Author Topic: Jay Rockefeller-Evidence of Psychosis: I OWN THE INTERNET/OBAMA CAN PULL PLUG  (Read 83087 times)

0 Members and 1 Guest are viewing this topic.


  • Guest

The "Cyber Security" federalization agenda from *April 18, 2001*

Hahahahahaha, wtf.  This reads in such an effed up way now.  You can tell they couldn't wait for their black op to be able to carry this out the way they wanted.  No mention of DHS because it didn't "officially" exist.  This is just mind bowing to see this from back then, wow it is so obvious.

A Cyber National Guard
Kevin Poulsen, SecurityFocus 2001-04-18

“The National Guard is the perfect conduit between the Defense Department and the state.”

James Christy, Defense Department

The Defense Department supports a controversial Arizona cyber security plan.

Pentagon cyber security wonks are looking to the Grand Canyon State for the future of information warfare defense, thanks to a bill in the Arizona legislature that would create the country's first State Infrastructure Protection Center (SIPC).

Like its national namesake -- the FBI-housed NIPC -- the Arizona SIPC would be poised to respond to physical and cyber attacks on seven critical infrastructures: telecommunications, energy, banking, finance, transportation, water and emergency services. But it would be overseen by the state's emergency management department, and be comprised primarily of state agencies.

It would also maintain close ties to the Pentagon, which has endorsed the proposal. Under the plan, the Department of Defense would provide the SIPC with up-to-date, sanitized information on network vulnerabilities and ongoing attacks through a new Computer Emergency Response Team (CERT) established within the Arizona National Guard.

"The National Guard is the perfect conduit between the [Defense Department] and the state," says James Christy, law enforcement and counterintelligence coordinator for the Pentagon's Defense-wide Information Assurance Program, who helped draft the proposal. "The National Guard works for the state governor most of the time, but they can be federalized in times of crisis."

The Guard's quasi-federal status is key to the plan, which Christy wants to see spread to all fifty states. He argues that state-level involvement is needed to protect critical infrastructures from terrorists and foreign info-warriors. "If we were ever to see a strategic attack on the nation, what you need is somebody on the local level, and then upstream it to the national level," says Christy.

"If something happens here in the state, it could disrupt Luke Air Force Base, for example, which is here in the Arizona," agrees Representative Wes Marsh, the bill's sponsor. "The cyber impacts the physical, and that's what's so unique about the bill."

But the SIPC bill is not without critics, and an earlier version passed Arizona's House of Representatives only to be shot down in the Senate. At issue: The legislation foresees crafting the SIPC out of existing hardware and personnel, at no cost to taxpayers -- a proposition Arizona governor Jane Hull says is unrealistic.

Moreover, the bill would require the state's technology managers to promulgate a series of cyber security plans -- including use of intrusion detection systems in every government agency -- but doesn't offer any money for that effort.

"The governor has concerns because it's not funded, and it calls for the creation of fifteen different plans with no implementation strategy or funding," says Susan Patrick, strategic communications manager with Arizona's Government Information Technology Agency, the group that would be responsible for pushing the reforms. "It also calls for us to use existing resources, and we have no statewide information security specialists in our agency."

Marsh counters that the state should already be using IDS systems, and other security measures, across the board, and argues that availability of freeware programs like Snort and PGP should alleviate cost concerns. "Current statutes require them to have disaster recover and reconstitution plans," says Marsh. "Information assurance is a critical component of that."


  • Guest


Information Sharing and Analysis Center

October is National Cyber Security Awareness Month

Welcome to the MS-ISAC

The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a collaborative state and local government-focused cyber security entity that is significantly enhancing cyber threat prevention, protection, and response and recovery throughout the states of our nation.

Today's Cyber Alert Indicator:

MS-ISAC Cyber Alert Level Indicator Procedures and Protocols

On August 26, 2009, the Cyber Alert Level is being decreased from Blue (Guarded) to Green (Low) because we have not observed any security incidents related to our most recent security advisories. Organizations and users are encouraged to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.


National Cybersecurity Division

The National Cybersecurity Division (NCSD) works collaboratively with public, private and international entities to secure cyberspace and America’s cyber assets.
Strategic Objectives

To protect the cyber infrastructure, NCSD has identified two overarching objectives:

    * To build and maintain an effective national cyberspace response system
    * To implement a cyber-risk management program for protection of critical infrastructure.

Organization and Functions

NCSD works to achieve its strategic objectives through the following programs:
National Cyberspace Response System

The National Cybersecurity Division seeks to protect the critical cyber infrastructure 24 hours a day, 7 days a week.  The National Cyberspace Response System coordinates the cyber leadership, processes, and protocols that will determine when and what action(s) need to be taken as cyber incidents arise. Examples of current cyber preparedness and response programs include:

    * Cybersecurity Preparedness and the National Cyber Alert System - Cyber threats are constantly changing.  Both technical and non-technical computer users can stay prepared for these threats by receiving current information by signing up for the National Cyber Alert System.
    * US-CERT Operations - US-CERT is responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.
    * National Cyber Response Coordination Group - Made up of 13 federal agencies, this is the principal federal agency mechanism for cyber incident response. In the event of a nationally significant cyber-related incident, the NCRCG will help to coordinate the federal response, including US-CERT, law enforcement and the intelligence community.  
    * Cyber Cop Portal – Coordination with law enforcement helps capture and convict those responsible for cyber attacks.  The Cyber Cop Portal is an information sharing and collaboration tool accessed by over 5,300 investigators worldwide who are involved in electronic crimes cases.

Cyber-Risk Management Programs

Through Cyber Risk Management, the National Cybersecurity Division seeks to assess risk, prioritize resources, and execute protective measures critical to securing our cyber infrastructure. Examples of current cyber risk management programs include:

    * Cyber Exercises: Cyber Storm - Cyber Storm is a nationwide cybersecurity exercise series that takes place ever two years (February 2006, March 2008) to assess preparedness capabilities in response to a cyber incident of national significance. Cyber Storm was the Department of Homeland Security’s first cyber exercise testing response across the private sector as well as international, federal and state governments.  
    * National Outreach Awareness Month - Every October the National Cybersecurity Division coordinates with multiple states, universities and the private sector to produce National Cybersecurity Awareness month.  
    * Software Assurance Program - This program seeks to reduce software vulnerabilities, minimize exploitation, and address ways to improve the routine development and deployment of trustworthy software products. Together, these activities will enable more secure and reliable software that supports mission requirements across enterprises and the critical infrastructure.


    * Build Security In
    * National Vulnerability Database
    * OnGuard OnLine  


    * Homeland Security Presidential Directive 7


National Cybersecurity Division
Department of Homeland Security
Washington,  D. C. 20528

HSPD 7 Full Text

Homeland Security Presidential Directive-7

December 17, 2003

SUBJECT: Critical Infrastructure Identification, Prioritization, and Protection


   1. This directive establishes a national policy for Federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks.


   2. Terrorists seek to destroy, incapacitate, or exploit critical infrastructure and key resources across the United States to threaten national security, cause mass casualties, weaken our economy, and damage public morale and confidence.

   3. America's open and technologically complex society includes a wide array of critical infrastructure and key resources that are potential terrorist targets. The majority of these are owned and operated by the private sector and State or local governments. These critical infrastructures and key resources are both physical and cyber-based and span all sectors of the economy.

   4. Critical infrastructure and key resources provide the essential services that underpin American society. The Nation possesses numerous key resources, whose exploitation or destruction by terrorists could cause catastrophic health effects or mass casualties comparable to those from the use of a weapon of mass destruction, or could profoundly affect our national prestige and morale. In addition, there is critical infrastructure so vital that its incapacitation, exploitation, or destruction, through terrorist attack, could have a debilitating effect on security and economic well-being.

   5. While it is not possible to protect or eliminate the vulnerability of all critical infrastructure and key resources throughout the country, strategic improvements in security can make it more difficult for attacks to succeed and can lessen the impact of attacks that may occur. In addition to strategic security enhancements, tactical security improvements can be rapidly implemented to deter, mitigate, or neutralize potential attacks.


