- CRITTER TALK
- NEWS I FIND INTERESTING
We have all seen those hackers portrayed in the Hollywood movies. The ones with the serious computer powers that walk up to keyboard, start typing away, and in about 3 minutes they shut down the electric power to a city.
Fears of a scenario like that are being used by politicians to push legislation that would have far reaching consequences.
Legislation introduced by Sen. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine), known as “The Protecting Cyberspace as a National Asset Act”, gives far reaching powers to the government.
Although expected not to run for office in 2012, Joe Lieberman currently is the chairman of the Senate Homeland Security and Governmental Affairs Committee.
The legislation includes language saying that the federal government’s designation of vital Internet or other computer systems “shall not be subject to judicial review.”
That definition includes a “provider of information technology”, something that gives a very wide coverage of power.
During a Washington panel hearing, Brandon Milhorn, staff director of the Senate Homeland Security and Governmental Affairs Committee stated …
“We are very concerned about an electronic control system that could cause the floodgates to come open at the Hoover Dam and kill thousands of people in the process. That’s a significant concern.”
That does present a very frighting visual, a hacker suddenly sending the command to begin pouring down and instantly killing thousands with a tsunami wall of water.
But the problem with that statement is that it’s impossible.
The Bureau of Reclamation, which runs the power-generating facility on the Arizona-Nevada state line, has repeatedly issued email and public statements trying to set the record straight.
Spokesman for the bureau, Peter Soeth..
“I’d like to point out that this is not a factual example, because Hoover Dam and important facilities like it are not connected to the internet. These types of facilities are protected by multiple layers of security, including physical separation from the internet, that are in place because of multiple security mandates and good business practices.”
But Washington has never been known to allow truth to stand in the way of an objective.
Current status of the legislation as of December 15, 2010 is that it has been “Placed on Senate Legislative Calendar under General Orders” Record > here
As to the legislation, my main concern would be the broad powers given to the government to control the flow of information without judicial review. Power without oversight ALWAYS winds up being abused. We have already seen some of the abuses occurring by giving sweeping powers without judicial review with the Patriot Act.
Another concern would be that in order to perform this internet asset kill feature, that asset by definition has to be connected to the internet. Does that force that asset to be connected?
When the disconnect order given by the President is to be implemented, the assets are not physically going to be disconnected. The assets on this big list will be mass “switched off” by remotely controlling their internet servers. But doesn’t that give hackers also the ability to hack THAT feature?
Isn’t this like saying.. “During a national emergency, because terrorists will be driving cars, all cars will be shut off. But to tell you that we need to shut the cars off, we will be sending the message out to you by car.”
Security professionals already have procedures in place to guard against internet attacks of important infrastructure by having several layers of isolation by various methods. It is generally agreed that this is the best method of protection.
If that is the case, one wonders just what is the true purpose of the legislation?