What Obama and Congress Should Do for Cybersecurity
Amid much wrangling over how to allocate funds out of an increasingly out-of-control federal budget, the editors and writers at eight of the TechMediaNetwork's sites sought the advice of dozens of researchers, technologists, futurists, analysts and business owners in fields ranging from space and Earth science to health and technological innovation.
We asked one simple question:
If you could ask President Obama and Congress to do one thing related to your field that would be for the good of the economy and the country, what would it be and why?
The insightful answers are presented in six linked articles on SPACE.com, LiveScience, MyHealthNewsDaily, SecurityNewsDaily, and BusinessNewsDaily, with reporting also provided by the staffs of OurAmazingPlanet and InnovationNewsDaily.
The respondents, ranging from actor Wayne Rogers to tech investor and philanthropist Esther Dyson, called for investment in science and technology and responsible regulation, but also asked government give researchers and businesses the freedom they need to do their work.
At SecurityNewsDaily, we asked respondents to focus their answers on cybersecurity. Here are their replies:
"America needs to focus on the real threat and stop obsessing over the media-hyped attacks like Stuxnet and Aurora. Average Americans are being bilked of tens of millions of dollars every single day, a death of a thousand cuts if you will. Our focus shouldn't ignore defending our critical infrastructure, but our attention is misplaced. Every compromised computer in the U.S. is not only a threat to our internet safety, but funding the very criminals who put as at risk." (Photo credit: Sophos Ltd.)
Chester Wisniewski, Senior Security Advisor, Sophos Inc.
"If I could ask President Obama and Congress for one thing, that would be to forget any of their plans about a global "Internet Kill Switch". Such plans make me nervous. They provide no real security. And if you do build an Internet Kill Switch, do not be surprised if someone else presses it." (Photo credit: Mikko Hyppönen.)
Mikko Hyppönen, Chief Research Office, F-Secure Corporation
"Obama and Congress should establish ISP [Internet service provider] liability for malware hosted by each ISP's clients (with appropriate indemnity for legitimate mistaken blocking of users if the mistakes are corrected). That would give ISPs the right and the incentive to keep their bit of the Net clean and to train/support users (often Innocent predators) properly. Many ISPs (e.g. Comcast) would love to do this, but want their competitors to do it too, since there are costs that will ultimately be passed on to users and would put the "good" ISPs at a competitive disadvantage. (Right now those costs are borne by or passed on to the victims.) Expert users who want to opt out of ISP oversight could post a security bond and do so; the bond would be payable if they or their systems misbehaved.
For extra credit: Establish a regime where e-mail senders above a certain consumer-style volume are charged a micro-fee per message; it would clean things up dramatically. Details on request!" (Photo credit: Asa Mathat.)
Esther Dyson, investor, philanthropist and commentator on digital technology
"Viewed from in the U.K. as I have done over the last 15 or more years, the biggest single threat to a coherent U.S. cybersecurity policy [that] President Obama and Congress face is the multiplicity of agencies all claiming primacy. Add to that the large number of commercial organizations lobbying hard with lurid anecdotes and claims while they try to seize their maximum share of tax-payers' funds. Until there is a clear top-level structure to identify national interest and make firm decisions, wasted money and inadequate preparation will, alas, continue. The main emphases will need to be on resilience and contingency planning, as the difficulties of reliable attribution make notions of counter-attack and deterrence mostly unrealistic." (Photo credit: Peter Sommer.)
Prof. Peter Sommer, London School of Economics, co-author of recent OECD study Reducing System Cyber Security Risk
"One, use your immense buying power to improve the security of commercial products and services. You already have to secure your own networks; anything you demand from vendors helps us all. Legislate results and not methods; the former spurs innovation while the latter dampens it. And invest broadly in cybersecurity research." (Photo credit: Steve Woit.)
Bruce Schneier, Chief Security Technology Officer, British Telecom, noted cryptographer and computer security specialist
"The president should move to reform the demonstrably unethical and ineffective manner by which the various federal intelligence agencies collaborate with contracting firms such as HBGary and Palantir, whose employees have been revealed via an ongoing investigation by Anonymous to have engaged in a degenerate campaign against Wikileaks, Glenn Greenwald, and our own movement, among other parties. That our own all-volunteer, emergent committee of IT specialists and tacticians were able to infiltrate HBGary's servers and distribute the very 'information' that they hoped to sell to the FBI should be of concern to everyone who hopes to see our government protect the nation from the real threats that stem from Chinese and Russian hackers -- threats which have nonetheless expanded even as the feds turn more resources over to investigating our liberty-oriented collective." (Photo credit: Nikki Loehr.)
Barrett Brown, Internet freedom of speech activist, author, commentator and occasional spokesman for the "hacktivist" group Anonymous
"Obviously, there is a difference between what ought to be done and what can be done, given the cultural attenuation of the Cold War in D.C. Being an optimist, I'll stick to the former.
The best thing he [Obama] could do for cybersecurity would be to invoke anti-trust law to stimulate redundancy in the Net. While the Internet is inherently robust in architecture, it is much less so in practice, owing to the concentration of long bit-haul capacity into the control of a few corporate entities, most of them Bell-headed.
The are a lot of other things I'd suggest if I could, like eliminating the Maginot (firewall) mentality, decentralizing DNS resolution, increasing the use of biometric identity assurance in authorized users, and routinely encrypting data. The list is long and futile." (Photo credit: European Graduate School.)
John Perry Barlow, fellow at Harvard's Berkman Center for Internet and Society, co-founder of the Electronic Frontier Foundation, libertarian and former Republican activist, lyricist for the Grateful Dead
"The biggest political move that could be taken right now to improve cybersecurity is repealing the DMCA. Ignoring the fact that I am currently being sued using it, it has done awful things to the state of computer security research in the US. The EFF [Electronic Frontier Foundation] explains it much better than I could at https://www.eff.org/wp/unintended-consequences-under-dmca. Put it this way, when China and Russia have all the clever hackers (and face it, it's 'hackers' in the true sense of word that advance security), remember this advice: There is certainly no DMCA there." (Photo credit: George Hotz.)
George Hotz, first hacker to jailbreak both the iPhone and the PlayStation 3, currently being sued by Sony for the latter
See more responses to the same question in other fields:
What Obama and Congress Should Do for Science
What Obama and Congress Should Do for Technology & Innovation
What Obama and Congress Should Do for Spaceflight & Space Exploration
What Obama and Congress Should Do for Health & Medicine
What Obama and Congress Should Do for Small Business