   6. In this directive:
         1. The term "critical infrastructure" has the meaning given to that term in section 1016(e) of the USA PATRIOT Act of 2001 (42 U.S.C. 5195c(e)).
         2. The term "key resources" has the meaning given that term in section 2(9) of the Homeland Security Act of 2002 (6 U.S.C. 101(9)).
         3. The term "the Department" means the Department of Homeland Security.
         4. The term "Federal departments and agencies" means those executive departments enumerated in 5 U.S.C. 101, and the Department of Homeland Security; independent establishments as defined by 5 U.S.C. 104(1);Government corporations as defined by 5 U.S.C. 103(1); and the United States Postal Service.
         5. The terms "State," and "local government," when used in a geographical sense, have the same meanings given to those terms in section 2 of the Homeland Security Act of 2002 (6 U.S.C. 101).
         6. The term "the Secretary" means the Secretary of Homeland Security.
         7. The term "Sector-Specific Agency" means a Federal department or agency responsible for infrastructure protection activities in a designated critical infrastructure sector or key resources category. Sector-Specific Agencies will conduct their activities under this directive in accordance with guidance provided by the Secretary.
         8. The terms "protect" and "secure" mean reducing the vulnerability of critical infrastructure or key resources in order to deter, mitigate, or neutralize terrorist attacks.


   7. It is the policy of the United States to enhance the protection of our Nation's critical infrastructure and key resources against terrorist acts that could:
         1. cause catastrophic health effects or mass casualties comparable to those from the use of a weapon of mass destruction;
         2. impair Federal departments and agencies' abilities to perform essential missions, or to ensure the public's health and safety;
         3. undermine State and local government capacities to maintain order and to deliver minimum essential public services;
         4. damage the private sector's capability to ensure the orderly functioning of the economy and delivery of essential services;
         5. have a negative effect on the economy through the cascading disruption of other critical infrastructure and key resources; or
         6. undermine the public's morale and confidence in our national economic and political institutions.

   8. Federal departments and agencies will identify, prioritize, and coordinate the protection of critical infrastructure and key resources in order to prevent, deter, and mitigate the effects of deliberate efforts to destroy, incapacitate, or exploit them. Federal departments and agencies will work with State and local governments and the private sector to accomplish this objective.

   9. Federal departments and agencies will ensure that homeland security programs do not diminish the overall economic security of the United States.

  10. Federal departments and agencies will appropriately protect information associated with carrying out this directive, including handling voluntarily provided information and information that would facilitate terrorist targeting of critical infrastructure and key resources consistent with the Homeland Security Act of 2002 and other applicable legal authorities.

  11. Federal departments and agencies shall implement this directive in a manner consistent with applicable provisions of law, including those protecting the rights of United States persons.

      Roles and Responsibilities of the Secretary

  12. In carrying out the functions assigned in the Homeland Security Act of 2002, the Secretary shall be responsible for coordinating the overall national effort to enhance the protection of the critical infrastructure and key resources of the United States. The Secretary shall serve as the principal Federal official to lead, integrate, and coordinate implementation of efforts among Federal departments and agencies, State and local governments, and the private sector to protect critical infrastructure and key resources.

  13. Consistent with this directive, the Secretary will identify, prioritize, and coordinate the protection of critical infrastructure and key resources with an emphasis on critical infrastructure and key resources that could be exploited to cause catastrophic health effects or mass casualties comparable to those from the use of a weapon of mass destruction.

  14. The Secretary will establish uniform policies, approaches, guidelines, and methodologies for integrating Federal infrastructure protection and risk management activities within and across sectors along with metrics and criteria for related programs and activities.

  15. The Secretary shall coordinate protection activities for each of the following critical infrastructure sectors: information technology; telecommunications; chemical; transportation systems, including mass transit, aviation, maritime, ground/surface, and rail and pipeline systems; emergency services; and postal and shipping. The Department shall coordinate with appropriate departments and agencies to ensure the protection of other key resources including dams, government facilities, and commercial facilities. In addition, in its role as overall cross-sector coordinator, the Department shall also evaluate the need for and coordinate the coverage of additional critical infrastructure and key resources categories over time, as appropriate.

  16. The Secretary will continue to maintain an organization to serve as a focal point for the security of cyberspace. The organization will facilitate interactions and collaborations between and among Federal departments and agencies, State and local governments, the private sector, academia and international organizations. To the extent permitted by law, Federal departments and agencies with cyber expertise, including but not limited to the Departments of Justice, Commerce, the Treasury, Defense, Energy, and State, and the Central Intelligence Agency, will collaborate with and support the organization in accomplishing its mission. The organization's mission includes analysis, warning, information sharing, vulnerability reduction, mitigation, and aiding national recovery efforts for critical infrastructure information systems. The organization will support the Department of Justice and other law enforcement agencies in their continuing missions to investigate and prosecute threats to and attacks against cyberspace, to the extent permitted by law.

  17. The Secretary will work closely with other Federal departments and agencies, State and local governments, and the private sector in accomplishing the objectives of this directive.

      Roles and Responsibilities of Sector-Specific Federal Agencies

  18. Recognizing that each infrastructure sector possesses its own unique characteristics and operating models, there are designated Sector-Specific Agencies, including:

         1. Department of Agriculture -- agriculture, food (meat, poultry, egg products);
         2. Health and Human Services -- public health, healthcare, and food (other than meat, poultry, egg products);
         3. Environmental Protection Agency -- drinking water and water treatment systems;
         4. Department of Energy -- energy, including the production refining, storage, and distribution of oil and gas, and electric power except for commercial nuclear power facilities;
         5. Department of the Treasury -- banking and finance;
         6. Department of the Interior -- national monuments and icons; and
         7. Department of Defense -- defense industrial base.

  19. In accordance with guidance provided by the Secretary, Sector-Specific Agencies shall:
         1. collaborate with all relevant Federal departments and agencies, State and local governments, and the private sector, including with key persons and entities in their infrastructure sector;
         2. conduct or facilitate vulnerability assessments of the sector; and
         3. encourage risk management strategies to protect against and mitigate the effects of attacks against critical infrastructure and key resources.

  20. Nothing in this directive alters, or impedes the ability to carry out, the authorities of the Federal departments and agencies to perform their responsibilities under law and consistent with applicable legal authorities and presidential guidance.

  21. Federal departments and agencies shall cooperate with the Department in implementing this directive, consistent with the Homeland Security Act of 2002 and other applicable legal authorities.

      Roles and Responsibilities of Other Departments, Agencies, and Offices

  22. In addition to the responsibilities given the Department and Sector-Specific Agencies, there are special functions of various Federal departments and agencies and components of the Executive Office of the President related to critical infrastructure and key resources protection.

         1. The Department of State, in conjunction with the Department, and the Departments of Justice, Commerce, Defense, the Treasury and other appropriate agencies, will work with foreign countries and international organizations to strengthen the protection of United States critical infrastructure and key resources.

         2. The Department of Justice, including the Federal Bureau of Investigation, will reduce domestic terrorist threats, and investigate and prosecute actual or attempted terrorist attacks on, sabotage of, or disruptions of critical infrastructure and key resources. The Attorney General and the Secretary shall use applicable statutory authority and attendant mechanisms for cooperation and coordination, including but not limited to those established by presidential directive.

         3. The Department of Commerce, in coordination with the Department, will work with private sector, research, academic, and government organizations to improve technology for cyber systems and promote other critical infrastructure efforts, including using its authority under the Defense Production Act to assure the timely availability of industrial products, materials, and services to meet homeland security requirements.

         4. A Critical Infrastructure Protection Policy Coordinating Committee will advise the Homeland Security Council on interagency policy related to physical and cyber infrastructure protection. This PCC will be chaired by a Federal officer or employee designated by the Assistant to the President for Homeland Security.

         5. The Office of Science and Technology Policy, in coordination with the Department, will coordinate interagency research and development to enhance the protection of critical infrastructure and key resources.

         6. The Office of Management and Budget (OMB) shall oversee the implementation of government-wide policies, principles, standards, and guidelines for Federal government computer security programs. The Director of OMB will ensure the operation of a central Federal information security incident center consistent with the requirements of the Federal Information Security Management Act of 2002.

         7. Consistent with the E-Government Act of 2002, the Chief Information Officers Council shall be the principal interagency forum for improving agency practices related to the design, acquisition, development, modernization, use, operation, sharing, and performance of information resources of Federal departments and agencies.

         8. The Department of Transportation and the Department will collaborate on all matters relating to transportation security and transportation infrastructure protection. The Department of Transportation is responsible for operating the national air space system. The Department of Transportation and the Department will collaborate in regulating the transportation of hazardous materials by all modes (including pipelines).

         9. All Federal departments and agencies shall work with the sectors relevant to their responsibilities to reduce the consequences of catastrophic failures not caused by terrorism.

  23. The heads of all Federal departments and agencies will coordinate and cooperate with the Secretary as appropriate and consistent with their own responsibilities for protecting critical infrastructure and key resources.

  24. All Federal department and agency heads are responsible for the identification, prioritization, assessment, remediation, and protection of their respective internal critical infrastructure and key resources. Consistent with the Federal Information Security Management Act of 2002, agencies will identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information.

