Sunday, April 05, 2009

More on Cybersecurity Proposal

I downloaded the proposal, (link here), and it's even worse than I thought. One provision establishes Regional Centers:
CREATION AND SUPPORT OF CYBERSECURITY CENTERS.

The Secretary of Commerce shall provide assistance for the creation and support of Regional Cybersecurity Centers for the promotion and implementation of cybersecurity standards. Each Center shall be affiliated with a United States-based nonprofit institution or organization, or consortium thereof, that applies for and is awarded financial assistance under this section.

(b) PURPOSE.—The purpose of the Centers is to enhance the cybersecurity of small and medium sized businesses in United States through

(1) the transfer of cybersecurity standards, processes, technology, and techniques developed at the National Institute of Standards and Technology to Centers and, through them, to small- and medium-sized companies throughout the United States;

(2) the participation of individuals from industry, universities, State governments, other Federal agencies, and, when appropriate, the Institute in cooperative technology transfer activities;

(3) efforts to make new cybersecurity technology, standards, and processes usable by United States-based small- and medium-sized companies;
So, according to this document, Obama would extend his reach to small to medium-sized companies. What business is it of government? And how does that help cybersecurity? What it DOES is make almost every business in the US have to give the government potential access to their information, through standardization of software. And, to what purpose? These businesses aren't "critical" to the US economy.

This next section affects my son-in-law:
MANDATORY LICENSING.—Beginning 3 years 1 after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.
Licensing costs. The cost is often borne by individuals. So, if someone is a network administrator, and is responsible for installing and maintaining Norton Anti-Virus, he needs to be licensed and certified.Ya' wanna improve Federal cybersecurity? Stop letting people take government laptops home - too many of those are coming up "missing". Search anyone entering a Federal building, and confiscate any flash drives. Search the employees going home, and take away any flash drives (first time for employees, warning. Second time, dismissal).

I'm tired of people who don't understand a technical field blithely initiating legislation that screws with that field. Major suggestion for legislators - if you don't understand it, keep your hands off it.

No comments: