Biden Administration Forms Cybersecurity Review Board To Probe Failures (wsj.com) 38
The Biden administration has formed a panel of senior administration officials and private-sector experts to investigate major national cybersecurity failures, and it will probe as its first case the recently discovered Log4j internet bug, officials said. From a report: The new Cyber Safety Review Board is tasked with examining significant cybersecurity events that affect government, business and critical infrastructure. It will publish reports on security findings and recommendations, officials said. Details of the board will be announced Thursday. The board, officials have said, is modeled loosely on the National Transportation Safety Board, which investigates and issues public reports on airplane crashes, train derailments and other transportation accidents. The new panel's authority derives from an executive order that President Biden signed in May to improve federal cybersecurity defenses.
The cyber board isn't an independent agency like the transportation board and will instead reside within the Department of Homeland Security. It will have 15 members -- three times as many as the full complement of the transportation board -- from government and the public sector who don't need to be confirmed by the Senate. It lacks subpoena power, unlike the transportation board. Homeland Security Secretary Alejandro Mayorkas said in an interview that the cyber board was intended to draw solutions to future problems from past cybersecurity crises, rather than casting blame where shortcomings are identified.
The cyber board isn't an independent agency like the transportation board and will instead reside within the Department of Homeland Security. It will have 15 members -- three times as many as the full complement of the transportation board -- from government and the public sector who don't need to be confirmed by the Senate. It lacks subpoena power, unlike the transportation board. Homeland Security Secretary Alejandro Mayorkas said in an interview that the cyber board was intended to draw solutions to future problems from past cybersecurity crises, rather than casting blame where shortcomings are identified.
Probe successes, too? (Score:3)
It is vital to know why some things succeed, not just how other things failed.
Re: Anything to distract from securing the borders (Score:2)
Securing the borders against migrant workers is not a priority. In fact it worsens inflation.
Re: (Score:2)
Re: (Score:2)
Also consider, during Trump's reign, we didn't have rampant border crossings and we didn't have rampant inflation.
The Consumer Price Index rose 7.6% under Trump, and the decrease in border crossings was due to Trump's illegal attacks on refugee seekers. We have a legal obligation (per treaty) to accept refugees, and a moral one as well given that our actions created many of them.
Re: (Score:3)
It's hard to probe cybersecurity successes, when "success" merely means "hasn't been broken yet."
Re: (Score:2)
If "yet" is a long enough period under enough exposure, that's absolutely a mark for success.
In fact, that's how we test material things. We put it under pressure and check if it breaks. Sometimes, we can't get it to break. If we put 100t on it and it's still standing, we feel comfortable writing "can carry 50t" on it. (yes, we leave a margin of error)
It's the American way (Score:2)
I would imagine that if all the members of the "Cyber Safety Review Board" (pompous enough title?) were to chip in, say, 1% of their salaries, enough money would be raised to hire several proper software security experts to fix the problems.
As it is, the announcement looks like a savage satire on modern US (and UK) government.
Here we have a small piece of useful software, written and maintained free of charge by volunteers. After many years, it turns out not to be completely proof against attack by determin
Re: (Score:1)
Re: (Score:2, Insightful)
No, President Biden has delegated others to investigate these cyber failures. It's what a good leader does, delegate. They don't go around burying their heads in the sand and saying everything is under control [go.com].
Re: (Score:3, Funny)
Correct, President Biden delegated it to VP Kamala Harris: https://www.whitehouse.gov/bri... [whitehouse.gov]
Well done.
There is no "President Biden" (Score:1, Insightful)
Joe Biden's elevator stopped servicing the top floors many years ago. Indeed, if we had real journalism then, his fiasco during the debate with Sarah Palin [nytimes.com] should've resulted in his removal from the Obama's campaign — and moving into a retirement community:
Had a
Re: (Score:3, Informative)
It says more that even if one took everything you stated as true fact that he was still abundantly more qualified and capable than the alternative candidate in just about every factor, cognitive ability included.
Also maybe read up about how the US government works. Those working for the executive branch, and that includes most the 3 letter agencies, work at the behest of the President, so the "unknown people" (who are "known", it's public record) are there if the president wants them, especially at the lea
Re: (Score:1, Troll)
Putin invaded Ukraine, when "Biden" was in the Administration, and he is threatening full invasion now [nytimes.com], that Biden is (ostensibly) back in the Administration — having made no such threats during the "alternative's" 4 years. What does this tell us about "Biden's" qualifications and capabilities?
It stops being democratic when, instead of helping him, these people sabotage the President [nytimes.com], both legally [usatoday.com] and even criminally [cnn.com].
Preside
Re: (Score:3)
If in your mind you are boiling down the geopolitical situation in Easern Europe to "one guy in, other guy out" I don't have the patience to explain to you the breadth of complexity, energy resources, historical circumstances that combine to create the situation there today.
I could just as easily say that 4 years of destabilization of NATO and a very puclically weak diplomatic front conceringin Russia over that term has led to the situation. I don't though because in reality the Russia situation is not the
Re: (Score:1)
You could, and I'll rub your nose into your own shit again over it. That "destabilizing NATO" nonsense was thrown at Trump all the time — because he was mean to Merkel, whose Germany continues to year after year [statista.com], spend less than 1.5% of the GDP on defense, whereas NATO requires a minimum of 2% spending. Moreover, as is now becoming public [bloomberg.com], it was Merkel, who sabotaged arms-supplies to Ukraine [112.international].