      Coordination with the Private Sector

  25. In accordance with applicable laws or regulations, the Department and the Sector-Specific Agencies will collaborate with appropriate private sector entities and continue to encourage the development of information sharing and analysis mechanisms. Additionally, the Department and Sector-Specific Agencies shall collaborate with the private sector and continue to support sector-coordinating mechanisms:

         1. to identify, prioritize, and coordinate the protection of critical infrastructure and key resources; and
         2. to facilitate sharing of information about physical and cyber threats, vulnerabilities, incidents, potential protective measures, and best practices.

      National Special Security Events

  26. The Secretary, after consultation with the Homeland Security Council, shall be responsible for designating events as "National Special Security Events" (NSSEs). This directive supersedes language in previous presidential directives regarding the designation of NSSEs that is inconsistent herewith.


  27. Consistent with the Homeland Security Act of 2002, the Secretary shall produce a comprehensive, integrated National Plan for Critical Infrastructure and Key Resources Protection to outline national goals, objectives, milestones, and key initiatives within 1 year from the issuance of this directive. The Plan shall include, in addition to other Homeland Security-related elements as the Secretary deems appropriate, the following elements:

         1. a strategy to identify, prioritize, and coordinate the protection of critical infrastructure and key resources, including how the Department intends to work with Federal departments and agencies, State and local governments, the private sector, and foreign countries and international organizations;

         2. a summary of activities to be undertaken in order to: define and prioritize, reduce the vulnerability of, and coordinate the protection of critical infrastructure and key resources;

         3. a summary of initiatives for sharing critical infrastructure and key resources information and for providing critical infrastructure and key resources threat warning data to State and local governments and the private sector; and

         4. coordination and integration, as appropriate, with other Federal emergency management and preparedness activities including the National Response Plan and applicable national preparedness goals.

  28. The Secretary, consistent with the Homeland Security Act of 2002 and other applicable legal authorities and presidential guidance, shall establish appropriate systems, mechanisms, and procedures to share homeland security information relevant to threats and vulnerabilities in national critical infrastructure and key resources with other Federal departments and agencies, State and local governments, and the private sector in a timely manner.

  29. The Secretary will continue to work with the Nuclear Regulatory Commission and, as appropriate, the Department of Energy in order to ensure the necessary protection of:

         1. commercial nuclear reactors for generating electric power and non-power nuclear reactors used for research, testing, and training;

         2. nuclear materials in medical, industrial, and academic settings and facilities that fabricate nuclear fuel; and

         3. the transportation, storage, and disposal of nuclear materials and waste.

  30. In coordination with the Director of the Office of Science and Technology Policy, the Secretary shall prepare on an annual basis a Federal Research and Development Plan in support of this directive.

  31. The Secretary will collaborate with other appropriate Federal departments and agencies to develop a program, consistent with applicable law, to geospatially map, image, analyze, and sort critical infrastructure and key resources by utilizing commercial satellite and airborne systems, and existing capabilities within other agencies. National technical means should be considered as an option of last resort. The Secretary, with advice from the Director of Central Intelligence, the Secretaries of Defense and the Interior, and the heads of other appropriate Federal departments and agencies, shall develop mechanisms for accomplishing this initiative. The Attorney General shall provide legal advice as necessary.

  32. The Secretary will utilize existing, and develop new, capabilities as needed to model comprehensively the potential implications of terrorist exploitation of vulnerabilities in critical infrastructure and key resources, placing specific focus on densely populated areas. Agencies with relevant modeling capabilities shall cooperate with the Secretary to develop appropriate mechanisms for accomplishing this initiative.
  33. The Secretary will develop a national indications and warnings architecture for infrastructure protection and capabilities that will facilitate:
         1. an understanding of baseline infrastructure operations;
         2. the identification of indicators and precursors to an attack; and
         3. a surge capacity for detecting and analyzing patterns of potential attacks.

      In developing a national indications and warnings architecture, the Department will work with Federal, State, local, and non-governmental entities to develop an integrated view of physical and cyber infrastructure and key resources.

  34. By July 2004, the heads of all Federal departments and agencies shall develop and submit to the Director of the OMB for approval plans for protecting the physical and cyber critical infrastructure and key resources that they own or operate. These plans shall address identification, prioritization, protection, and contingency planning, including the recovery and reconstitution of essential capabilities.

  35. On an annual basis, the Sector-Specific Agencies shall report to the Secretary on their efforts to identify, prioritize, and coordinate the protection of critical infrastructure and key resources in their respective sectors. The report shall be submitted within 1 year from the issuance of this directive and on an annual basis thereafter.

  36. The Assistant to the President for Homeland Security and the Assistant to the President for National Security Affairs will lead a national security and emergency preparedness communications policy review, with the heads of the appropriate Federal departments and agencies, related to convergence and next generation architecture. Within 6 months after the issuance of this directive, the Assistant to the President for Homeland Security and the Assistant to the President for National Security Affairs shall submit for my consideration any recommended changes to such policy.

  37. This directive supersedes Presidential Decision Directive/NSC-63 of May 22, 1998 ("Critical Infrastructure Protection"), and any Presidential directives issued prior to this directive to the extent of any inconsistency. Moreover, the Assistant to the President for Homeland Security and the Assistant to the President for National Security Affairs shall jointly submit for my consideration a Presidential directive to make changes in Presidential directives issued prior to this date that conform such directives to this directive.

  38. This directive is intended only to improve the internal management of the executive branch of the Federal Government, and it is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity, against the United States, its departments, agencies, or other entities, its officers or employees, or any other person.

Offline Kilika

  • Member
  • *****
  • Posts: 8,762
  • Thank you Jesus!
"For the love of money is the root of all evil: which while some coveted after, they have erred from the faith, and pierced themselves through with many sorrows."
1 Timothy 6:10 (KJB)

Offline barndoor77

  • Member
  • *****
  • Posts: 1,026
Bill would give president emergency control of Internet
« Reply #83 on: August 30, 2009, 10:05:57 am »
Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.

They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft of S.773 (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.

The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

"I think the redraft, while improved, remains troubling due to its vagueness," said Larry Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board. "It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill."

Representatives of other large Internet and telecommunications companies expressed concerns about the bill in a teleconference with Rockefeller's aides this week, but were not immediately available for interviews on Thursday.

A spokesman for Rockefeller also declined to comment on the record Thursday, saying that many people were unavailable because of the summer recess. A Senate source familiar with the bill compared the president's power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.

When Rockefeller, the chairman of the Senate Commerce committee, and Olympia Snowe (R-Maine) introduced the original bill in April, they claimed it was vital to protect national cybersecurity. "We must protect our critical infrastructure at all costs--from our water to our electricity, to banking, traffic lights and electronic health records," Rockefeller said.

Offline barndoor77

  • Member
  • *****
  • Posts: 1,026
Re: Bill would give president emergency control of Internet
« Reply #84 on: August 30, 2009, 10:07:46 am »
Um Results 101, which forums and servers do you think would be disconnected first.... 

I would guesstimate they would just declare an 'ongoing emergency against our democratic freedoms' double speak kind of thing, then just shut down computers and servers at will as they pop up.  Prisonplanet must damn near be the first on their list!

Offline barndoor77

  • Member
  • *****
  • Posts: 1,026
Re: Bill would give president emergency control of Internet
« Reply #85 on: August 30, 2009, 10:13:30 am »
Anyways the complete draft is found here:

Offline barndoor77

  • Member
  • *****
  • Posts: 1,026
Re: Bill would give president emergency control of Internet
« Reply #86 on: August 30, 2009, 10:21:07 am »
This bill is a power grabbing bill on roids!

Read some of its excerpts:

100% SPY (Strangely under the Department of Commerce?!)

(b) FUNCTIONS- The Secretary of Commerce--

(1) shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access;

(2) shall manage the sharing of Federal Government and other critical infrastructure threat and vulnerability information between the Federal Government and the persons primarily responsible for the operation and maintenance of the networks concerned; and

(3) shall report regularly to the Congress on threat information held by the Federal Government that is not shared with the persons primarily responsible for the operation and maintenance of the networks concerned.

Strangely the bill starts with a pile of cyber expert quotes, and keep referencing over and over again that a 'cyber attack' on a financial institution would cause an event larger than 911.

Is this guy stupidly just revealed how they plan to start the financial collapse before heading towards financial 'martial law' via a 'attack on the internet.

