White House Announces New US CyberSecurity Coordinator

After what few probably realize was a tremendous amount of political posturing President Obama has finally appointed Howard Schmidt as US Cybersecurity Coordinator. Schmidt who also served as a cybersecurity adviser under President Bush will be responsible for establishing, defining and coordinating cybersecurity across public and private critical infrastructure. I have worked with Howard and know him to be a highly competent individual that will have a positive impact on this administrations Cybersecurity efforts. Congratulations Howard and best of luck in your new role! Continue reading

Bill To Provide Presidental Authority to Turn Off the Internets

The Constitution

CNET’s Declan McCullagh recently posted an article on aspects of the Cybersecurity Act of 2009 “Bill would give President emergency control of the Internet

The new version would allow the president to “declare a cybersecurity emergency” relating to “non-governmental” computer networks and do what’s necessary to respond to the threat. Other sections of the proposal include a federal certification program for “cybersecurity professionals,” and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

There has been a lot of discussion and debate about how the new administration would address cybersecurity. With a string of disillusioned Cyber Czars, advisers, and a dizzying array of federal agencies vying to lead the efforts President Obama has certainly been in the unenviable position of setting the future direction to secure critical infrastructure and to ensure our prosperity.

This is a massive logistical problem, growing even more so as technology advances and becomes adopted as part of our digital fabric. Unfortunately there will be mistakes, errors in judgment, and poorly written policies that may very well lead to significant self-inflicted damage. The concept that the President, under an emergency situation, can take control of aspects of the Internet is very troubling.

Conceptually, and given the events of 9/11, it would seem logical that under a massive sustained attack on our critical infrastructure and our digital assets – both public and private – that it would be warranted for the administration to do whatever would be required to regain control and eliminate the threat. The reality is that this is extremely difficult to do and more importantly enables a malicious actor to create a situation that forces the administration to respond and in doing so create more havoc than could have been created by the malicious actors on their own.

This is a recipe for disaster and provides a very real vector for attacking the entire United States in a way that would not normally be afforded to those who wish to do us harm. Continue reading