I’d say that this is the worst idea I’ve seen come out of the Obama Administration and Congress, but the list is so long by this point:
The Rockefeller-Snowe measure would create the Office of the National Cybersecurity Adviser, whose leader would report directly to the president and would coordinate defense efforts across government agencies. It would require the National Institute of Standards and Technology to establish “measurable and auditable cybersecurity standards” that would apply to private companies as well as the government. It also would require licensing and certification of cybersecurity professionals.
The proposal would also mandate an ongoing, quadrennial review of the nation’s cyberdefenses. “It’s not a problem that will ever be completely solved,” Rockefeller said. “You have to keep making higher walls.”
And the government knows less about making those walls than many in the industry do, and yet Obama is going to demand that I be certified with a license from the federal government? I’ll agree to that when Obama, and the politicians who are looking at passing this nonsense can explain to me how to harden a LAMP server with even a quarter of the understanding of the process.
Yes, there are a lot of folks out there running IT systems who don’t know what they are doing, and a lot of them work for Uncle Sam. There is no aspect of life in this nation that progressives like Obama don’t want to control.
Hat Tip to Volokh.
“he said the program should be designed in a way that gives Americans confidence that it is “not being used to gather private information.”
And traffic cameras aren’t going to be used for generating revenue.
Tell me another one.
How to harden a LAMP server? Seriously? What makes you think they’ll let you run a LAMP server? Take the behavior of a typical corporate IT department and extrapolate:
Vendors will submit proposals stapled to campaign donations. Vendors will be selected. Certifications will defined by the vendors. Non-compliant systems will be forbidden. Compliance procedures will be prohibitively difficult, forcing consolidation of vendors. Profitability will drop. Stock holders will revolt.
In response, vendor corporations will be nationalized.
There are problems the Fed needs to address internally. They are completely inconsistent and in disarray across the board in regards to IT policy and implementation, especially in security.
Creating a new office is just another example of how the various departments refuse to follow one anothers lead so a new one gets created. Govt bloat to appease feelings.
I wouldmore suspect the certs would follow similar commercial certs. The hardening docs released by the NSA were actually half decent.
I don’t think Republicans are without blame… They just didn’t think of it first.
I was with them up until they decided that it would apply to private entities and would require licensing of private network security personnel. The government does need a consistent, effective standard, instead of the mishmash they have now, but private industry should be left alone to figure out what works best for them.
Whenever I hear the prefix “cyber”, I reach for my gun…
Well look at their line of thinking. If you expouse opinions they don’t like, they will smply deny you a license renewal and you won’t be able to work anymore.