Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

Ready to get your federal computer license?

  

 
First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded


David_Hiers at adp

Aug 28, 2009, 2:51 PM

Post #1 of 40 (2411 views)
Permalink
Ready to get your federal computer license?
Governments already license stock brokers, pilots, commercial drivers, accountants, engineers, all sorts of people whose mistakes can be measured in the loss of hundreds of lives and millions of dollars.

http://sip-trunking.tmcnet.com/topics/security/articles/63218-bill-give-president-emergency-power-internet-raises-concerns.htm


Good times....



David Hiers

CCIE (R/S, V), CISSP
ADP Dealer Services
2525 SW 1st Ave.
Suite 300W
Portland, OR 97201
o: 503-205-4467
f: 503-402-3277



This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.


beckman at angryox

Aug 28, 2009, 3:11 PM

Post #2 of 40 (2345 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Fri, 28 Aug 2009, Hiers, David wrote:

> Governments already license stock brokers, pilots, commercial drivers,
> accountants, engineers, all sorts of people whose mistakes can be
> measured in the loss of hundreds of lives and millions of dollars.

"'The power company allowed their network security to be comprimised by a
single Windows computer connected to the Internet in the main control
facility, so we unplugged the entire Internet to mitigate the attack,'
said Senator Rockefeller, the author of the bill that enabled the
President to take swift action after an unknown hacker used the Internet
to break into Brominion Power's main control facility and turn off the
power to the entire East Coast. 'It will remain unplugged and nobody in
the US will be allowed to connect to the Internet until the power is back
on and this hacker is brought to justice.'

Authorities are having a difficult time locating the hacker due to the
unavailability of the Internet and electricity, and cannot communicate
with lawmakers via traditional means due to the outage. A formal request
to turn the power and Internet back on was sent on a pony earlier this
afternoon to lawmakers in DC."

Can't wait.

Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman [at] angryox http://www.angryox.com/
---------------------------------------------------------------------------


davet1 at gmail

Aug 28, 2009, 7:47 PM

Post #3 of 40 (2331 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Fri, Aug 28, 2009 at 2:51 PM, Hiers, David <David_Hiers [at] adp> wrote:

> Governments already license stock brokers, pilots, commercial drivers,
> accountants, engineers, all sorts of people whose mistakes can be measured
> in the loss of hundreds of lives and millions of dollars.
>
>
> http://sip-trunking.tmcnet.com/topics/security/articles/63218-bill-give-president-emergency-power-internet-raises-concerns.htm
>
>
> Good times....
>
>
>
> David Hiers
>
> CCIE (R/S, V), CISSP
> ADP Dealer Services
>


It would appear as though your employer should be amongst the first to
apply...

http://www.baselinemag.com/c/a/Tools-Security%98hold/ADP-Duped-Into-Disclosing-Data/

-Dave (who long ago learned to not post contentious stuff from his
employers' e-mail)


swm at emanon

Aug 28, 2009, 8:11 PM

Post #4 of 40 (2333 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
I'm trying really hard to find my "paranoia hat", and just to relieve
some boredom I read the entire bill to try to figure out where this was
all coming from....

"(2) may declare a cybersecurity emergency and order the limitation or
shutdown of Internet traffic to and from any compromised Federal
Government or United States critical infrastructure information system
or network;"

Now, I'm sorry, but that doesn't say anything about shutting down the
entire Internet. Yes, I understand the idea that since they COULD
possibly deem the entire Internet (that Al Gore created?) a critical
infrastructure, it would seem simple enough to put a provision in to
prevent that. But IMHO the point is to involve people outside the
government (read the parts on establishing the committee and voting on
rules/regs) as opposed to dictating to them.

And it's no different than it is today for groups that have to connect
to/from particular agencies within the government. There's already
plenty of rules in place about that.

So if someone hacks the electric grid, does it not make sense to unplug
that portion of the infrastructrure from the Internet until the problem
is fixed? (e.g. shut down traffic to/from) I think someone wrote an
article after WAY over-thinking this whole thing and everyone else jumps
on the bandwagon.

