
President Obama Authorizes Secret Directive to Fight Cyberattacks - iProject
http://betabeat.com/2012/11/president-obama-authorizes-secret-directive-to-fight-cyberattacks/
======
tptacek
Groan.

Reporters have already had access to drafts of this executive order. It's a
watered-down version of the Lieberman cybersecurity bill, to which CISPA was a
watered-down market-friendly alternative. From the thread on the original
disclosure of the EO:

The Obama bill (note: Obama-supportin' Democrat here) is worse than CISPA: an
everything-and-the-kitchen-sink bill that randomly creates incentive programs,
new research organizations, a "cybersecurity tip line", and federally funds
research into DNSSEC (DNSSEC: Rated S for Statutory).

Also worth noting: nothing in the Lieberman bill that this EO is patterned on
creates enforcement mechanisms for IP and copyright enforcement, or for
collecting customer information from ISPs. Of course, neither did the GOP's
CISPA bill. That's because neither regulatory effort is about user
information.

The problems both of these ill-conceived bills are addressing are simple.

Problem 1: There is no coherent strategy in the (vast, sprawling, chaotic)
federal government, which is the largest IT operator in probably the world.
Every agency does something slightly different. This means (a) nobody is doing
exactly the right thing (usually, they aren't doing anything close to the
right thing) and (b) it is prohibitively difficult to introduce new technology
to help fix things, because everyone you'd get to buy it has a different set
of hoops to jump through.

Problem 2: If you were a foreign adversary who wanted to cripple the US with
electronic attacks, you probably wouldn't bother hitting government IT
systems. Instead, you'd go for something like the power grid, or a trading
exchange. Those systems are privately operated, and so nothing the government
does to try to track, monitor, or deflect online attacks can benefit them.

~~~
slurgfest
This post may be a little confusing. Do you mean to suggest that Obama has
reached beyond executive authority, circumventing the legislature to establish
a new SOPA? or is that unintentional?

Because when you say this EO is a watered-down version of a bill, and CISPA
was a watered-down version of that, and say that what Obama likes is 'worse'
than CISPA - what many people are going to hear is that this EO is the super-
mega-SOPA that will take away all their freedoms, and this time sneakily
enacted by Obama alone - not that you just think these measures are ill-
conceived because they do little to improve security.

~~~
roc
To be fair: the President is charged with _executing_ the laws as written.
Inasmuch as this EO covers top-down directives for _how_ existing government
agencies are to execute on their legislatively-defined missions, he's not
going beyond the authority of his office whatsoever.

It's explicitly within his purview to create, or order the creation of, a
coherent strategy to meet existing goals, to oversee its implementation, to
appoint staff as necessary, to create protocols for inter-governmental
operations, etc.

What he _can't do_ , is explicitly order private industries to conform to new
protocols or participate in new endeavors, establish penalties for not doing
so, etc. -- except inasmuch as private industry is working _for_ the
government.

Which is to say: he couldn't order a power plant to overhaul _their_ security
to comply with some new government protocol. But he _can_ order the creation
of a new government security protocol, even if that requires defense
contractors to update accordingly.

~~~
crusso
_the President is charged with executing the laws as written_

The President has told us on many occasions: "And where Congress is not
willing to act, we're going to go ahead and do it ourselves." That's a direct
quote.

The rest of your logic is flawed because you assume that the President is
following the rules in the Constitution. Seems to me that he's playing more of
a game of "Catch me if you can". Nixon would be jealous.

The President will do what he wants to do, and it's not like the national
media will ask many questions about his usurpation of authority.

~~~
tptacek
First, on an admittedly meta note, it's not particularly interesting to
explore non-falsifiable arguments on message boards. If your logic holds,
Obama can do _anything_. Why even bother having numbered executive orders? Why
not just keep everything absolutely secret and off any record? If Obama is
ignoring the Constitution, the only reason for us to presume he's playing
small-ball with those violations is to perpetuate the flame war on Hacker
News.

Secondly, Obama's "secret" executive order has been reviewed by reporters and
compared to previous legislative proposals. The administration is much more
constrained in what it can do than was Congress. In particular: the EO
pertains to the management of fedgov systems, not private industry, and where
the EO touches on private industry, it pertains to the interfaces between
fedgov IT and governance and private industries --- ie, how information _from
the government_ can be shared with private industry.

If you think this executive order is a Nixonian cat-and-mouse play, I'd
respectfully suggest you read more about it before commenting.

------
redthrowaway
How're they defining "cyberattacks directed at major U.S. networks"? Are we
talking a sophisticated attempt to take down trading on the NYSE? Industrial
espionage from China? Anonymous running LOIC?

This is the problem with sealed executive orders: the only people who know
what's up are those issuing or receiving said orders. There's absolutely no
oversight or checks and balances against government overreach.

~~~
tptacek
That's because the EO (apparently) concerns itself with the operations of
systems within the federal government. Government intervention into privately
operated systems requires congressional action.

The federal government is collectively the largest IT operator in the world,
so there's a huge amount of work to be done and policy to be created just in
setting governance standards for their own systems, which is what the
administration is doing here.

------
ajsharp
_Real_ secret, ain't it :)

------
karlgrz
Secret's out, I guess.

~~~
r00fus
The secret to ad/page views is to use "secret" in your title, apparently.

