Posted by Brian Krebs 188.8.131.52 January 24, 2009 at 07:28:51:
Privacy? Hah! posted by Mark Gibbs 184.108.40.206 June 27, 2008 at 12:55:30:
Original text: Last week I discussed how debt collectors operate, how much data they have access to and just how exposed our personal information is. Unfortunately this is very much an IT issue ..
President Barack Obama's administration has sketched out a broad new strategy to protect the nation's most vital information networks from cyber attack and to boost investment and research on cyber security.
The strategy, as outlined in a broader policy document on homeland security priorities http://www.whitehouse.gov/.. posted on the Whitehouse.gov Web site Wednesday, states the following goals:
* Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy.
* Initiate a Safe Computing R&D Effort and Harden our Nation's Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure.
* Protect the IT Infrastructure That Keeps America's Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.
* Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate.
* Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime.
* Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches: Partner with industry and our citizens to secure personal data stored on government and private systems. Institute a common standard for securing such data across industries and protect the rights of individuals in the information age.
While it remains to be seen what resources the Obama administration may devote to these goals, it is an encouraging sign to see the new White House give the vital challenges of cyber security such prominence so soon.
"shutting down untraceable Internet payment schemes."
Slashbots are gonna go berk when they see that one. "OMG they're taking away our precious bodily fluids freedoms!
Posted by: wiredog | January 22, 2009 9:54 AM
Damn. Forgot the software here doesn't allow html markup in comments, so the "strike" tags around "bodily fluids" didn't work...
Posted by: wiredog | January 22, 2009 9:55 AM
The fundamental flow in the existing IT infrastructure is that it is based on technological solutions that are so complex that any meaningful risk assessment is impossible. In addition, an
Posted by: spandas | January 22, 2009 12:55 PM
I just got a patent for a system for rapidly generating and deploying operating systems that run from read-only media such as CD-ROM or DVD-ROM.
No, I didn't get the patent on 'Live CD', I just got the patent on the ability to press out a stack of them all pre-equipped with "unique network identity", pre-configured IP addresses (IPv4 or IPv6), IPSEC internet security protocol (including VLAN tunnel/transport), and kerberos authentication/authorization ("Active Directory" in the MS world).
Let's see: Read-Only operating system can't get worms or viruses. Mass pre-configuration means that you could take a pallet full of laptops fresh out of the manufacturer's cartons, throw a CD/DVD into each one, boot them all, and "voila" you have an up-and-running Secure Mobile Office Network with multiple layers of authentication, authorization, and encryption. No hard drives required, but one might be good so you can have virtual-memory ("swap space").
With IPSEC and Network-Address Translation (NAT) the system should work with most internet service providers, in the so-called "Road Warrior" mode. However, the main application will be Secure Infrastructure Monitoring and Control computing, so probably the NAT traversal won't be required.
Imagine, if you're the guy in charge of monitoring dams or power stations, no more paying for bug-riddled or insecure Windows(tm), and then paying more and more and more for just a little bit of pretend-security. Now you'll be able to get the real deal, with little or no configuration or installation or maintenance on your part! Just drop in the CD/DVD and plug and play.
Little ol' me, doing my part for Homeland Security.
Posted by: thardman | January 22, 2009 2:31 PM