berman and his desire to let the RIAA hack and disable P2P networks -- the list of bad-faith crimes against the consumer goes on. The trusted computing platform is the single most dangerous weapon we could ever concede to these companies.

Yet it is the only portion of the White House's grand scheme which appears capable of generating a new revenue stream, such as pay-per-use software and media, made possible by a usurious DRM regimen sufficient to make it profitable. Look for Congress to be getting a real 'education' about this new boon to Homeland Security during the next twelve months. ®

Security for virtualized datacentres

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
Profitless Twitter: We're looking to raise $1.5... yes, billion
We'll spend the dosh on transactions, biz stuff 'n' sh*t
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.