So I'm open to hearing about things if I missed them. Reading Senate
Bills isn't all that exciting, so it's possible I zoned out a bit, but
can someone explain to me where this thought process is coming from?

Thanks!

Scott





Peter Beckman wrote:
> On Fri, 28 Aug 2009, Hiers, David wrote:
>
>> Governments already license stock brokers, pilots, commercial drivers,
>> accountants, engineers, all sorts of people whose mistakes can be
>> measured in the loss of hundreds of lives and millions of dollars.
>
> "'The power company allowed their network security to be comprimised
> by a
> single Windows computer connected to the Internet in the main control
> facility, so we unplugged the entire Internet to mitigate the attack,'
> said Senator Rockefeller, the author of the bill that enabled the
> President to take swift action after an unknown hacker used the
> Internet
> to break into Brominion Power's main control facility and turn off the
> power to the entire East Coast. 'It will remain unplugged and
> nobody in
> the US will be allowed to connect to the Internet until the power is
> back
> on and this hacker is brought to justice.'
>
> Authorities are having a difficult time locating the hacker due to the
> unavailability of the Internet and electricity, and cannot communicate
> with lawmakers via traditional means due to the outage. A formal
> request
> to turn the power and Internet back on was sent on a pony earlier this
> afternoon to lawmakers in DC."
>
> Can't wait.
>
> Beckman
> ---------------------------------------------------------------------------
>
> Peter Beckman
> Internet Guy
> beckman [at] angryox
> http://www.angryox.com/
> ---------------------------------------------------------------------------
>
>
>


netfortius at gmail

Aug 28, 2009, 8:26 PM

Post #5 of 40 (2324 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
... this whole issue reminded me of:

http://www.youtube.com/watch?v=iRmxXp62O8g

and

http://www.youtube.com/watch?v=wrQUWUfmR_I

On the more serious note: the vagueness of some terms and definitions is
what concerns me, for example. I am not sure if the problem could be fixed,
though, under a mechanism fundamentally very litigious - thus so very likely
to produce laws with potential for [lots of] interpretations (by paid
specialists, of course).
***Stefan Mititelu
http://twitter.com/netfortius
http://www.linkedin.com/in/netfortius


On Fri, Aug 28, 2009 at 10:11 PM, Scott Morris <swm [at] emanon> wrote:

> I'm trying really hard to find my "paranoia hat", and just to relieve
> some boredom I read the entire bill to try to figure out where this was
> all coming from....
>
> "(2) may declare a cybersecurity emergency and order the limitation or
> shutdown of Internet traffic to and from any compromised Federal
> Government or United States critical infrastructure information system
> or network;"
>
> Now, I'm sorry, but that doesn't say anything about shutting down the
> entire Internet. Yes, I understand the idea that since they COULD
> possibly deem the entire Internet (that Al Gore created?) a critical
> infrastructure, it would seem simple enough to put a provision in to
> prevent that. But IMHO the point is to involve people outside the
> government (read the parts on establishing the committee and voting on
> rules/regs) as opposed to dictating to them.
>
> And it's no different than it is today for groups that have to connect
> to/from particular agencies within the government. There's already
> plenty of rules in place about that.
>
> So if someone hacks the electric grid, does it not make sense to unplug
> that portion of the infrastructrure from the Internet until the problem
> is fixed? (e.g. shut down traffic to/from) I think someone wrote an
> article after WAY over-thinking this whole thing and everyone else jumps
> on the bandwagon.
>
> So I'm open to hearing about things if I missed them. Reading Senate
> Bills isn't all that exciting, so it's possible I zoned out a bit, but
> can someone explain to me where this thought process is coming from?
>
> Thanks!
>
> Scott
>
>
>
>
>
> Peter Beckman wrote:
> > On Fri, 28 Aug 2009, Hiers, David wrote:
> >
> >> Governments already license stock brokers, pilots, commercial drivers,
> >> accountants, engineers, all sorts of people whose mistakes can be
> >> measured in the loss of hundreds of lives and millions of dollars.
> >
> > "'The power company allowed their network security to be comprimised
> > by a
> > single Windows computer connected to the Internet in the main control
> > facility, so we unplugged the entire Internet to mitigate the attack,'
> > said Senator Rockefeller, the author of the bill that enabled the
> > President to take swift action after an unknown hacker used the
> > Internet
> > to break into Brominion Power's main control facility and turn off the
> > power to the entire East Coast. 'It will remain unplugged and
> > nobody in
> > the US will be allowed to connect to the Internet until the power is
> > back
> > on and this hacker is brought to justice.'
> >
> > Authorities are having a difficult time locating the hacker due to the
> > unavailability of the Internet and electricity, and cannot communicate
> > with lawmakers via traditional means due to the outage. A formal
> > request
> > to turn the power and Internet back on was sent on a pony earlier this
> > afternoon to lawmakers in DC."
> >
> > Can't wait.
> >
> > Beckman
> >
> ---------------------------------------------------------------------------
> >
> > Peter Beckman
> > Internet Guy
> > beckman [at] angryox
> > http://www.angryox.com/
> >
> ---------------------------------------------------------------------------
> >
> >
> >
>