A Strangely Prophetic Bill

Offline lavosslayer

  • Member
  • *****
  • Posts: 774
  • This is what happens after cats watch Obama...
Re: Bill would give president emergency control of Internet
« Reply #87 on: August 30, 2009, 10:24:02 am »
Not to dissuade you from posting but this topic has been posted in another thread that is stickied at the top of this forum
"Those who would trade freedom for security deserve neither" -- Benjamin Franklin

Offline Kilika

  • Member
  • *****
  • Posts: 8,762
  • Thank you Jesus!
These clowns think they are justified by getting unconstitutional legislation passed. Once the laws are in place, they use them at their descretion. Just like the Bush thing was they believe in "Unitary Executive Theory" to justify their actions. Doesn't mean it will hold up legally if challenged, but the key is "if challenged". Congress hasn't been challenging the Executive Branch, and Pelosi has been the Executive Branch's biggest supporter, including her single-handedly taking impeachment "off the table".

Their "loophole" or justification, is that cybercrime does happen, even though some of it is directed by government itself, and they have the attitude that government must protect the people because the people, they claim, aren't able to care for themselves in an emergancy or any time for that matter.
"For the love of money is the root of all evil: which while some coveted after, they have erred from the faith, and pierced themselves through with many sorrows."
1 Timothy 6:10 (KJB)

Offline The_lizard

  • Member
  • ****
  • Posts: 431
  • The Thread Killer
Man, i wish someone had the balls to arrest these Rockefeller's. The whole family should be arrested and tried for treason. I think there is more than enough evidence by now.

Offline adissenter2

  • Member
  • *****
  • Posts: 2,044
  • Revolt Time
Bill would give president emergency control of Internet
« Reply #90 on: August 30, 2009, 05:11:47 pm »
Bill would give president emergency control of Internet

who is Larry Clinton from Internet Security Alliance?
ΜΟΛΩΝ ΛΑΒΕ! Molon Labe! Come and take them!


  • Guest
Re: Fmr Northcom CIO/Harris Corp-builds Cyber Architecture FOR NRO/FAA/Gov
« Reply #91 on: August 30, 2009, 07:57:25 pm »

A highly sought thought leader and trusted mission partner capable of delivering leading edge solutions today that will shape the future of cyberspace.

For more Information about Cyber and Information Assurance contact us at [email protected].

"Cyberspace is the global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, and computer systems. It is indispensable to modern society, underpinning every economic sector of the world. It is hard to overstate cyberspace's importance, its ubiquity, and its impact to national security, banking, manufacturing, goods and services, energy, air traffic control, medical care, food supply, knowledge, and life's ordinary routines." (Dale Meyerrose is vice president and general manager of Cyber Programs for Harris Corporation.)

Trusted with securing the nation's most important national information assets, Cyberspace is the global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, and computer systems. It is indispensable to modern society, underpinning every economic sector of the world. It is hard to overstate cyberspace's importance, its ubiquity, and its impact to national security, banking, manufacturing, goods and services, energy, air traffic control, medical care, food supply, knowledge, and life's ordinary routines.

Harris Corporation, a world leader in cyber and information assurance (IA), has been defining, building, and operating secure networks supporting nationally important programs that incorporate state-of-the-art technology for decades.

We understand that mission success requires building information assurance and high availability into everything we do—from networks for customers like the Federal Aviation Administration and the Department of Health and Human Services, to architecting solutions that circumvent cyber attack and assure Department of Defense mission success. Backed by hundreds of professionals, our technology countermeasures and monitoring capabilities proactively safeguard vital information assets supporting the critical missions of U.S. military, intelligence, transportation, and commerce customers.

Harris supports the full spectrum of cyberspace operations, architecting and providing the tools, infrastructure elements, and tailored mission management capabilities required to ensure that the cyber lifeblood of our customers' enterprises continue to support their missions.

The company architected, built, and currently operates three of the largest secure networks that carry vital information for the U.S. government, including the FAA Telecommunications Infrastructure (FTI), the National Reconnaissance Office (NRO) Patriot network, and the Navy and Marine Corps Intranet (NMCI).

Key capabilities

    * Encryption and crypto management
    * Secure communications
    * Security architecting and systems engineering
    * Reverse engineering and vulnerability identification
    * Cross-domain solutions
    * Certification and accreditation
    * Mission management
    * Large-scale network security design, management, and operations

Key programs and products

    * FAA Telecommunications Infrastructure (FTI): Secure, integrated FAA network to providing 20,000 services and supporting FAA operations at more than 4,000 locations nationwide.

    * NRO Patriot: Secure operations maintenance for NRO's global space and ground information system network.

    * NMCI: Providing the U.S. Navy with integration, infrastructure, and operations and maintenance support for the largest government-managed services contract.

    * Current products include the Sierra™ II embeddable encryption devices, the SecNet® line of secure wireless networking products, in-line encryptors, through secure military broadband networking and software-defined radios.

    * Developed advanced analysis and resource management systems for use in cyber operations by the National Security Agency. Other legacy work includes 50 complex secure systems architectures; 20 multilevel, cross-domain integrations; and accreditation to DoD, Intelligence Community, and federal civilian agency standards (DITSCAP, DIACAP, and FISMA (800-53)).

    * Established the Harris Institute for Assured Information in partnership with Florida Institute of Technology (FIT). Research includes work in advanced intrusion detection techniques and vulnerability assessment, fostering retention/creation of high-tech, national security jobs for America.

Policy change also helps change behavior
Download mp3

By Jason Miller
Executive Editor

The Office of the Director for National Intelligence is making it easier to use Intellipedia, the wiki for the federal intelligence community.

Alex Voultepsis, ODNI's chief of the enterprise services division, says Intellipedia now offers an editing tool to make posting information much easier.

ODNI launched the WYSIWYG (what you see is what you get) tool March 8 after adopting it from a commercial version.

This example of bringing in a commercial tool instead of developing it on its own is part of a broader effort going on across the intelligence agency. To change the culture to make information sharing a standard business practice, intelligence agencies are adopting commercial tools and reworking policies to speed up how fast the behavior changes.

"If it's good, people will use it on their own and you don't have to force them to use it," says Michael Kennedy, ODNI's director of the enterprise solutions during a panel discussion March 9 sponsored by AFFIRM at the FOSE tradeshow in Washington. "I think we are doing that."

And ODNI is changing its policies to address this new environment.

Former DNI Mike McConnell signed out a new information sharing policy Jan. 21 before he left office. This policy is part of a long-term effort to improve how the intelligence community shares data.

Dale Meyerrose, the former ODNI chief information officer and information sharing executive, says the policy makes allowances for behavior changes, but it doesn't change behavior.

"The intelligence community has to grow into the policy," says Meyerrose, now vice president and general manager for cyber and information assurance for Harris Corp. "It tries to make information more transparent by detailing how users make information available and how people can access and use it."

Meyerrose says the youth movement inside the intelligence agencies combined with the push from former director McConnell is really changing the behavior.

"As the intelligence community CIO, anytime I wanted to talk about Web 2.0 or a new level of technology, I literally had a few thousand folks eagerly try to pull it along," he says. "Early adopters by-and-large outnumber us folks who you may label as technology immigrants or aliens. The intelligence community is youthful and that has been helpful to better serve technology."

He adds about 60 percent of the intelligence employees have been in their jobs less than 10 years, and many are under 40-years-old.

The new policy sets up expectations for behavior. For instance, it says each specific area must name collection stewards and analysts production stewards. These are senior people who will over see specific types of collections or analyses. The policy says these people will be responsible for making information accessible to the correct people based on a set of roles and responsibilities.

"Information sharing is about creating the right outcomes," Meyerrose says. "It's about making intelligence better. It's about making people more effective at doing their jobs. Its about economy and efficiency as in once we capture or learn information we don't have to pay to capture or relearn it again."

The policy says "stewards shall make disseminated analytic products discoverable by, and to the extent possible, available to authorized personnel by automated means as soon as possible, but no later than June 1."

By Oct. 1, the deputy director of national intelligence for policy, plans and requirements will see how well the intelligence community has complied with this policy.

Meyerrose says there is plenty of time to come into compliance because the community isn't starting from scratch.

He points to the data standards, the information sharing strategy and several other steps the previous administration took, and many of those steps are showing a lot of promise. John Hale, ODNI's chief of service delivery, says there are 92 million documents that users search more than 2 million times a month on the content discovery tool on the enterprise services tools for the intelligence community.

Hale says more than 4,000 users send more than 2 million e-mail messages a week, and about 19,000 users send more than 5 million instant messages a day.

Voultepsis says there now are more than 813,000 pages on Intellipedia and more than 411,000 documents and images on Intellink.

"We don't know where the next great tool will come from or what will it be," Kennedy says. "Some take off and some do not. The tools we all use at home could be the tools of the future. They must be protected, but usable."

