ConEd

Obama Will Propose New Efforts to Make Our Creaky Physically Dangerous Critical Infrastructure CyberSafe

One of Obama’s key proposals in tonight’s State of the Union will be yet another effort to shore up the cybersecurity of our critical infrastructure.

As a threshold matter, I find it a remarkable coinkydink that the WaPo just reported the leaked findings of an NIE saying that the Chinese (and Israelis and Russians and the French, but the Chinese are bigger and badder, apparently) continue to rob us blind via cybertheft. I look forward to learning whether this — unlike the convenient drone rule book leaks supporting John Brennan’s confirmation — get reported as sanctioned leaks, as required under the Intelligence Authorization.

And speaking of John Brennan, he’s the Homeland Security Czar. A big part of his job is keeping us safe from precisely these kinds of attacks. So why didn’t he get a single question about why he should be CIA Director considering he has been such an abject failure keeping us safe from cyberattacks? (He was asked a question about CIA’s role in cybersecurity, but not asked to explain why he has been such a failure in his current role.)

Now, frankly, I don’t know that that is much John Brennan’s fault. Folks will say that the problem is — as it has been since Richard Clarke first started fearmongering on this front — that corporations won’t participate willingly and no one is going to make them.

But the proposal — which you’ll see if you tune in — doesn’t change that. It’s still voluntary.

And here’s the thing that all the cyberexperts in the world seem to be missing. Not only are the private owners of our critical infrastructure unwilling to fix their cyberdefenses. They’re not willing to keep their brick and mortar infrastructure up to date either. See, for example, PG&E or ConEd‘s recent records, for example.

Look, if these companies refuse to keep up their physical infrastructure and their cyber infrastructure, there’s probably an underlying reason motivating their negligence that no amount of immunity or winks or risk-free information sharing on the cyber side is going to fix. Moreover, if they are physically fundamentally unsafe, no amount of tinkering with their cybersecurity is going to make them safe. They’ll be vulnerable to a terrorist attack and be vulnerable to not entirely random failures and explosions.

You need to solve the underlying problem if you want to keep our critical infrastructure safe. And yet another EO, particularly one limited to cybersecurity and not affect brick and mortar integrity, will not do that.

Updated: Reading Obama’s longer proposal, it does aim to increase the “resiliency” of our physical infrastructure too. So it is not limited to cyber. That said, the underlying problem remains. Private companies aren’t spending the money to invest in this, whether it is physical resilience (or bare minimum functionality) or cyberdefense.

Emptywheel Twitterverse
bmaz My question at the outset was why GM concealment was not bankruptcy fraud; now that will be litigated. Good. http://t.co/CCL3wm2HYE
2hreplyretweetfavorite
bmaz @trevortimm Be terrified. Very terrified. Cause what you saw is, I think, all you get.
3hreplyretweetfavorite
bmaz @johnson_carrie According to my wife, "impossible jerk" characterizes lawyers in many locales @npratc
3hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT The constitutional framing is amazingly resilient, but resets are slow.
3hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT I represent far too many of the former and lament the latter. Things change though
3hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT Frankly, US can exert such influence, will not be effective foreign prosec either
4hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT Yes, in these considerations, that is exactly right. Not happening.
4hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT I wasn't being a smart ass, just honest as to situation.
4hreplyretweetfavorite
bmaz @mucha_carlos @ColMorrisDavis @KenDilanianLAT @HoltenMark Safe enough bet; no administration will want to open that can of worms.
4hreplyretweetfavorite
bmaz @mucha_carlos @ColMorrisDavis @KenDilanianLAT @HoltenMark ...ought to give pause in above regards too. If DOJ ever cared about these crimes.
4hreplyretweetfavorite
bmaz @mucha_carlos @ColMorrisDavis @KenDilanianLAT @HoltenMark Well, yes, and the wild expansion of extraterritorial jurisdiction in other cases
4hreplyretweetfavorite
bmaz @ColMorrisDavis @KenDilanianLAT @HoltenMark Granted, what Im saying applies to execution of US nationals as opposed to foreign nationals.
4hreplyretweetfavorite
April 2014
S M T W T F S
« Mar    
 12345
6789101112
13141516171819
20212223242526
27282930