Tweet
Cybersecurity is a huge topic, and if you care about your personal banking information, medical information, copyrighted blueprints, software, or other valuable information, then this item, written by Gen. Richard Clarke, ought to alarm you:
Obama is now being told by economic advisor Larry Summers that those advocating greater coordination of efforts on cyber security are misguided, that they seek to impose intrusive and costly regulation on industry, and would stifle innovation. Summer’s solution is that someone in his office, which is busy with other things, should have equal responsibility to deal with this set of cyber challenges with another official buried somewhere on the National Security Council staff. [my bold]
During the past six months, I’ve been notified by two divisions of a large research university that my tax ID, billing, and payment information has been compromised by hackers who managed to hack into the university databases and steal information. If I’m innovative and creative, but my economic information is stolen or compromised, then cybercriminals benefit. And I lose.
Summers argument distills to this: ‘if you have cops in your neighborhood, it will destroy your creativity’. That’s flawed. In fact, having cops in my neighborhood means that whatever I create, I can profit from because it won’t be hacked, stolen, pirated, or fraudulently used.
The important decision about whether Obama will appoint a specific position called a ‘Cybersecurity Czar’ is not primarily an issue of ‘economic opportunity’. It’s an issue of national security.
Larry Summers is Obama’s Economic Advisor.
Unless Larry Summers can answer the following — very simple! — questions, he has zero qualifications or background to recommend whether or not America needs a specific individual to oversee and report directly to the President and Congress on complex issues related to Cybersecurity. Every single question below is relevant to the development of products or projects that involve(d) economic innovation.
1. What does ‘http’ stand for, and what is it?
2. What does ‘ftp’ stand for, and what is it?
3. What does UTF mean?
4. What kinds of databases and software are most frequently used by American-based banks? What are their security protocols? How often does their online security staff turn over?
5. Explain the term ‘hidden file’ and describe how you might locate one?
6. Explain firewalls. What are they? Where are they? Who administers them?
7. Explain the following file types, and briefly explain what each file type encodes: ftp, doc, swf, png, jpg, xml, exe, mp3, mp4, mov, psd, xls, fla, as, js.
8. What are the potential security risks associated with each file type listed in Question 7?
9. Explain a ‘network topology’; are they all identical? Or not? (And if not, describe differences that might pose issues for security.)
10. What types of encryption are typical of online banking transmissions in US banking transactions? How would you monitor their security and track any problems stemming from compromised data?
11. What types of transmissions are most (or least) secure?
12. Who tracks, monitors, reports, and addresses security breaches in US banks, corporate databases, and municipal and state government offices? With what levels of detail? How frequently? What actions are taken in response? By whom?
I’m not a security maven; frankly, it’s not an area of computer use that interests me all that much. But I can answer those questions, and it’s my strong hunch that neither Larry Summers — nor his staff — can answer more than three of those questions.
Asking Larry Summers to recommend whether the US has a Cybersecurity Czar is a bit like asking a kindergartener to read Tolstoy. He may be a very smart man, but he simply doesn’t have the technical background to make a useful recommendation! He’s the wrong guy to ask! Despite the best possible intentions, his advice is bound to be misguided; it’s not possible for him to grasp the elements he needs to understand to advise the President about whether or not to implement a separate, specific position for a Cybersecurity Czar.
Without secure data and communications lines, only pirates, thieves, liars, cheats, and creeps make money. And they make it by stealing the ideas, copyrighted material, and hard work of those who actually generate creative ideas. They also steal it by hacking the databases of large research institutions, banks, and corporations.
That’s what Larry Summers does not seem to understand.
But Gen. Richard Clarke clearly grasps that aspect of the decision that President Obama is called upon to make.
If anyone has ideas about how to shed more visibility on Gen. Richard Clarke’s point that a Cybersecurity Czar is badly needed and long overdue, please feel free to offer ideas (!).
14 Comments
“only pirates, thieves, liars, cheats, and creeps make money” ; and what do you think Summers is ?
All of the above?..’g’. The only thing Summers knows about cyber security is where to dump cyber waste aka computers, etc. He is one of those who created the business of dumping toxic waste in the water and on the land of poor countries. Think of places like Somalia..high unemployment..contaminated water..ruined fisheries..pirates. Summers wrote this memo on Dec.12/01 when he was the chief economist for the World Bank.
**************
“‘Dirty’ Industries: Just between you and me, shouldn’t the World Bank be encouraging MORE migration of the dirty industries to the LDCs [Less Developed Countries]? I can think of three reasons:
“1) The measurements of the costs of health impairing pollution depends on the foregone earnings from increased morbidity and mortality. From this point of view a given amount of health impairing pollution should be done in the country with the lowest cost, which will be the country with the lowest wages. I think the economic logic behind dumping a load of toxic waste in the lowest wage country is impeccable and we should face up to that.
“2) The costs of pollution are likely to be non-linear as the initial increments of pollution probably have very low cost. I’ve always though that under-populated countries in Africa are vastly UNDER-polluted, their air quality is probably vastly inefficiently low compared to Los Angeles or Mexico City. Only the lamentable facts that so much pollution is generated by non-tradable industries (transport, electrical generation) and that the unit transport costs of solid waste are so high prevent world welfare enhancing trade in air pollution and waste.
