Saturday, February 21, 2015

Implementing Cybersecurity

Bearing in mind that one of my favorite technology themes on this site has been the irreversible degradation of software quality, I have to ask just where the United States plans to recruit our "shock troops" to establish that cybersecurity that our President has now decided is a major issue.

1 comment:

jones said...

It's more security theatre like the pornoscanners in airports.

The NSA has been buying up undisclosed software vulnerabilities to exploit them -- leaving the rest of us exposed to unpatched security threats.

The NSA has been pressuring NIST to weaken encryption standards since the 1970's, beginning with DES and more recently with the Dual EC DRBG. This leaves everybody vulnerable.

Perhaps the "shock troops" are for one part of the government to counteract another, rogue part? After all, NSA acts almost entirely outside of the law, having been created by executive order.

The only law Congress has ever passed to regulate NSA was the National Security Agency Act of 1959 -- which mostly exempts NSA from various other laws. For example:

Sec. 2. (a) The Secretary of Defense (or his designee) is
authorized to establish such positions, and to appoint thereto,
without regard to the civil service laws, such officers and
employees, in the National Security Agency, as may be necessary to
carry out the functions of such agency.

More fun for our sham democracy!