11th November 2006
I was going to consolidate this into the thread by Adrian, but I think this is a big enough discussion that it shouldn't clog up existing debate.
President Trump is expected to sign a new executive order today, specifically on cybersecurity. According to observers that have gone over the draft of the document, it will diminish the FBI's role in cybersecurity, and neglects to classify the US election system as a "vital" infrastructure. Neither are particularly big things, though they do indicate a rather ignorant posture towards public opinion, as the latter is something that has been called on by numerous experts and organisations.
You can have a browse of the document here: https://assets.documentcloud.org/documents/3424611/Read-the-Trump-administration-s-draft-of-the.pdf
Voice of joy and sunshine
26th May 2003
The bulk of the document seems like a lot of hot air to me. You know - new manager comes in, there's a problem that people have been working on for a while, new manager asks for reports and thinks that they're magically going to sort out a complex problem by dint of being 'involved' with it - whatever that means - despite their total lack of any relevant subject knowledge.
It seems to fold a few things together in terms of authority, which is a little worrying, but it doesn't directly order anything significant.
It's naive to believe that any asset of interest to a state actor can be secured as long as it's connected to the internet. I mean if the question is 'How do we secure our computers when we plug them into a network that has hostile code on it?' the answer is 'Well, don't do that in the first place. And just to be on the safe side let's remove all those standard connectors that people like plugging things in to. Hand me the epoxy, I've a date with a USB port...'
Moving things offline doesn't automatically secure them, but it makes attack a lot harder. As is, if two states seriously go at each other the result is... messy. In the mean time, information is going to be stolen as long as you insist on plugging your super-secret stuff into a public network - and that's just business as usual. There's no mutually assured destruction involved, there's no realistic defence you can be sure of, you can't even really be sure of the attackers... it's just an inherently unstable environment where all the motivation is to break into your opponent's insecure information. If you don't want to play that game - stop putting it online.