fw at deneb

Aug 29, 2009, 1:21 AM

Post #6 of 40 (2324 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
* Scott Morris:

> I'm trying really hard to find my "paranoia hat", and just to relieve
> some boredom I read the entire bill to try to figure out where this was
> all coming from....
>
> "(2) may declare a cybersecurity emergency and order the limitation or
> shutdown of Internet traffic to and from any compromised Federal
> Government or United States critical infrastructure information system
> or network;"

Wouldn't this mean you're allowed to set emergency ACLs only if a
cybersecurity emergency has been declared by the President?


swm at emanon

Aug 29, 2009, 5:57 AM

Post #7 of 40 (2324 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
I must have missed the phrasing that says "nobody else can make an
independent decision regarding any security measure above and beyond the
minimum standards"...

I'll go back and look for that.



Scott


Florian Weimer wrote:
> * Scott Morris:
>
>
>> I'm trying really hard to find my "paranoia hat", and just to relieve
>> some boredom I read the entire bill to try to figure out where this was
>> all coming from....
>>
>> "(2) may declare a cybersecurity emergency and order the limitation or
>> shutdown of Internet traffic to and from any compromised Federal
>> Government or United States critical infrastructure information system
>> or network;"
>>
>
> Wouldn't this mean you're allowed to set emergency ACLs only if a
> cybersecurity emergency has been declared by the President?
>
>


cgrundemann at gmail

Aug 29, 2009, 7:01 AM

Post #8 of 40 (2309 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Sat, Aug 29, 2009 at 06:57, Scott Morris<swm [at] emanon> wrote:
> I must have missed the phrasing that says "nobody else can make an
> independent decision regarding any security measure above and beyond the
> minimum standards"...
>
> I'll go back and look for that.
>
>
>
> Scott
>
>
> Florian Weimer wrote:
>> * Scott Morris:
>>
>>
>>> I'm trying really hard to find my "paranoia hat", and just to relieve
>>> some boredom I read the entire bill to try to figure out where this was
>>> all coming from....
>>>
>>> "(2) may declare a cybersecurity emergency and order the limitation or
>>> shutdown of Internet traffic to and from any compromised Federal
>>> Government or United States critical infrastructure information system
>>> or network;"
>>>
>>
>> Wouldn't this mean you're allowed to set emergency ACLs only if a
>> cybersecurity emergency has been declared by the President?
>>
>>
>


The EFF summed up the problems with the bill's current text quite well
I believe (without any tin-foil hats required): "The Cybersecurity Act
is an example of the kind of dramatic proposal that doesn't address
the real problems of security, and can actually make matters worse by
weakening existing privacy safeguards – as opposed to simpler,
practical measures that create real security by encouraging better
computer hygiene." -
http://www.eff.org/deeplinks/2009/04/cybersecurity-act

$0.02
~Chris


--
Chris Grundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org


cmaurand at xyonet

Aug 29, 2009, 4:23 PM

Post #9 of 40 (2298 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
I don't know, but #2 reads more like: If the president orders it,
compromised federal websites or federal websites under attack can be
ordered off the internet. That doesn't look to me like they can shut you
down or require you to be a certified cyber-security person.