Kennedy says all of these tools let analysts get an idea of what is going on within minutes in a way that would have take hours or days before.

Hale says his office is working on four areas to improve its services to users:

    * Enterprise search;

    * Deploying Intelligence Community Connect tool using Adobe connect;

    * Deploying Microsoft SharePoint as an enterprise services;

    * Implementing back up and disaster recovery.


On the Web:

FederalNewsRadio - A-Space for us...

FederalNewsRadio - Employees to be measured on information sharing

FederalNewsRadio - Cybersecurity near top of DNI concerns

ODNI - Information Sharing policy (pdf)     


  • Guest
This is going to look like shit with the text formatting but I cannot make it any better and there is no way in hell that I have time to manually fix the sentences and paragraph spacing:

Order Code RL33123

CRS Report for Congress
Received through the CRS Web

Terrorist Capabilities for Cyberattack:
Overview and Policy Issues

Updated January 22, 2007

John Rollins
Specialist in Terrorism and International Crime
Foreign Affairs, Defense, and Trade Division

Clay Wilson
Specialist in Technology and National Security
Foreign Affairs, Defense, and Trade Division

Congressional Research Service ˜ The Library of Congress
Terrorist Capabilities for Cyberattack:
Overview and Policy Issues

Terrorist’s use of the internet and other telecommunications devices is growing both in terms of reliance for supporting organizational activities and for gaining expertise to achieve operational goals. Tighter physical and border security may also encourage terrorists and extremists to try to use other types of weapons to attack the United States.  Persistent Internet and computer security vulnerabilities, which have been widely publicized, may gradually encourage terrorists to continue to enhance their computer skills, or develop alliances with criminal organizations and consider attempting a cyberattack against the U.S. critical infrastructure.  

Cybercrime has increased dramatically in past years, and several recent terrorist events appear to have been funded partially through online credit card fraud.  Reports indicate that terrorists and extremists in the Middle East and South Asia may be increasingly collaborating with cybercriminals for the international movement of money, and for the smuggling of arms and illegal drugs.  These links with hackers and cybercriminals may be examples of the terrorists’ desire to continue to refine their computer skills, and the relationships forged through collaborative drug trafficking efforts may also provide terrorists with access to highly skilled computer programmers.  The July 2005 subway and bus bombings in England also indicate that extremists and their sympathizers may already be embedded in societies with a large information technology workforce.

The United States and international community have taken steps to coordinate laws to prevent cybercrime, but if trends continue computer attacks will become more numerous, faster, and more sophisticated.  In addition, a recent report by the Government Accountability Office states that, in the future, U.S. government agencies may not be able to respond effectively to such attacks.  

This report examines possible terrorists’ objectives and computer vulnerabilities that might lead to an attempted cyberattack against the critical infrastructure of the U.S. homeland, and also discusses the emerging computer and other technical skills of terrorists and extremists.  Policy issues include exploring ways to improve technology for cybersecurity, or whether U.S. counterterrorism efforts should be linked more closely to international efforts to prevent cybercrime.
This report will be updated as events warrant.


Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
When  is  Cyberattack  Considered  Cyberterrorism? . . . . . . . . . . . . . . . . . . . . 3
Objectives  for  a  Cyberattack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Persistent Computer Security Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . 5
U.S.  Government  Cybersecurity    Efforts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Department  of  Homeland  Security  (DHS) . . . . . . . . . . . . . . . . . . . . . . . 7
Department  of  Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
FBI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
NSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
CIA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Inter-Agency  Forums . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Changing Concerns about Cyberattack, 2001-2006 . . . . . . . . . . . . . . . . . . . . 9
Inconsistent Reporting of Terrorists’ Cyber Activities . . . . . . . . . . . . . . . . 11
Technical Skills of Terrorists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Cyberterrorism Capability of State Sponsors of Terrorism . . . . . . . . . . . . . 15
Trends  in  Cyberterrorism  and  Cybercrime . . . . . . . . . . . . . . . . . . . . . . . . . . 16
The  Insider  Threat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Links  Between  Terrorism  and  Cybercrime . . . . . . . . . . . . . . . . . . . . . . . . . 19
International  Efforts  to  Prevent  Cybercrime . . . . . . . . . . . . . . . . . . . . . . . . 21
Analysis  and  Policy  Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Related  Legislation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Terrorist Capabilities for Cyberattack:
Overview and Policy Issues


Often it is very difficult to determine if a cyber attack or intrusion is the work of a terrorist organization with the objective of doing harm, or a cyber criminal who wishes to steal information for purposes of monetary gain. Just as terrorists and violent extremists often rely on exploiting vulnerabilities of targets seen as soft and easy to access to support possible future cyber attacks, cyber criminals exploit these same vulnerabilities to gain access to information that may lead to monetary gain.  Implementation of a stronger policy for domestic physical security has reduced the risk to some targets that may have previously been vulnerable to physical attacks.  Also, it is suggested by numerous experts that terrorists may be enhancing their computer skills or forming alliances with cybercriminals that possess a high-level of telecommunications expertise.  In addition, continuing publicity about Internet computer security vulnerabilities may encourage terrorists’ interest in attempting a possible computer network attack, or cyberattack, against U.S. critical infrastructure.

To date, the Federal Bureau of Investigation (FBI) reports that cyberattacks
attributed to terrorists have largely been limited to unsophisticated efforts such as
email bombing of ideological foes, or defacing of websites.  However, it says their
increasing technical competency is resulting in an emerging capability for network-
based attacks.  The FBI has predicted that terrorists will either develop or hire
hackers for the purpose of complimenting large conventional attacks with
cyberattacks.1  Recently, during the Annual Threat Assessment, FBI Director Mueller
observed that “terrorists increasingly use the internet to communicate, conduct
operational planning, proselytize, recruit, train and to obtain logistical and financial
support. That is a growing and increasing concern for us.”2
IBM has reported that, during the first half of 2005, criminal-driven computer
security attacks increased by 50 percent, with government agencies and industries in
the United States targeted most frequently.3  Cybercrime is now a major criminal

1 Keith Lourdeau, FBI Deputy Assistant Director, testimony before the U.S. Senate Judiciary Subcommittee on Terrorism, Technology, and Homeland Security, February 24, 2004.  2 Robert Mueller, FBI Director, testimony before the Senate Select Committee on Intelligence, January 11, 2007.
3 IBM Press Release, Government, financial services and manufacturing sectors top targets
o f   s e c u r i t y   a t t a c k s   i n   f i r s t   h a l f   o f   2 0 0 5 ,   A u g u s t   2 ,   2 0 0 5 ,
activity, and it may become increasingly difficult to separate some forms of
cybercrime from suspected terrorist activities.  For example, in a recent report from
the House Homeland Security Committee, FBI officials indicated that extremists
have used identity theft and credit card fraud to support recent terrorist activities by
Al Qaeda cells.4  Also, according to press reports Indonesian police officials believe
the 2002 terrorist bombings in Bali were partially financed through online credit card
This report reviews publications and government reports to explore the following:  (1) examples of  vulnerabilities that may raise the level of interest that terrorists might have in attempting a coordinated cyberattack;  (2) effects of the War on Terror that are driving terrorists to use the Internet more; (3) inconsistent reporting about terrorists’ cyber activities; and  (4)  ways that terrorists may be improving their cyber skills.

Distinctions between crime, terrorism, and war tend to blur when attempting to describe a computer network attack (CNA) in ways that parallel the physical world.  For example, if a nation state were to secretly sponsor non-state actors who initiate a CNA to support terrorist activities or to create economic disruption, the distinction between cybercrime and cyberwar becomes less clear.  Because it is difficult to tell from where a cyberattack originates, an attacker may direct suspicion toward an innocent third party.  Likewise, the interactions between terrorists and criminals who use computer technology may sometimes blur the distinction between cybercrime and cyberterrorism.  It also may be the case that individuals providing computer expertise to a criminal or terrorist may not be aware of the intentions of the individual that requested the support. So far, it remains difficult to determine the sources responsible for most of the annoying, yet increasingly sophisticated attacks that plague the Internet.  Given the difficulty in determining the originator of the cyber intrusions or attacks, some argue that unlike responding to traditional criminal acts, the focus should be on the act rather than the perpetrator and the threshold for launching defensive and offensive actions should be lowered.

3 (...continued)
[].  4 According to FBI officials, Al Qaeda terrorist cells in Spain used stolen credit card information to make numerous purchases.  Also, the FBI has recorded more than 9.3 million Americans as victims of identity theft in a 12-month period; June, 2005.  Report by the Democratic Staff of the House Homeland Security Committee, Identity Theft and Terrorism, July 1, 2005, p. 10.
5 Alan Sipress, “An Indonesian’s Prison Memoir Takes Holy War Into Cyberspace,” Washington Post, December 14, 2004, p. A19.

