16And he causes all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:A new plan for an international internet ID card has surfaced. We have already seen the invention of an RFID (Radio Frequency Identification Device), which is the most likely device that will serve its purpose in fulfilling Revelation 13:16. With a proliferation of the internet and the ability to buy goods and services on line, this technology must be integrated somehow with the internet. The Defense department has unveiled a plan on the equivalent of assigning a unique identifier for every person that can use the internet in the name of security.17And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
Imagine for a moment if this were to become law; that all must have a 'unique identity' online and that 'unique identifier' must be stored in a national database. One can see the power that such a move would bring to those who controlled these security measures. With one powerful threat, the government could threaten to pull the plug on the internet if one didn't use these identifiers to buy goods online. Combine this identifier number with an RFID chip and walla---we have the system of the beast.
Read this paragraph from a CNET article and notice the parallels.
Another concern: Although the White House is describing the NSTIC plan as "voluntary," federal agencies could begin to require it for IRS e-filing, applying for Social Security or veterans' benefits, renewing passports online, requesting federal licenses (including ham radio and pilot's licenses), and so on. Then obtaining one of these ID would become all but mandatory for most Americans.
Can one not also see this as necessary in order to buy or sell goods (Rev. 13)? We already have the RFID chip waiting in the wings to be rolled out on a national scale, now this. The technology has been developed--now the government is pushing us towards implementation.
Obama Administration Unveils Internet ID Plan
The Commerce Dept. unveiled a plan Friday to create a national cyber-identity system that would give consumers who opt in a single secure password and identity for all their digital transactions.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) will be a voluntary system designed to protect consumers from online fraud and identity theft -- which hit 8.1 million people last year, at a total cost of $27 billion. The problem: The current system of half-remembered passwords jotted down on post-it notes and based on pets and maiden names simply isn't good enough.
"Passwords just won't cut it here," said Commerce Secretary Gary Locke, who announced the initiative at the U.S. Chamber of Commerce. “We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords,” he said.
The "identity ecosystem" will create secure online IDs for Americans who elect to join the program, giving them a single credential -- such as a unique piece of software on a smart phone, a smart card, or a token that generates a one-time digital password -- which they can use to log on to a variety of websites.
Instead of having to remember all those disparate passwords, one for each site that conducts a secure transaction, a consumer would use that single credential to log in, with far more security than a password alone would provide, the agency said.
That log in could be anything: a smart card, a cell phone, a keychain fob, or some other type of gizmo.
And if a user so chooses, they can elect to have several log-ins from different credential providers. Want a key fob from Google and cell phone software from Verisign? Go for it, both will work -- though having two would reduce the simplicity factor, of course.
NSTIC also aims to protect consumers' privacy from the vast array of companies that collect data on their websurfing activity, letting them surf anonymously online. It would not create a centralized database of information, the agency said, because consumers will be able to choose from a variety of programs within the cyber-identity system.
But it's not ready yet. To make the proposal a reality, a multitude of companies have been enlisted to build software, develop new standards and make hardware that will make up the system, including Microsoft, IBM, the Secure ID Coalition and Wave Systems Corp, which exhibited a system for securely accessing a wide variety of websites with just a single password.
"This ecosystem will provide citizens with a variety of choices for authenticating their identity online while helping to protect their security and privacy," said Scott Charney, corporate vice president of Microsoft.
Jim Dempsey, a vice president with the Center for Democracy and Technology, agreed that the program would help address the problems of online threats.
"I think there's a model here perhaps for the broader question of cybersecurity ... the Administration, to my view, has conducted a very open process here," he said.
White House draft bill expands DHS cyber responsibilities
Under a White House plan, the Homeland Security Department will have far-reaching oversight over all civilian agency computer networks.
The proposal would codify much of the administration's memo from July 2010 expanding DHS's cyber responsibilities for civilian networks.
The White House, however, is taking those responsibilities further, according to a source familiar with the document. The administration drafted a legislative proposal to give DHS many, if not all, of the same authorities for the .gov networks that the Defense Department has for the .mil networks.
Federal News Radio recently viewed a draft copy of the legislative proposal.
"I have to question why the Executive branch is writing legislation," said the source, who requested anonymity because they were not authorized to talk about it. "This is not a proposal or white paper like the White House usually sends to Capitol Hill. This is the actual legislation."
The source said the 100-page document is going through interagency review. DHS sent the document around to agencies late last Friday and asked for comments by Monday. The source said few agencies had time to take a hard look at the document, especially in light of the possible government shutdown.
Sources on Capitol Hill and in government confirmed the White House is working on such a proposal.
A DHS spokesman said the agency doesn't comment on pending legislation.
Incorporates Senate cyber bill, OMB memo
The bill would bring together legislative proposals by Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine) and Tom Carper (D-Del.), as well as Office of Management and Budget's memo from July 2010 expanding DHS's authorities.