--Curtis

> I must have missed the phrasing that says "nobody else can make an
> independent decision regarding any security measure above and beyond the
> minimum standards"...
>
> I'll go back and look for that.
>
>
>
> Scott
>
>
> Florian Weimer wrote:
>> * Scott Morris:
>>
>>
>>> I'm trying really hard to find my "paranoia hat", and just to relieve
>>> some boredom I read the entire bill to try to figure out where this was
>>> all coming from....
>>>
>>> "(2) may declare a cybersecurity emergency and order the limitation or
>>> shutdown of Internet traffic to and from any compromised Federal
>>> Government or United States critical infrastructure information system
>>> or network;"
>>>
>>
>> Wouldn't this mean you're allowed to set emergency ACLs only if a
>> cybersecurity emergency has been declared by the President?
>>
>>
>


young at jsyoung

Aug 29, 2009, 5:59 PM

Post #10 of 40 (2294 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
Having met more than a few people in government IT, all jokes aside,
I think they're pretty well equipped to know when and if they need to
disconnect from the Internet, even without an executive order. Like
many things in Washington, this all may be an attempt to put the
"public"
at ease by demonstrating the "we're from the government and we're here
to help principle" with regard to Internet security but honestly...

If the President wanted to disconnect the working parts of the US
Government (beside the Judicial and Legislative branches) from the
Internet all it would take is an executive order.

The more troubling parts of this bill had to do with the President,
at his discretion, classifying parts of public networks as "critical
infrastructure" and so on.

jy

currently living overseas and finding all of this very amusing...

On 30/08/2009, at 9:23 AM, cmaurand [at] xyonet wrote:

>
> I don't know, but #2 reads more like: If the president orders it,
> compromised federal websites or federal websites under attack can be
> ordered off the internet. That doesn't look to me like they can
> shut you
> down or require you to be a certified cyber-security person.
>
> --Curtis
>
>> I must have missed the phrasing that says "nobody else can make an
>> independent decision regarding any security measure above and
>> beyond the
>> minimum standards"...
>>
>> I'll go back and look for that.
>>
>>
>>
>> Scott
>>
>>
>> Florian Weimer wrote:
>>> * Scott Morris:
>>>
>>>
>>>> I'm trying really hard to find my "paranoia hat", and just to
>>>> relieve
>>>> some boredom I read the entire bill to try to figure out where
>>>> this was
>>>> all coming from....
>>>>
>>>> "(2) may declare a cybersecurity emergency and order the
>>>> limitation or
>>>> shutdown of Internet traffic to and from any compromised Federal
>>>> Government or United States critical infrastructure information
>>>> system
>>>> or network;"
>>>>
>>>
>>> Wouldn't this mean you're allowed to set emergency ACLs only if a
>>> cybersecurity emergency has been declared by the President?
>>>
>>>
>>
>
>
>
>


sean at donelan

Aug 30, 2009, 4:46 PM

Post #11 of 40 (2277 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Sun, 30 Aug 2009, Jeff Young wrote:
> The more troubling parts of this bill had to do with the President,
> at his discretion, classifying parts of public networks as "critical
> infrastructure" and so on.

Whatever your opinion, get involved. Let your representatives know about
your better ideas.

> currently living overseas and finding all of this very amusing...

If any other country has solved the problem of protecting
Internet/data/cyber/critical/etc infrastructures and have some great
ideas, it would be great to hear what those ideas are and how they did it.


smb at cs

Aug 30, 2009, 5:11 PM

Post #12 of 40 (2279 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Sun, 30 Aug 2009 19:46:19 -0400 (EDT)
Sean Donelan <sean [at] donelan> wrote:

> On Sun, 30 Aug 2009, Jeff Young wrote:
> > The more troubling parts of this bill had to do with the President,
> > at his discretion, classifying parts of public networks as "critical
> > infrastructure" and so on.
>
> Whatever your opinion, get involved. Let your representatives know
> about your better ideas.

