Having met more than a few people in government IT, all jokes aside, I think they're pretty well equipped to know when and if they need to disconnect from the Internet, even without an executive order. Like many things in Washington, this all may be an attempt to put the "public" at ease by demonstrating the "we're from the government and we're here to help principle" with regard to Internet security but honestly... If the President wanted to disconnect the working parts of the US Government (beside the Judicial and Legislative branches) from the Internet all it would take is an executive order. The more troubling parts of this bill had to do with the President, at his discretion, classifying parts of public networks as "critical infrastructure" and so on. jy currently living overseas and finding all of this very amusing... On 30/08/2009, at 9:23 AM, cmaurand@xyonet.com wrote:
I don't know, but #2 reads more like: If the president orders it, compromised federal websites or federal websites under attack can be ordered off the internet. That doesn't look to me like they can shut you down or require you to be a certified cyber-security person.
--Curtis
I must have missed the phrasing that says "nobody else can make an independent decision regarding any security measure above and beyond the minimum standards"...
I'll go back and look for that.
Scott
Florian Weimer wrote:
* Scott Morris:
I'm trying really hard to find my "paranoia hat", and just to relieve some boredom I read the entire bill to try to figure out where this was all coming from....
"(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network;"
Wouldn't this mean you're allowed to set emergency ACLs only if a cybersecurity emergency has been declared by the President?