“3) The demand for a clean environment for aesthetic and health reasons is likely to have very high income elasticity. The concern over an agent that causes a one in a million change in the odds of prostrate cancer is obviously going to be much higher in a country where people survive to get prostrate cancer than in a country where under 5 mortality is is 200 per thousand. Also, much of the concern over industrial atmosphere discharge is about visibility impairing particulates. These discharges may have very little direct health impact. Clearly trade in goods that embody aesthetic pollution concerns could be welfare enhancing. While production is mobile the consumption of pretty air is a non-tradable.
“The problem with the arguments against all of these proposals for more pollution in LDCs (intrinsic rights to certain goods, moral reasons, social concerns, lack of adequate markets, etc.) could be turned around and used more or less effectively against every Bank proposal for liberalization.” “
************
” This trade has been facilitated through tens of billions of dollars of financing by the World Bank, the U.S. Overseas Private Investment Corporation, and the U.S. Export-Import Bank, government institutions in which Mr. Summers has wielded his economic logic. His 1991 memo can be considered a working thesis behind this decade’s dominant global economic policies. “
http://counterpunch.org/summers.html
Ah, the Cost/Benefit Analysis Methods, circa 1970s. I once entertained a Professor of mine by handing in a spoof of the C/B method, complete with party favors. (Fortunately, he had a great sense of humor and I came out academically unscathed.)
This is only part of what happens when economists make policy decisions with zero background in climatology, soils chemistry, wind patterns, or even basic chemistry.
Summers’ ‘logic’ here is absolutely classic.
No chemicals ever concentrate; they never move into soils or foods, they never alter soils (which can then alter vegetation and weather patterns), and according to this dry ‘logic’ the chemicals never combine into lethal toxins and always break down rapidly.
This is what happens when we let people mistake elegant math and ‘logic’ as more important than the biological processes that underlie and support life.
But I suspect that I’m preaching to the choir…?
..affirmative..’g’
I think he’s a man in over his head asking the wrong questions about a very significant set of complex problems. If he were really smart, he’d tell the President that he’s not able to give good information on the key question of whether or not there should be a Cybersecurity Czar ;-))
john in sacramento@2: same coast; farther north.
Hackers seem to have a special interest in research universities; in this instance, my project was related to a health care project and so the potential exists for someone to steal — or tamper with — data.
Don’t know if you’re talking about Berkeley but …
http://www.sfgate.com/cgi-bin/…..#038;tsp=1
Maybe Summers doesn’t want the overhead of having to call a technical person for every small issue a knowledgeable person could take care of but doesn’t have permissions for, and that is understandable.
If he he trying to have doors left open that is another.
But his job is to help protect the safety, security, and information of citizens.
If he can’t figure out how to work with tech support, then he has bigger problems than we should have to deal with in a key policymaker.
By EU standards, and the privacy standards in place in Canada, Australia and Japan, the US is a pirate’s paradise. “Hacking” is big business, but not as big as appropriating what elsewhere would be considered personal identifiable information.
Take something as simple as your individualized cable viewing habits. They are monitored 24/7 by your Tivo and downloaded to your provider’s databases daily. They claim exclusive ownership and use of that data. It’s converted into billions of dollars of marketing information.
It’s a booming business. Who owns the increasing volumes of date produced by your cell phone’s GPS tracking device? You bought the phone, it’s your GPS chip, you pay monthly for the service, but the data is claimed by your provider. Ditto with your car’s computer. Paired with a vehicle’s GPS chip, it too records the car’s position, direction, movement, as well as the pedal and steering wheel movements. Who owns that data? The car or car computer manufacturer; your auto, life or medical insurer; your local, state, or federal government? Odds are it isn’t you. It should be.
As RDF and other recording and emitting sources proliferate, your habits and movements are being recorded and analyzed in increasing frequency and detail. Ditto your credit or debit card usage, your frequent shopper cards at the grocery store, the automated toll road device, etc.
Banks and financial services providers are big players in this field and want it to remain unregulated. They owe you no rights and make billions off your data. Little wonder that an economist and former Goldman god would want to be cyber “security” czar – or be the patron of the Geithner-like appointee. Gotta keep things in the family.
” Banks and financial services providers are big players in this field “
***************
Even the use of the word czar in the US started because of corrupt banks. Considering the word means ‘emperor’, it is appropriate to describe those who want to make final policy decisions irregardless of the opinion of the citizens of the US. The use of Czar and Homeland should be banned. They both have negative connotations.
Canadians are not safe from many of the same intrusions on privacy. Chips are present in everything from vehicles to toothpaste purchased from the US. Any store that has its in head office in the US, pulls off the same devious data tracking with the points cards, etc. that one is forced to use if one wants the sale price. It is on the applications. For many years protection was assumed when the small print said “we do not buy or sell” your information. Ha! They did not say “we do not give, lend, or trade” your information. They do exactly that. Vehicles have the same data collection, including the speed travelled. For many years that was kept secret from the Canadian public. Most people still don’t know that type of tracking exists.