I strongly second this. To quote a bumper sticker/slogan I've seen,
"if you didn't vote, you shouldn't complain". Some prominent
politicians have proposed something that we -- including me -- believe
to be a bad idea, not just on ideological grounds but because we think
that it won't accomplish its purported goals and may even be
counterproductive. I don't see a lot of network operators in Congress
-- if you know better, you really need to tell them.

Some folks on this list -- and I know there are a few, very
specifically including myself -- spend more than a little bit of time
not just worrying about public policy issues, but actually spending
time and effort on the subject. (I'm in D.C. right now, largely
because of a policy-related meeting on Tuesday.) I'll misuses a
security slogan I've seen on mass transit facilities in the New York
area: if you see something, say something. If no one tells Congress
that this is a bad idea, how should they know?
>
> > currently living overseas and finding all of this very amusing...
>
> If any other country has solved the problem of protecting
> Internet/data/cyber/critical/etc infrastructures and have some great
> ideas, it would be great to hear what those ideas are and how they
> did it.
>
Indeed.

--Steve Bellovin, http://www.cs.columbia.edu/~smb


randy at psg

Aug 30, 2009, 6:14 PM

Post #13 of 40 (2276 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
> I strongly second this. To quote a bumper sticker/slogan I've seen,
> "if you didn't vote, you shouldn't complain". Some prominent
> politicians have proposed something that we -- including me -- believe
> to be a bad idea, not just on ideological grounds but because we think
> that it won't accomplish its purported goals and may even be
> counterproductive. I don't see a lot of network operators in Congress
> -- if you know better, you really need to tell them.

we need an easy way to click and opine, a la moveon.org, and other
social and political orgs. maybe forwardon.org?

randy


brunner at nic-naa

Aug 30, 2009, 7:04 PM

Post #14 of 40 (2262 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
+1

I operate a Maine ISP/ASP, and Senator Snowe is my lobbying target.


Steven M. Bellovin wrote:
> On Sun, 30 Aug 2009 19:46:19 -0400 (EDT)
> Sean Donelan <sean [at] donelan> wrote:
>
>
>> On Sun, 30 Aug 2009, Jeff Young wrote:
>>
>>> The more troubling parts of this bill had to do with the President,
>>> at his discretion, classifying parts of public networks as "critical
>>> infrastructure" and so on.
>>>
>> Whatever your opinion, get involved. Let your representatives know
>> about your better ideas.
>>
>
> I strongly second this. To quote a bumper sticker/slogan I've seen,
> "if you didn't vote, you shouldn't complain". Some prominent
> politicians have proposed something that we -- including me -- believe
> to be a bad idea, not just on ideological grounds but because we think
> that it won't accomplish its purported goals and may even be
> counterproductive. I don't see a lot of network operators in Congress
> -- if you know better, you really need to tell them.
>
> Some folks on this list -- and I know there are a few, very
> specifically including myself -- spend more than a little bit of time
> not just worrying about public policy issues, but actually spending
> time and effort on the subject. (I'm in D.C. right now, largely
> because of a policy-related meeting on Tuesday.) I'll misuses a
> security slogan I've seen on mass transit facilities in the New York
> area: if you see something, say something. If no one tells Congress
> that this is a bad idea, how should they know?
>
>>> currently living overseas and finding all of this very amusing...
>>>
>> If any other country has solved the problem of protecting
>> Internet/data/cyber/critical/etc infrastructures and have some great
>> ideas, it would be great to hear what those ideas are and how they
>> did it.
>>
>>
> Indeed.
>
> --Steve Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>


brunner at nic-naa

Aug 30, 2009, 7:20 PM

Post #15 of 40 (2265 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
randy,

moveon is a maine-based org. it is an effective, fund raising, partisan
organization. it is much more than a click-and-opine vehicle, it puts
hundreds of thousands of dollars into competitive races, and has a
competent political director.

