US Congress wants hack teams for self-penetration
While girding power grid
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
The United States Congress this week delved further into the country's cybersecurity preparedness as members introduced two bills designed to protect federal networks and electric power grids from attacks.
One bill, dubbed the US Information and Communications Enhancement Act of 2009, would mandate the formation of hacker teams that would actively try to penetrate government networks. Current laws focus more on generating reports that detail vulnerabilities and defenses to them than putting security into practice, many security experts say.
Sponsored by Senator Tom Carper of Delaware, the bill would also establish a National Office for Cyberspace that would be responsible for carrying out cybersecurity policy. Additionally, it would create a council of chief information security officers who would stay in touch with CISOs from each federal agency to share information about the latest threats.
A separate bill introduced this week by Representative Bennie Thompson of Mississippi is aimed at strengthening the US power grid against attack. The so-called Critical Electric Infrastructure Protection Act would give federal regulators more power to respond to emergencies involving infrastructure that transmits electricity. Among other things, the Federal Energy Regulatory Commission could issue "emergency rules or orders" when an attack is imminent.
The bills come three weeks after a separate piece of legislation was introduced in the Senate that would give the president unprecedented authority over the nation's critical infrastructure, including the power to shut down or limit traffic on private networks during emergencies.
While by no means perfect, the flurry of bills is a cause for hope, some security experts believe.
"My reaction to all of these is that it seems the nation has reached a tipping point - Congress is speaking for the country saying this problem is bad enough to act - CSIS said we are losing the cyber wars," Alan Paller, director of research for the SANS Institute, wrote in an email, referring to a recent report by the Center for Strategic and International Studies. "Urgency is high. It is time to stop talking and start fixing." ®
COMMENTS
Congress Itself was "vulnerable"...
...until Big Dick Cheney told a few members on the House floor to "GFY".
At first there was some squealing (like-a-pig) and shrieking (like with rape), but then the Legislative Anatomical Barriers were all Veep-ily overcome in a Spirit of Buy-Partisanship. Such great moans and sights of ecstatic forbidden pleasure (because altogether treasonous) did then nightly emit from the Veep Suite, and Miz Condi's offices too...
Now, in the NeoDawn's early Light, our poor bedraggled and utterly corrupted Corporatized Terrorwar Congress is merely and simply post-eff'd; not even any afterglow left. But "penetrated" certainly is an appropriate word in all but AIPAC/ADL company, too.
Both bills'll most likely get rubberstamped in the dead of night with zero public input nor any manner of constructive, reality-based debate, is my take on it. (Boondoggle, anyone?) Damn shame, too. This'un's no Ninesey-'Levvensey Insider Demolition Collapse Kerfluffle. Those towers were strong and quite well reinforced to begin with; it took lots of Thermate, a leetle bit o' ShadowGov-loyal (aka *criminal*) inter-agency co-operability, and some BIG alibis to pull those three buildings straight down at near-freefall speed.
The digitally-operated US national power grid is not so very robust as the weakest of those three office towers, by all accounts. But gee, the Bush-era Enron Rolling Blackouts sure do concretely illustrate the criminal blackmail threat potential, now do they not? My, my, and Dubya' was Best Friends with ol' Kenny-boy afore fergettin' all about him, wasn't he just?
All in The Family!
Opinion: Someone should right quick now just Cut The Bushes Out From Under the National Grid Structure, just like removing a newly-fingered world-class Bad Apple's prior international immunities is done.
That zero-additional-IT Lawful action, if ever invoked right *quick* before the (black-op) pig flu and errant (black-op) Air Force Ones of this gone-mad age get their acts "topped" by a ShadowGov-instigated continent-sized black-op blackout would imvho reliably tend to protect the entire US grid for many, many years to come against the Worst and Most Capable of the World Criminal Elite's rather large Bad and Capable Personnel inventory.
So really, how much Really New IT is *really* needed in order to put every Power Grid controller and telemetry box's "spare" comms ports into "Stealth Mode"? (ShoreWall FIrewall is free and stands up fine against all manner of Chinese portscans on my own desk, just like Everyone Else's does.)
Add a decent Grid-wide port-knocking protocol, with steady tho' apparently random-scheduled rejiggering of what knokkity-combo opens whose gates when (like Conficker did/does but benign as all Heaven) would just top the initial tighten-um-up phase off just fine, now wouldn't it?
Saw a decent-looking spec for one of those a week ago. For Linux, just like Shorewall. Equally $price-free to own and mod-up to suit, at that.
Aside: All boxcutter blades and Miraculously Surviving Passports can just go back and respectfully, factually address the criminal-elite ShadowGov minds that invented 'em and then forbade all forensic examination of the crime scene, I do declare.
In fact, the rising image of Hedley LaMarr hiring up all his Willing Coalition of baddies to up and lay a can o' whup-ass kerfluffle all over defenseless Rock Ridge for The Railroad's sake per the "Blazing Saddles" line of thematic action is too much to resist. Indeed, by the lights of some few well-credentialled accounts, that comic-played scene still stands as being too true a Cinema-Fictional Metaphoric/Symbolic Parallel to dismiss out-of-hand.
Mark my words: Unless *all* the Oleander Bush scions, sprouts, shoots, seeds and ROOTS are *all* cleaned out from the vicinity of *ALL* such National Necessities *immediately*, the next attack on the US will indeed prove to the no-spin mind (yet again) to have been an Inside Job.
Until that blessed day, I think, Congress can legislate whatever IT bills it sees fit until blueness of face in the 'leccy-less Blackmail Gloom does appear. No remedy until the Connecticut Carpetbaggers of the Lone Star State are at last taken into check and custody, I for one do dare to think and so say.
Cyberspace?
Really? That term is a little silly for a government office. Wouldn't National Office of Information Warfare Preparedness or something be better?
Also, if the group that is doing the pen testing is beholden to the offices it is testing, then the tests are invalid. It must be an independent body that won't have its funding cut when it tries to push for vulnerabilities to be fixed.
Self-Penetration
Pictures, I don't believe they even tried without pictures.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