"The cybersecurity legislation being developed in Congress is a large, complex bill with wide-ranging implications, and several Senate committees are involved in its drafting," said committee spokeswoman Leslie Phillips. "The two primary committees of jurisdiction - Homeland Security and Commerce - completed the bulk of their work last August and ironed out several remaining differences by the end of March this year. However, other committees and the White House are critical to the completion of this bill."
In a statement, Lieberman said, "We have been waiting with great anticipation for the White House to weigh in on the best way to protect the American people from catastrophic cyber attacks. If the White House is on the same path we're on, the Senate should be able to approve comprehensive cybersecurity legislation this year."
Collins said in a floor statement in February about the new bill that the legislation would make DHS a strong partner in the process of securing agency networks, but the White House will be the central point for all cybersecurity across the government.
The Lieberman, Collins and Carper bill would establish a National Center for Cybersecurity and Communications in DHS.
"It would be located within the Department of Homeland Security to elevate and strengthen the Department's cyber security capabilities and authorities," Collins said. "This Center also would be led by a Senate-confirmed director. The Cyber Center, anchored at DHS, will close the coordination gaps that currently exist in our disjointed federal cyber security efforts. For day-to-day operations, the Center would use the resources of DHS, and the Center Director would report directly to the Secretary of Homeland Security. On interagency matters related to the security of federal networks, the director would regularly advise the President - a relationship similar to the director of the National Counterterrorism Center on counterterrorism matters or the chairman of the Joint Chiefs of Staff on military issues. These dual relationships would give the director sufficient rank and stature to interact effectively with the heads of other departments and agencies, and with the private sector."
A second source said the proposal also gives DHS much of the Federal Information Security Management Act (FISMA) authorities that currently fall under OMB, such as policy development and issuance, and the creation of performance measures, guidelines and training.
The first source said the proposal actually goes further than previous bills and memos. The source said the DHS secretary would have broad authorities and oversight responsibilities similar to what Gen. Keith Alexander has with DoD's U.S. Cyber Command.
DHS oversees all civilian cybersecurity
The bill authorizes DHS, in coordination with OMB, "to exercise primary responsibility of operational aspects of IT security in agencies" that is consistent with OMB guidance. The DHS secretary "shall oversee agency security implementations, the implementation of policies" and compliance with policy and regulatory requirements.
DHS and OMB also would issue "compulsory and binding directives" oversee the implementation of agency information security policies, review agency information security programs, designate a person to receive information on security threats and issues and address incident response.
The bill exempts national security and DoD systems from DHS oversight.
Under one version of comprehensive cybersecurity legislation, DHS would get four senior vice president level executives for cybersecurity. But this latest proposal from the White House would change that by adopting DoD's hiring authorities.
The first source said DHS could make direct hires, set compensation rates as necessary and pay additional benefits and incentives. DHS also would establish a scholarship program for employees to pursue college or advanced degrees in cybersecurity, and it reactivates the industry-to-government and government-to-industry exchange program for cybersecurity professionals.
The authorities in the bill are similar to those the Office of Personnel Management approved for DHS in September 2009. DHS received Schedule A authorities for cyber positions.
The proposal also would give DHS a significant role in cyber-related procurements. The source said the language in the bill is "vague" about what kind of role DHS will play.
Google provision around data centers?
Additionally, the source said there is a provision toward the end of the document that could have far-reaching effects.
The provision states: "Prohibition, no law, rule, regulation or order or other administrative action of any state or political subdivision shall require a business entity to house a data center in such state or political subdivision there of as a condition to certify, licensure or approval in relating to operation of such entity."
The source said the provision means the government can't stop a company from doing business in a state, but if the state is doing a procurement, they can't tell the business to locate a data center in their state.
The provision also defines what a data center is and says the language will "promote efficiency and innovation"
The source called it the "Google provision" since the search engine giant hosts its data in centers around the world.
There are some exceptions, such as, if the data center is being used only for sate business and not shared among users across business sectors.
In addition to federal cybersecurity, the bill goes into details about cyber crime and critical infrastructure security.
For instance under cyber crime, the proposal would expand the Computer Fraud and Abuse Act to include a series of criminal offensives for cyber attacks and confidentiality abuses. It also would expand the Racketeer Influenced and Corrupt Organizations (RICO) Act to establish criminal penalties for cyber crime.
Under critical infrastructure protection, the bill lets the DHS secretary decide what is critical infrastructure, assess audit systems for cyber resilience and create an industry of third-party accreditors and evaluators to assess private sector owners and operators systems for meeting cybersecurity requirements.
The proposal also requires the development of voluntary consensus standards by industry, academic and government experts for each sector.
The bill states that owners and operators of critical infrastructure shall develop cybersecurity measures, and a senior accountable official must sign and attest to their implementation. The bill adds that form must remain on file and available for review, inspection and evaluations by third-party evaluators.
The bill continues to move through interagency review and there is no stated timetable for moving it to the Hill for formal consideration, sources say.
No comments:
Post a Comment