to create a "NagOn" we would have to hire or appoint a political
director, and a financial director, and charge each with framing the
issue, and executing a seven figure plan, and a communications director,
to put the message with the money in targeted media markets, and
finally, to show teeth, drop the margin of error, or on the order of
high five, low six figures, in targeted congressional races, for
challengers and incumbants.

in about a year after starting down this path, the "Congressman, its
NagOn on line one" conversation would be slightly different from today,
and in several years time, more so.

eric



Randy Bush wrote:
>> I strongly second this. To quote a bumper sticker/slogan I've seen,
>> "if you didn't vote, you shouldn't complain". Some prominent
>> politicians have proposed something that we -- including me -- believe
>> to be a bad idea, not just on ideological grounds but because we think
>> that it won't accomplish its purported goals and may even be
>> counterproductive. I don't see a lot of network operators in Congress
>> -- if you know better, you really need to tell them.
>>
>
> we need an easy way to click and opine, a la moveon.org, and other
> social and political orgs. maybe forwardon.org?
>
> randy
>
>
>
>


smb at cs

Aug 30, 2009, 7:28 PM

Post #16 of 40 (2268 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Sun, 30 Aug 2009 22:20:55 -0400
Eric Brunner-Williams <brunner [at] nic-naa> wrote:

> randy,
>
> moveon is a maine-based org. it is an effective, fund raising,
> partisan organization. it is much more than a click-and-opine
> vehicle, it puts hundreds of thousands of dollars into competitive
> races, and has a competent political director.
>
> to create a "NagOn" we would have to hire or appoint a political
> director, and a financial director, and charge each with framing the
> issue, and executing a seven figure plan, and a communications
> director, to put the message with the money in targeted media
> markets, and finally, to show teeth, drop the margin of error, or on
> the order of high five, low six figures, in targeted congressional
> races, for challengers and incumbants.
>
> in about a year after starting down this path, the "Congressman, its
> NagOn on line one" conversation would be slightly different from
> today, and in several years time, more so.
>
"A journey of a thousand miles begins with a single step."

I don't know that a NagOn is the best way or the only way to make
progress. I do know that the most likely source of that kind of
funding is (many of) our employers, who may not have technical
excellence on the top of their lists. But I'm even more certain that
if technical people never speak up, their message will never be heard,
except perhaps by accident.

--Steve Bellovin, http://www.cs.columbia.edu/~smb


hescominsoon at emmanuelcomputerconsulting

Aug 30, 2009, 8:16 PM

Post #17 of 40 (2271 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On 8/28/2009 6:11 PM, Peter Beckman wrote:
> On Fri, 28 Aug 2009, Hiers, David wrote:
>
>> Governments already license stock brokers, pilots, commercial drivers,
>> accountants, engineers, all sorts of people whose mistakes can be
>> measured in the loss of hundreds of lives and millions of dollars.
>
> "'The power company allowed their network security to be comprimised
> by a
> single Windows computer connected to the Internet in the main control
> facility, so we unplugged the entire Internet to mitigate the attack,'
> said Senator Rockefeller, the author of the bill that enabled the
> President to take swift action after an unknown hacker used the
> Internet
> to break into Brominion Power's main control facility and turn off the
> power to the entire East Coast. 'It will remain unplugged and
> nobody in
> the US will be allowed to connect to the Internet until the power is
> back
> on and this hacker is brought to justice.'
>
> Authorities are having a difficult time locating the hacker due to the
> unavailability of the Internet and electricity, and cannot communicate
> with lawmakers via traditional means due to the outage. A formal
> request
> to turn the power and Internet back on was sent on a pony earlier this
> afternoon to lawmakers in DC."
>
> Can't wait.
>
> Beckman
> ---------------------------------------------------------------------------
>
> Peter Beckman
> Internet Guy
> beckman [at] angryox
> http://www.angryox.com/
> ---------------------------------------------------------------------------
>
>
>
ROFL!


