You’ll Pry My Virus Scanner from My Cold Hands
Doug Powers in the Green Room found this Washington Post article. Now I’m frightened. Emphasis mine:
President Obama is expected to announce late this week that he will create a “cyber czar,” a senior White House official who will have broad authority to develop strategy to protect the nation’s government-run and private computer networks, according to people who have been briefed on the plan.
Pardon me, I have to get this out of my system…
AAAAAIIIIIUUUUUGGGHHHHH!!!!!
There, I feel better. Doug says:
In the corridors of power in Washington, DC, they’ve figured out that if you call someone a “czar,” you can side-step any annoying confirmation procedures and other constitutional issues and still create what is in essence a rogue, unchecked cabinet post.
Part of the reason high-tech has been going so well all these years has been that there’s very little government interference. The high-tech sector moves very fast, which is antithetical to government. A bunch of policies and procedures thrown into the mix gives us, well, Windows. Go ask Microsoft how they think the government has helped this last decade.
The counterargument, and the reason this is an issue, is that the sophistication of foreign security attacks — both governmental and organized crime — has increased. This will eventually become an issue of national security, thus the desire to have a czar reporting up to the NSA. Of course, the article misses the point on this.
The issue is a key concern in policy circles, and experts say it requires a full and open debate over legal authorities and the protection of citizens’ e-mails and phone calls. The Bush administration’s secrecy in handling its Comprehensive National Cybersecurity Initiative, most of which was classified, hindered such a debate, privacy advocates have said.
No, the issue is not personal information. The issue is the policies and processes that will be put in place, and the resulting holes that will have to be closed in new revisions, that will be implemented to securely protect from random and focused attacks. Oh, the cost of this on small business is no tiny issue, either. IN FACT, putting privacy concerns as the first issue on the table only distracts from actual security policies that can be implemented.
Go talk to an expert on security. This isn’t a virus scanner and a password. Security is a comprehensive set of policies involving your workflow, update process, employee policies, controls, response to attacks… I’m not excited about covering a zero-day exploit via a thousand-page security policy document that is implemented by a government system.
Government “works” (I say loosely) based on the fact that there are loads of people who can check each other. Reactions to exploits work based on the smooth process in place and the quick thinking of people on the front lines to respond with the process. Those two are antithetical to each other.
I’m guessing I’ll be back on this topic.
Updated: Ed Morrissey at Hot Air:
The appointment of a czar comes as a piece with the Cybersecurity Act of 2009, though, which already grants some far-reaching power to the executive branch. While most wondered whether Obama would “shut down” the Internet on the pretense of national security, the actual threat involves the legal authority to demand records without a warrant or probable cause. As I wrote almost two months ago, in the hands of a political commissar, that could mean trouble for administration critics if the government abuses that authority:
I understand the concern. I’m still more concerned about how this will affect business, especially smaller business. Are we going to eventually be required to have certain revisions of software on systems? That’s a bigger abuse, in my opinion, than the threat of government abuse… though the latter is scarier.
Updated 5/29: Michelle:
Let’s hope it’s not the same person who ran the Obama campaign’s grossly insecure online credit card donation operations.