Most people in Canada do not pay to activate the GPS function in their cell phones. Some cell phone plans include the feature for free. Law enforcement can activate the GPS at any time they want without the person being aware that it has been done. Cell phone microphones can be activated even when one’s cell phone is turned off. A person can be listened to at any time unless the battery in the phone is disconnected. That is why and how easily the activists and reporters at the RNC were arrested before the convention. The information as to their plans to protest were known from eavesdropping and tracking their phones. It makes the case against the people charged in connection to the RNC an interesting one. What evidence is the government going to use against them? The most serious charge was recently dropped; likely because it involved disclosing illegally obtained information.
**************
” On the American scene, czar was first bestowed on one of Andrew Jackson’s foes: Nicholas Biddle, president of the Bank of the United States. Jackson vehemently opposed the centralized power of the bank, which he called a “hydra of corruption,” and his clash with Biddle exploded into the “Bank War” of 1832-36. One of Jackson’s staunchest allies in this fight, Washington Globe Publisher Frank Blair, dubbed Biddle “Czar Nicholas”—a potent image at a time when Russia’s Nicholas I was at the height of his repressive nationalist regime. (Jackson’s opponents fought fire with fire, calling him King Andrew I.) “
http://www.slate.com/id/2207055/?y=1
Ironic of Jackson to have opposed the bank. The reaction to his ruthless discarding of federal employees and replacement of them with those personally loyal to him and his party was a driving force behind what became federal civil service protections. The same protections that Dick Cheney made it his lifetime ambition to overturn, most glaringly at DoD, Homeland Security and the CIA. The latter under the argument that spooks shouldn’t have union protections or the right to strike – except that only a small fraction of its personnel were field agents. Most are stay-at-home analysts, computer geeks and so on for whom that argument is false.
Back to the main argument. The US ought to be more concerned about true cyber security generally. Hackers and professional abusers are a big enough problem. Routine negligent handling of sensitive, personally identifiable information is a daily occurrence, so much so that better regulation, enforcement and penalties are essential to reduce data losses. Banks, in particular, are experts at avoiding such liabilities from both governments and in their adhesion contracts with customers.
Putting a banker in charge of cyber security, instead of a digital version of Elizabeth Warren, would be ceding an enormous field to private banks and usurpers over personal information. The stakes are worth hundreds of billions. My guess is it will get about three column inches in the daily papers.
” Gotta keep things in the family.”
************
Sir Allen Stanford’s case illustrates that. No government appointed security czar is going to protect the people from corrupt government officials and organizations. The SEC sure didn’t do its job in that area. Stanford tried to turn himself in, but there still is no warrant for him. US regulators are refusing to release funds for him to pay lawyers (guilty before a trial and he hasn’t even been charged yet) and the BBC has some interesting information that if correct, it explains a lot.
************
HOUSTON (Reuters) – Allen Stanford, the Texas billionaire facing civil fraud charges, attempted to turn himself in at the federal courthouse in Houston on Thursday, but was turned away because there is no warrant for his arrest, his lawyer said.
Stanford and DeGuerin went to the federal courthouse Thursday afternoon, but the U.S. Marshals would not take Stanford into custody, the lawyer said.
Stanford, who does not face criminal charges, but has said he expects to be indicted, will try to turn himself in again next week, DeGuerin said.
“I said to the marshals, if you get a warrant, give me a call,” DeGuerin said.
http://www.reuters.com/article…..VN20090501
U.S. regulators who have accused Allen Stanford of an $8 billion fraud filed court documents on Monday opposing the Texas financier’s efforts to have $10 million released to pay his legal fees.
“Stanford is not entitled to use his ill-gotten gains to pay for his defense,” the filing in U.S. District Court in Dallas said, citing the executive’s lack of cooperation with a court-appointed receiver and his failure to provide an accounting of investor funds.
http://www.reuters.com/article…..9J20090504
Secret documents seen by Panorama show both governments knew in 1990 that the Texan was a former bankrupt and his first bank was suspected of involvement with Latin American money-launderers.
In 1999, both the British and the Americans were aware of the facts surrounding a cheque for $3.1m (£2.05m) that Sir Allen paid to the Drug Enforcement Administration (DEA).
It was drug money originally paid in to Stanford International Bank by agents acting for a feared Mexican drug lord known as the ‘Lord of the Heavens’.
The cheque was proof that Stanford International Bank had been used to launder Mexican drug money – whether or not Sir Allen knew it at the time.
Panorama understands that the decision was taken because of a request by another government agency.
Panorama is aware of strong evidence that Sir Allen was a confidential agent of the DEA as far back as 1999 – the year he made out the $3.1m cheque to the DEA.
Sources close to the DEA believe he worked with the agency, turning over details of money-laundering from Latin American clients from Colombia, Mexico and Venezuela and Ecuador, effectively guaranteeing himself a decade’s worth of “protection” from the authorities, especially the SEC.
http://news.bbc.co.uk/2/hi/uk_news/8029494.stm
Recommended. Thanks rOTL.
Good catch! Now, what is the underlying reason this man would have for this position he’s taking? I smell a rat!