Valdis.Kletnieks at vt

Aug 31, 2009, 8:42 AM

Post #18 of 40 (2207 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Sun, 30 Aug 2009 10:59:34 +1000, Jeff Young said:
> Having met more than a few people in government IT, all jokes aside,
> I think they're pretty well equipped to know when and if they need to
> disconnect from the Internet, even without an executive order.

Department of the Interior had *how* many court-ordered disconnections?


cgrundemann at gmail

Aug 31, 2009, 8:57 AM

Post #19 of 40 (2211 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Sun, Aug 30, 2009 at 20:28, Steven M. Bellovin<smb [at] cs> wrote:
> On Sun, 30 Aug 2009 22:20:55 -0400
> Eric Brunner-Williams <brunner [at] nic-naa> wrote:
>
>> randy,
>>
>> moveon is a maine-based org. it is an effective, fund raising,
>> partisan organization. it is much more than a click-and-opine
>> vehicle, it puts hundreds of thousands of dollars into competitive
>> races, and has a competent political director.
>>
>> to create a "NagOn" we would have to hire or appoint a political
>> director, and a financial director, and charge each with framing the
>> issue, and executing a seven figure plan, and a communications
>> director, to put the message with the money in targeted media
>> markets, and finally, to show teeth, drop the margin of error, or on
>> the order of high five, low six figures, in targeted congressional
>> races, for challengers and incumbants.
>>
>> in about a year after starting down this path, the "Congressman, its
>> NagOn on line one" conversation would be slightly different from
>> today, and in several years time, more so.
>>
> "A journey of a thousand miles begins with a single step."
>
> I don't know that a NagOn is the best way or the only way to make
> progress.  I do know that the most likely source of that kind of
> funding is (many of) our employers, who may not have technical
> excellence on the top of their lists.  But I'm even more certain that
> if technical people never speak up, their message will never be heard,
> except perhaps by accident.
>
>                --Steve Bellovin, http://www.cs.columbia.edu/~smb
>
>

I believe that this is exactly the kind of thing that the US ISOC
Chapters should be (and are to varying degrees) involved in --
providing legitimate technical information and expert analysis of
local, state and federal policies which impact the Internet, to those
making the policies. The global ISOC already does this for ICANN and
other international organizations, it seems fitting that the chapters
do more of this here inside the USA.

I encourage everyone with even a fleeting interest in tech-policy to
seek out their local ISOC chapter
(http://www.isoc.org/isoc/chapters/list.php?region=worldwide&status=A)
and let them know that you care. I can tell you as the founding chair
of the Colorado chapter that my largest hurdle today is getting active
members to participate - I have funding, etc, just no help... (I
invite everyone to contact me directly with suggestions and ideas in
this vein - I have some vehicles in place to start making this happen
quickly with a bit of help)

</soapbox>
~Chris

--
Chris Grundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org


Valdis.Kletnieks at vt

Aug 31, 2009, 9:00 AM

Post #20 of 40 (2202 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Fri, 28 Aug 2009 16:51:39 CDT, "Hiers, David" said:
> Governments already license stock brokers, pilots, commercial drivers,
> accountants, engineers, all sorts of people whose mistakes can be measured
> in the loss of hundreds of lives and millions of dollars.

In many localities, hairdressers require licenses as well. Draw your own
conclusions. ;)


mairhart at cisco

Aug 31, 2009, 9:16 AM

Post #21 of 40 (2214 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
(speaking only for myself and no one else)...

You make a good point Chris..

Regardless of any politician or bureaucrat's motive for taking an
action, many (most?) are ill prepared to speak or even ponder the
topic of "the Internet" (and the fancy series of tubes.. ) [much
less make laws about it]

I was in a local city council meeting recently while one of the
council members was chiding a very polite Time Warner Cable "Gov't
affairs" spokesperson on something the council person had obviously
no clue about.. I was embarrassed for him and proud the TWC rep was
able to remain professional..

Making our expertise available to politcos that want to learn sure
seems like a good idea, but I suspect we have to be very careful not
to run afoul of our employers rules and desires on such topics.