The Internet is now used as a prime recruiting tool for insurgents in Iraq.6
Insurgents have created many Arabic-language websites that are said to contain
coded plans for new attacks.  Some reportedly give advice on how to build and
operate weapons, and how to pass through border checkpoints.7   Other news articles
report that a younger generation of terrorists and extremists, such as those behind the
July 2005 bombings in London, are learning new technical skills to help them avoid
detection by law enforcement computer technology.8
When is Cyberattack Considered Cyberterrorism?
Some observers feel that the term “Cyberterrorism” is inappropriate, because a widespread cyberattack may simply produce annoyances, not terror, as would a bomb, or other chemical, biological, radiological, or nuclear explosive (CBRN) weapon.  However, others believe that the effects of a widespread computer network attack would be unpredictable and might cause enough economic disruption, fear, and civilian deaths, to qualify as terrorism.  At least two views exist for defining the term Cyberterrorism:

!   Effects-based:  Cyberterrorism exists when computer attacks result in effects that are disruptive enough to generate fear comparable to a traditional act of terrorism, even if done by criminals.
!   Intent-based:  Cyberterrorism exists when unlawful or politically
motivated computer attacks are done to intimidate or coerce a
government or people to further a political objective, or to cause
grave harm or severe economic damage.9
Objectives for a Cyberattack
The Internet, whether accessed by a desktop computer or the many available handheld devices, is the medium through which a cyberattack would be delivered.
However, for a targeted attack10 to be successful, the attackers usually require that the
network itself remain more or less intact, unless the attackers assess that the
perceived gains from shutting down the network would offset the accompanying loss
of communication.  A targeted cyberattack could be effective if directed against a

6 Jonathan Curiel, “TERROR.COM: Iraq’s tech-savvy insurgents are finding supporters and luring suicide-bomber recruits over the Internet,” San Francisco Chronicle, July 10, 2005, [].
7   Jonathan Curiel, “Iraq’s tech-savvy insurgents are finding supporters and luring suicide-bomber recruits over the Internet,” San Francisco Chronicle, July 10, 2005, p. A.01.
8   Michael Evans and Daniel McGrory, “Terrorists Trained in Western Methods Will Leave
Few Clues,” London Times, July 12, 2005.
9 For a more in-depth discussion of the definition of cyberterrorism, see CRS Report RL32114, Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress, by Clay Wilson.
10 A targeted attack is one where the attacker is intentionally attempting to gain access to or disrupt a specific target. This is in contrast to a random attack where the attacker seeks access to or disrupt any target that appears vulnerable.
portion of the U.S. critical infrastructure, and if timed to amplify the effects of a
simultaneous conventional physical or chemical, biological, nuclear, or radiological
(CBRN) terrorist attack.  The objectives of a cyberattack include the following four
1.   Loss of integrity, such that information could be modified improperly;
2.   Loss of availability, where mission critical information systems are rendered unavailable to authorized users;
3.   Loss of confidentiality, where critical information is disclosed to unauthorized users; and,
4.   Physical destruction, where information systems create actual physical harm through commands that cause deliberate malfunctions.  

According to Richard Clarke, former Administration Counter Terrorism Advisor and National Security Advisor, if terrorists were to launch a widespread cyberattack against the United States, the economy would be the intended target for disruption, while death and destruction might be considered collateral damage.12  Many security experts also agree that a cyberattack would be most effective if it were used to amplify a conventional bombing or CBRN attack. Such a scenario might include attempting to disrupt 911 call centers simultaneous with the detonating of an explosives devices. This type of example is usually contrasted to a widespread, coordinated cyberattack, unaccompanied by a physical attack, that would  technically be very difficult to orchestrate and unlikely be effective in furthering terrorists’ goals.
Because such an attack cannot directly cause death and destruction, this may explain
why there is no evidence that terrorist groups have undertaken a significant cyber
attack.13  However, other observers say that, because of interdependencies among
infrastructure sectors, a large-scale cyberattack that affected one sector could also
have disruptive, unpredictable, and perhaps devastating effects on other sectors, and
possibly long-lasting effects to the economy.  These observers assert Al Qaeda and
associated terrorist groups are becoming more technically sophisticated, and years of

11 U.S. Army Training and Doctrine Command, Cyber Operations and Cyber Terrorism, Handbook No. 1.02, August 15, 2005, p.II-1 and II-3 12 Kevin Rademacher reporting remarks of Richard Clarke at CardTech/SecurTech security conference April 2005, “Clarke: ID Theft Prevention Tied to Anti-terrorism Efforts,” Las Vegas Sun, April 13, 2005, at [ apr/13/518595803.html].
13 Joris Evers, “Does Cyberterrorism Pose a True Threat?,” PCWorld, March 14, 2003, at [,aid,109819,00.asp].  Joris Evers, reporting remarks by Bruce Schneier at CeBIT technology trade show in March 2003, “Cyberterror Threat Overblown,”   Computerworld, March 14, 2003, at [http://www.computeworld,com/ printthis/2003/0,4814,79368,00.html].  Gabriel Weimann, Special Report - Cyberterrorism:
How Real is the Threat?, United States Institute of Peace, Washington, D.C., May 2004.  Dan Ilett reporting remarks of Richard Clarke at the Oxford University Internet Institute in February 2005, Clarke joins latest cyberterror debate, ZDNet UK, February 11, 2005, at [].

publicity about computer security weaknesses has made them aware that the U.S.
economy could be vulnerable to a coordinated cyberattack.14
Publicity would be also one of the primary objectives for a terrorist attack.  Extensive coverage has been given to the vulnerability of the U.S. information infrastructure and to the potential harm that could be caused by a cyberattack. This might lead terrorists to feel that even a marginally successful cyberattack directed at the United States may garner considerable publicity.15  Some suggest that were such a cyber attack by a terrorist organization to occur and become known to the general public, regardless of the level of success of the attack, concern by many citizens may lead to widespread withdrawal of funds and selling of equities.
Persistent Computer Security Vulnerabilities
At the July 2005 Black Hat computer security conference (a private sector
sponsored annual meeting of organizations focused on cyber-security technology and
related issues) Las Vegas, a security expert demonstrated an exploit of what many
consider to be a significant Internet security flaw, by showing how the most
commonly used Internet routers; the computer’s device that forwards data to a
desired destination, could quickly be hacked.16  This router vulnerability could allow
an attacker to disrupt selected portions of the Internet, or even target specific groups
of banks or power stations.17  Security expert Bruce Schneier, a recent critic of the
idea of cyberterrorism, reportedly agreed that the router flaw was a “major” Internet
security vulnerability, and could allow criminals to steal identity information, or
otherwise attack networks.  The company released in April 2005 a software patch to
fix the problem, but over the following four months, had apparently not notified its
customers and government agencies, including DHS, about the seriousness of the

14 Dan Verton, Black Ice: The Invisible Threat of Cyber-Terrorism, McGraw-Hill, 2003, p. 110.  Keith Lourdeau, Deputy Assistant Director of the FBI Cyber Division, testimony before the Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security, February 24, 2004.  Ryan Naraine reporting remarks of Roger Cressey at Infosec World 2005,  Cyber-Terrorism Analyst Warns Against Complacency,, April 4, 2005, at [,1759,1782288,00.asp].  15 The Electronic Intrusion Threat to National Security and Emergency Preparedness (NS/EP) Internet Communications, Office of the Manager, National Communications System,   December   2000, p.31,   at   [ ic_intrusion_threat2000_final2.pdf].
16 Amy Storer, Update: IPv6 risks may outweigh benefits,, July 29, 2005,   at [,289142,sid14_ gci1112459,00.html?track=NL-358&ad=525032USCA].
17 Victor Garza, Security researcher cause furor by releasing flaw in Cisco Systems IOS,,   July 28,   2005,   at   [ ginalContent/0,289142,sid14_gci1111389,00.html].
18 Justin Rood, Cisco Failed to Alert DHS, Other Agencies About Software Security Flaw, CQ Homeland Security, August 2, 2005, at [ o?docid=1810432&sourcetype=31&binderName=news-all].