I don't know, why she did it — maybe,
Re: (Score:3)
Good thing I didn't make that claim but used it as an example to show just how empty your point about Biden vs Trump was. Thank you for making my point for me that this is an issue far exceeding any singluar President but is a complicated mess of wildly varying geopolitical interests and a decades long history of decisions, including seemingly bad ones by NATO allies themselves.
I never made the claim as "helping the President" that's a strawman. What I said was they serve at the discretion of the Presiden
Re: (Score:2)
You switched the conversation from "Biden is senile" to "Trump is worse"...
No, it is not. You wrote:
That was technically incorrect — most of the staff are "career employees", not selected by the President's picks, who cannot fire them. But, in addition to technicalities, It was not correct in spirit either,
Re: (Score:2)
Only people that consume too much right-wing propaganda think Biden is senile. Most people have seen him at press conferences and know he's fine. It's the typical right wing projection of their weaknesses on their opponents. Trump was mentally deficient (to the point that he was bragging about "passing" dementia tests) so they try to claim Biden was senile. The gullible followers will believe anything they see in a meme or carefully edited video so it spread.
Re: (Score:2)
That wasnt a switch, that was the very beginning of this exchange. Notice how I never denied Biden was senile. Maybe they both are, maybe neither is. Point was that even if Biden was as senile as you presume him to be he is doing a better job than Trump did. From legislation, to foreign policy, to cabinet picks to just general decorum. My opinion for sure, but I am confident I could demonstrate it.
I can give you that, if you want to be pedantic but I was correct about all the agency heads who could eas
Re: (Score:1)
his, trump's plan was to leave germany as the largest nato force in afghanistan after we pulled out with no warning therefore making sure we had to return only AFTER as you say they rubbed their nose in it. and he did nothing to discourage the ukraine situation and even began a reduction of troops AFTER threatening to leave nato despite the signals, again just to rub someone's nose in it..? This only possibly points to his economic strategy of boosting the us economy by helping to cause two conflicts we wou
Re: (Score:3)
As opposed to trying tooverthrow an election [nbcnews.com] through hook [thehill.com] or by crook [cnbc.com]?
Re: (Score:2)
Any time you suspect a crime has been committed, you'd try to overturn whatever results came out of the crime.
Trump's suspicions were warranted — for a Republican to lose Georgia (while winning Florida!!) is quite unusual...
Meanwhile, the FBI agents knew, that Steele's dossier was bogus, but lied to continue "investigating" anyway.
Re: (Score:2)
Re: (Score:1)
"....I gotta have more cowbell baby...!" that and "...more open source...!"
Re: (Score:1)
Ah yeah, Sarah Palin. Remember all the tolerant, kind people wearing "Sarah Palin is a Cunt" tee-shirts? How tolerant! How supportive of women! Remember the feminism-free feminists who laughed right along?
"This past weekend, I went to Lollapalooza in Chicago. I wore my new shirt, which in big letters, states "Sarah Palin is A Cunt." I knew in this extremely liberal city, the hometown of Barack Obama, that I would not get lynched, but I wasn't expecting so many compliments. Literally over 100 people com [pointsincase.com]
Great job for... (Score:3)
Great job for a bunch of ass-hat politicians that will never understand what the vulnerabilities actually were and, more importantly, what they were not.
I'm constantly having conversations with clients that no, just because they have such and such version does not mean they are automatically vulnerable, they'd have to be using such and such feature first which I know they are not, blah blah blah.
The last thing we need is a bunch of no-nothing politicians who know squat about technology coming in to review what is going on...
Re: (Score:1)
Fairly frequently I come into contact with people who thought their sophisticated understanding of vulnerabilities means they understood they aren't susceptible to the latest POC code circulating. I'm not trying to paint you with this brush but there is a potentialy dangerous line of reasoning here that needs to be pointed out.
While in the main people that carefully analyze vulns can often to be right about the most recent thing, what they sometimes don't notice is that their careful analysis can become a r
Re: (Score:2)
Starting with log4j. What it was not was a bug. It was a feature that someone added on purpose, and no one else piped up to say, "Wait, no, that's stupid!"
Please (Score:3)
Before cyberposting any more cybercomments, please cyberprefix every cybernoun, cyberverb, and cyberadjective with "cyber."
Sincerely,
The Cybercommittee of Cyberspelling Cybernazis
The POLICY is the failure (Score:1)
TURBULENT and TURMOIL **REQUIRE** our computing to be insecure.
That is the heart of the problem.
From the NSA/CIA hoarding vulnerabilities to be leveraged by the above programs (if you're not familiar with them, you bloody well should be) and not letting vendors know and closing them, to this whole stupid POLICY of spying on EVERYONE because those who are influential in our governments are downright involved in criminal behaviour are scared shitless we will find out about what they have been up to. Look at
top three (Score:2)
Here's top three reasons cybersecurity is pathetic that I'm sure they will NOT be looking into:
1. The focus on quarterly results - pressure to put out a profitable product NOW means shortcuts are taken during development. Many security issues are the result of software bugs. Many of those bugs could be avoided with more resources devoted to quality.
2. Common tools - putting more powerful tools into the hands of everyday users means putting more exploit potentials into the hands of millions of easy marks. Ma