>I believe that this is exactly the kind of thing that the US ISOC
>Chapters should be (and are to varying degrees) involved in --
>providing legitimate technical information and expert analysis of
>local, state and federal policies which impact the Internet, to those
>making the policies. The global ISOC already does this for ICANN and
>other international organizations, it seems fitting that the chapters
>do more of this here inside the USA.
>
>I encourage everyone with even a fleeting interest in tech-policy to
>seek out their local ISOC chapter
>(http://www.isoc.org/isoc/chapters/list.php?region=worldwide&status=A)
>and let them know that you care. I can tell you as the founding chair
>of the Colorado chapter that my largest hurdle today is getting active
>members to participate - I have funding, etc, just no help... (I
>invite everyone to contact me directly with suggestions and ideas in
>this vein - I have some vehicles in place to start making this happen
>quickly with a bit of help)
>
></soapbox>
>~Chris


jj at intelequest

Aug 31, 2009, 9:16 AM

Post #22 of 40 (2200 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
Hiers, David wrote:
> Governments already license stock brokers, pilots, commercial drivers, accountants, engineers, all sorts of people whose mistakes can be measured in the loss of hundreds of lives and millions of dollars.
>
> http://sip-trunking.tmcnet.com/topics/security/articles/63218-bill-give-president-emergency-power-internet-raises-concerns.htm
>
>
> Good times....
>
>
>
> David Hiers
>
> CCIE (R/S, V), CISSP
> ADP Dealer Services
> 2525 SW 1st Ave.
> Suite 300W
> Portland, OR 97201
> o: 503-205-4467
> f: 503-402-3277
>
>
>
> This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
>
>
>
>
I must have missed something here... I cannot find in the article or the
bill where it states or alludes to a federal computer license
requirement for computer users.

Is this just more fear mongering or is it in the bill? If it is ... where?

Jason Jenisch


beckman at angryox

Aug 31, 2009, 9:20 AM

Post #23 of 40 (2203 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Mon, 31 Aug 2009, Jason Jenisch wrote:

> Hiers, David wrote:
>> http://sip-trunking.tmcnet.com/topics/security/articles/63218-bill-give-president-emergency-power-internet-raises-concerns.htm
> I must have missed something here... I cannot find in the article or the
> bill where it states or alludes to a federal computer license
> requirement for computer users.

"The proposal also includes a federal certification program for "cyber
security professionals," and a requirement that certain computer systems
and networks in the private sector be managed by people who receive that
license, CNET said."

---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman [at] angryox http://www.angryox.com/
---------------------------------------------------------------------------


smb at cs

Aug 31, 2009, 9:31 AM

Post #24 of 40 (2213 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
On Mon, 31 Aug 2009 12:15:10 -0500
Reese <reese [at] inkworkswell> wrote:

> Valdis.Kletnieks [at] vt wrote:
> > On Sun, 30 Aug 2009 10:59:34 +1000, Jeff Young said:
> >> Having met more than a few people in government IT, all jokes
> >> aside, I think they're pretty well equipped to know when and if
> >> they need to disconnect from the Internet, even without an
> >> executive order.
> >
> > Department of the Interior had *how* many court-ordered
> > disconnections?
>
> Does this tread on open "secrets," inside knowledge, or hoped-for
> info? Just asking, I'm guessing you know something I don't and I'd
> like to be in on it.
>
I'm not sure what you're asking. Those disconnections were
well-covered in the press. Start with
http://www.doi.gov/news/grilesmemo.htm but there's a lot more that a
quick google search will find.


--Steve Bellovin, http://www.cs.columbia.edu/~smb


jbates at brightok

Aug 31, 2009, 10:13 AM

Post #25 of 40 (2201 views)
Permalink
Re: Ready to get your federal computer license? [In reply to]
Peter Beckman wrote:
> "The proposal also includes a federal certification program for "cyber
> security professionals," and a requirement that certain computer systems
> and networks in the private sector be managed by people who receive that
> license, CNET said."

Presumably, this is to increase security of private sector networks that
interconnect with government networks and high risk networks such as
banks and utilities. Presumably it wouldn't mandate the social
networking, ESP/ISP sectors.

Jack

First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.