The United States may provide ample economic targets vulnerable to cyberattack, thus tempting terrorist groups to increase their cyber skills.19  A February 2005 report by the President’s Information Technology Committee (PITAC) stated that the information technology infrastructure of the United States, which is vital for communication, commerce, and control of the physical infrastructure, is highly vulnerable to terrorist and criminal attacks.  The report also found that the private sector has an important role in protecting national security by deploying sound security products, and by adopting good security practices.20  However, a recent survey of 136,000 PCs used in 251 commercial businesses in North America found that a major security software patch, known as SP2, was installed on only nine percent of the systems, despite the fact that Microsoft advertized the importance of installing the security patch one year ago.  The remaining 91 percent of commercial businesses surveyed will continue to be exposed to major security threats until they deploy the software patch throughout their organizations.21  This may bring into question the extent to which the private sector will self-protect without greater incentive.

Several recent studies by global computer security firms found that the highest
rates for computer attack activity were directed against critical infrastructures, such
as government, financial services, manufacturing, and power.  These reports also
show that the United States is the most highly targeted nation for computer attacks;
during the first half of 2005, United States computer systems were attacked at a rate
10 times higher than the next most highly targeted nation, China (see section titled
“Trends in Cybercrime,” below).22  U.S. federal agencies have come under criticism
in past years for the effectiveness of their computer security programs.23  Further, a
May 2005 report by the Government Accountability Office (GAO) stated that

19 Dan Verton, Black Ice: The Invisible Threat of Cyber-Terrorism, McGraw-Hill, 2003, p. 110.  (Hereafter cited as Verton, Black Ice.)
20 The President’s Information Technology Advisory Committee, Cyber Security: A Crisis of Prioritization, Report to the   President,   February 2005,   p.   25, [].  21 John Foley, “Businesses Slow to Deploy Windows XP SP2,” Information Week, April 26, 2005, p. 26.
22 IBM News,   Report Finds Online Attacks Shift Toward Profit, August 2, 2005, at [].  Symantec Press Release, Symantec Internet Security Threat Report Highlights Rise In Threats To Confidential Information, March 21, 2005, at [].  23 Based on 2002 data submitted by federal agencies to the White House Office of Management and Budget,  GAO noted, in testimony before the House Committee on Government Reform (GAO-03-564T, April 8, 2003), that all 24 agencies continue to have “significant information security weaknesses that place a broad array of federal operations and assets at risk of fraud, misuse, and disruption.”  Christopher Lee, November 20, 2002, Agencies Fail Cyber Test: Report Notes ‘Significant Weaknesses’ in Computer Security, at []
because of the growing sophistication of malicious code on the Internet, the federal
government may increasingly be limited in its ability to respond to cyber threats.24

U.S. Government Cybersecurity  Efforts
Many U.S. federal government departments and agencies have responsibilities and have established programs to address various aspects of cyber-security. Some would argue that this level of federal effort demonstrates the government’s view as recognizing cyber-security as a national priority. Others see the many organizations and programs as unnecessarily duplicative with the Nation lacking a coherent strategy for understanding the true cyber security threat or the roles and responsibilities of each federal government organization.

Department of Homeland Security (DHS).  Some homeland security experts are concerned that the establishment of DHS has delayed federal government cyber security efforts significantly. It is suggested that during a time when the terrorists appear to be growing more reliant on the internet and gaining valuable expertise and experience, DHS, the lead federal agency responsible for cyber-security, has not progressed to meet the challenges that might lie ahead. Others cite the difficulty of ascertaining the intentions, origination, and groups behind cyber-intrusions and attacks as a reason for DHS and the federal government’s lack of progress.   In February, 2006, DHS participated in and sponsored exercise Cyber Storm which tested the ability of the U.S. government, international partners, and the private sector to recognize, disrupt, and respond to a large-scale cyber attack.  Analysis of the exercise produced eight major findings to better position the United States to “enhance the nation’s cyber preparedness and response capabilities.”25 While many were pleased that DHS conducted this exercise and recognized areas for improvement, other homeland security observers found the findings to be an acknowledgment of the work that has not been accomplished since the establishment of the Department.

Department of Defense.  In August 2005, DOD Directive 3020.40, the
“Defense Critical Infrastructure Program,” assigned functional responsibility within
DOD for coordinating with public and private sector services for protection of
defense critical infrastructures from terrorist attacks, including cyberattack.26  DOD
also announced the formation of the Joint Functional Component Command for
Network Warfare (JFCCNW) which has responsibility for defending all DOD

24 GAO,   Information Security; Emerging Cybersecurity Issues Threaten Federal Information Systems, report 05-231, May 2005.
25 DHS, DHS Releases Cyber Storm Public Exercise Report, September 13, 2006 []. The eight cyber-security enhancement findings addressed: Interagency Coordination, Contingency Planning, Risk Assessment and Roles and Responsibilities, Correlation of Multiple Incidents between Public and Private Sectors, Exercise Program, Coordination between Entities of Cyber Incidents, Common Framework for Response to Information Access, Strategic Communications and Public Relations, and Improvement of Process, Tools and Technology.  26 The Defense Critical Infrastructure is defined as those DOD and non-DOD networked assets essential to project, support, and sustain military forces and operations worldwide.
computer systems.  The expertise and tools used in this mission are for both offensive
and defensive operations.27
FBI.  The FBI Computer Intrusion program provides administrative and operational support and guidance to field offices investigating computer intrusions.
A Special Technologies and Applications program supports FBI counterterrorism
computer intrusion  investigations, and the FBI Cyber International Investigative
program conducts international investigations through coordination with FBI
Headquarters Office of International Operations and foreign law enforcement

NSA.  The National Security Agency (NSA) has created the National Centers
of Academic Excellence in Information Assurance Education (CAEIAE) Program,
which is intended to reduce vulnerability of national information infrastructure by
promoting higher education in information assurance (IA), and by producing more
professionals with IA expertise.  The NSA and the Department of Homeland Security
(DHS) in support of the President’s National Strategy to Secure Cyberspace,
established in February 2003, now jointly sponsor the program.  Under this program,
four-year colleges and graduate-level universities are eligible to apply to be
designated as a National Center of Academic Excellence in Information Assurance
Education (CAEIAE).  Students attending CAEIAE schools are eligible to apply for
scholarships and grants through the Department of Defense Information Assurance
Scholarship Program and the Federal Cyber Service Scholarship for Service Program
CIA.  The CIA Information Operations Center, which evaluates threats to U.S.
computer systems from foreign governments, criminal organizations and hackers,
conducted a cybersecurity exercise in 2005 called “Silent Horizon” to see how
government and industry could react to Internet based attacks.  One problem the CIA
wanted to examine was who would actually deal with a major cyberwar attack. In
theory, the government is in charge, but in practice, the defenses are controlled by a
number of civilian telecommunications firms.  The simulated cyber attacks were set
five years into the future.  The stated premise of the exercise was that cyberspace
would see the same level of devastation as the 9/11 hijackings.30
An earlier cyberterrorism exercise called “Livewire” concluded there were
serious questions over government’s role during a cyberattack depending on who was
identified as the culprit — terrorists, a foreign government, or bored teenagers.  It

27 John Lasker, “U.S. Military’s Elite Hacker Crew,”   Wired News, April 18, 2005, [,1294,67223,00.html].  28  Keith Lourdeau, testimony before the Senate Judiciary Subcommittee on Terrorism, Technology, and Homeland Security, February 24, 2004,  [ congress04/lourdeau022404.htm].
29 National Security Agency,  [].  30 Ted Bridis, “‘Silent Horizon’ war games wrap up for the CIA,” USA Today, May 26, 2005,  [].
also questioned whether the U.S. government would be able to detect the early stages of such an attack without significant help from private technology companies.

Inter-Agency Forums.  To improve cybersecurity for federal agencies and
the critical infrastructure, the Office of Management and Budget (OMB) has created
a task force to investigate how agencies can better coordinate cybersecurity functions
such as training, incident response, disaster recovery, and contingency planning.  The
U.S. Department of Homeland Security has also created a new National Cyber
Security Division that will focus on reducing vulnerabilities in the government’s
computing networks, and in the private sector to help protect the critical

Many security vendors agree that to combat cybercrime more effectively, it must be treated as a global problem.  Some of these security vendors have created their own independent advance-warning systems for their customers through linking proprietary security equipment into global networks that share information collected by their distributed customer base.  One example is an early-warning cyber-security intrusion program that’s composed of a global network of 19,000 firewall and intrusion-detection devices maintained by thousands of volunteer data partners.  This early intrusion system correlates global data to detect the start of a possible swarming Internet attack originating simultaneously in different parts of the world, and notifies administrators to help them defend their systems when targeted.32  A similar public/private partnership security warning program was created through the Cyber Incident Detection Data Analysis Center (CIDDAC).33  In 2005, CIDDAC will install special sensors on the networks of participating partner companies to automatically detect cyberattacks and notify administrators and law enforcement.
Changing Concerns about Cyberattack, 2001-2006
Following the September 11 attacks, public concerns were high about the threat
of a possible follow-on cyberattack from terrorist groups.34  Subsequently, there has
been disagreement among security experts about (1) whether such an attack could

31 Jason Miller, “New Cybersecurity Team Meets this Week,” Government Computer News, March 21, 2005.  Grant Gross, “Homeland Security to Oversee Cybersecurity,” PC World, June 9, 2003, at [,aid,111066,00.asp].  32 Paul Roberts, “Symantec Offers Early Warning of Net Threats,” PC World, February 12, 2003, at [,aid,109322,00.asp].  33 CIDDAC is a not-for-profit organization that combines private and government perspectives to facilitate automated real-time sharing of cyberattack data. CIDDAC is specifically designed to protect privacy rights while collecting cyber threat information from sensors attached to corporate computer networks.

