

New bill would give president power to step in and stop 'cyber 9/11' - yanw
http://thehill.com/blogs/hillicon-valley/technology/102491-new-bill-would-give-president-emergency-authority-over-cybersecurity

======
hugh3
What the hell does any of this even mean?

1\. What's the worst-case scenario as far as such attacks are concerned? How
could it be done? Who has the resources to do it?

2\. Would giving the President the power to "step in and stop it" do any good
whatsoever? How would one "stop it"?

I don't know the answers to any of these questions, and I suspect neither do
the politicians or journalists. But hopefully somebody here does?

I do remember that Richard Clarke spent most of his years as counterterrorism
czar warning of a "cyber Pearl Harbor". Instead of that we _actually_ got
9/11, so now they're warning about a "cyber 9/11".

~~~
ax0n
I was going to ask the second part of your second question. The answer is,
that by the time anyone knew a "cyber 9/11" was happening, the President
himself could do nothing to stop it.

Further, this sort of security theater (or is it Security Burlesque?) doesn't
really do anyone much good. It's far better to work toward policy and protocol
that improves security a little bit across the board, rather than nit-pick
little specific threats. For instance, throwing a lot of time and money at
locking down SCADA at nuclear power plants isn't going to help as much as
making sure there's a sane firewall review policy in place.

The answers to #1 would probably be: a. Infiltration of networks belonging to
Federal Government, Military, and private defense organizations. Maybe other
massive-scale breaches of smaller government entities, hospitals, etc. -
Communications shutdowns, leakage or destruction of data, etc. It's really
hard to tell. I don't believe in a "Live Free or Die Hard" movie-plot
"Firesale" scale of carnage, though.

b. If you look at Operation Aurora, though, and consider the fact that a
dedicated team of skilled attackers could potentially sit in wait, persisting
without causing much trouble, over long periods of time... you see where it
could go.

c. Folks who don't like the U.S. but have strong technical skills. As you can
imagine, that's not exactly a TINY group of people. They'd also need someone
or a group of people who are good at coordinating things.

------
tptacek
This bill (or something like it) comes up over and over again here. So, let me
repeat myself as tersely as possible: the people who wrote this bill are
probably not trying to take over the Internet. The private-sector networks
that they are probably concerned about are the GSM and utility networks, as
well as networks used by privately owned mass transportation operators. These
networks are indeed vulnerable to serious attacks. No, "just don't plug them
into the Internet!" isn't an answer to that.

------
gacba
Arguing that 9/11 can happen in cyberspace is complete idiocy. No one will die
if crackers take out the IRS database, unleash a worm, or release credit card
data on everyone in the country. Saying these two events are somehow
equivalent really takes away from the meatspace event that changed America
forever.

------
noelchurchill
Headline sounds to me like "New bill gives unprecedented power over the
internet to the government"

------
julius_geezer
It would give the president the authority to take such steps: I'm trying to
imagine what would give him or anyone the power.