34 In July 2002, Gartner Research and the U.S. Naval War College hosted a three-day, seminar-style war game called “Digital Pearl Harbor” (DPH), with the result that 79% of the gamers said that a strategic cyberattack against the United States was likely within the next two years.  Gartner Research, ‘Digital Pearl Harbor’: Defending Your Critical Infrastructure, October 4, 2002, at [].
possibly be launched by terrorists against U.S. civilian critical infrastructure, or (2)
whether such an attack could seriously disrupt the U.S. economy.35

Simulated cyberattacks, conducted by the U.S. Naval War College in 2002,
indicated that attempts to cripple the U.S. telecommunications infrastructure would
be unsuccessful because system redundancy would prevent damage from becoming
too widespread.  Many observers suggest that evidence from natural disasters shows
that many the critical infrastructure systems, including banking, power, water, and
air traffic control, would likely recover rapidly from a possible cyberattack.36
To date, there has been no published report of a coordinated cyberattack launched against the critical infrastructure by a terrorist or terrorist group.  Dennis McGrath of the Institute of Security Technology Studies at Dartmouth College reportedly observed that, “We hear less and less about a digital Pearl Harbor.

Cyberterrorism is not at the top of the list of discussions.”37
In May 2005, the CIA reportedly conducted a classified war game, dubbed “Silent Horizon,”  to practice defending against a simulated widespread cyberattack directed against the United States.  The national security simulation was considered significant because many U.S. counterterrorism experts feel that far-reaching effects from a cyberattack are highly unlikely.38  However, other observers believe that tests of countermeasures, even for unlikely events, may sometimes be prudent.

Many cyber security observers are concerned that U.S. government efforts to
date have not effectively prepared the nation for a catastrophic cyberattack. A
Business Roundtable report issued in June 2006 found three “cyber-gaps” that are
keeping the United States from being prepared to recognize and respond to a
cyberattack: (1) the lack of established indicators that would indicate an attack is
underway; (2) a failure to identify who is responsible for restoring affected
infrastructure; and (3) a lack of dedicated resources to assist in returning cyber

35 Robert Gates, former CIA director, warned that the threat of cyberterrorism should be taken particularly seriously.  Keith Lourdeu, deputy assistant director of the FBI Cyber Division, stated that “our networked systems make inviting targets for terrorists due to the potential for large-scale impact on the nation.”  Douglas Schweitzer, “Be Prepared for Cyberterrorism,” Computerworld, April 6, 2005.  However, others believe that infrastructure systems are robust and could recover quickly.  Richard Forno, “Shredding the Paper Tiger of Cyberterrorism,” Security Focus, September 25, 2002, at [ printable/columnists/111].  See also, CRS Report RL32114,   Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress, by Clay Wilson.  36 Scott Nance, “Debunking Fears: Exercise Finds ‘Digital Pearl Harbour’ Risk Small,” Defense Week, April 7, 2003, at [].  William Jackson, “War College Calls Digital Pearl Harbor Doable,” Government Computer News, August 23, 2002, at [].  37 “CIA Overseeing 3-Day Wargame on Internet,” Associated Press, May 25, 2005.  38 Ted Bridis, “‘Silent Horizon’ War Games Wrap up for the CIA,” USA Today, May 26, 2005, at [].

operations to a pre-attack condition.39  Due to increased security measures applied to
physical facilities and U.S. government efforts to track and engage groups in their
home countries, many believe the internet will increasingly play a bigger role in
terrorist support and operational efforts.  Many observers that monitor the Internet
suggest that due to the effects of intensified counterterrorism efforts worldwide,
Islamic extremists are gravitating toward the Internet, and are succeeding in
organizing online where they have been failing in the physical world.  Terrorist
groups increasingly use online services for covert messaging, through steganography,
anonymous e-mail accounts, and encryption.40

Inconsistent Reporting of Terrorists’ Cyber Activities
Some security observers argue that a lack of consistent reporting on the true nature of the cyber-security threat is a direct by-product of the federal government’s lack of strategy and inability to clarify assignments for the numerous departments and agencies that have some responsibility for the issue.  Others note that the numerous recent governmental organizations are the reason for the delay in progress, and also predict that as DHS and the Office of the Director of National Intelligence mature, the issue of cyber-security assessments and reporting may receive a higher priority.


  • Guest
A review of two annual U.S. government reports on terrorism activity shows
inconsistent attention to the issue of possible cyberterrorism.41  Two federal agencies
report on terrorism activity annually:  (1) the Department of State’s (DOS) Patterns
of Global Terrorism42 and, (2) the Federal Bureau of Investigation’s   Annual
Terrorism in the United States.43
In the DOS reports for the years 1996 to 1999, brief mention is made of
cyberterrorism issues.  In the year 2000, the report acknowledges that “widespread
availability of hacking software and its anonymity and increasingly automated design
make it likely that terrorists will more frequently incorporate these tools into their
online activity.”  In 2001, however, no mention of cyberterrorism issues appeared in

39 Business Roundtable, Essential Steps to Strengthen America’s Cyber Terrorism Preparedness,   June   2006,   at   [ 20060622002CyberReconFinal6106.pdf].
40 Terrorist suspects are reportedly using encryption techniques to prevent police from accessing vital intelligence on seized computers, according to U.K. police.  Stewart Tendler, “Encrypted   Files   Frustrate   Police,”   Times Online, July 20, 2005,   at [,,20409-1701405,00.html].  See CryptoHaven, at [], and SecretMaker, at [ emailsecurer/steganography/default.html].  
41 John Rollins, Specialist in Terrorism and International Crime, Congressional Research Service, August 2005.

42 “Country Reports on Terrorism” is submitted in compliance with Title 22 of the United States Code, Section 2656(f) which requires the Department of State to provide Congress with a full and complete annual report on terrorism for those countries and groups meeting the criteria of Section (a)(1) and (2) of the act, at [].  43 [].

the DOS report, and for the years 2002 to 2004, only mentions of various security forums and international cybersecurity working groups were noted.
The FBI’s Annual Terrorism Report similarly was inconsistent in mentioning cyberterrorism issues. In the 1996 and 1997 reports, there was no mention of cyberterrorism or related activity.  In 1998 the report acknowledged that “cyber tools may find their way in the hands of terrorist” and speculated that “the spread of cyberattack tools, like the proliferation of conventional weapon technology may eventually wind up in the hands of terrorists.”  The following year, 1999, the Report stated that “the threat of cyberterrorism will grow in the new Millennium, as the leadership positions in extremist organizations are increasingly filled with younger, Internet-savvy individuals.”  These two reports arguably suggested that the issue of cyberterrorism was being followed closely. The Reports from 2000 to 2003 mentioned cyberterrorism, but only in the programmatic aspect regarding organizational changes the FBI was putting in place to address cybersecurity, with no mention of past or projected cyberterrorism incidents or issues.  The FBI did not produce a report in 2004, and one is not yet due for 2005.

Since the attacks of 9/11, many observers are concerned that increased efforts
to safeguard facilities, infrastructure, personnel safety, and the decrease  in the DOS’s
and FBI’s discussion of cybersecurity issues, together may indicate a lack of
appreciation for the threat that may be facing the United States from possible
cyberterrorism. Others suggest that although the frequency and severity of
cyberattacks are on the rise, the federal government may not be sufficiently
increasing its efforts to improve cybersecurity.44

Technical Skills of Terrorists
Through captured literature, it is known that many Al Qaeda members are well
educated, and have familiarity with engineering and other technical areas.45  During
a November 2001 attack by U.S. forces, Al Qaeda fighters fled from Kabul,
Afghanistan leaving behind many documents and sensitive information that yielded
a profile of some Al Qaeda operatives as well-educated and trained in the use of
computer systems.  “Technical treatises in Arabic, English, German as well a
students’ notebooks in Arabic, Turkish, Kurdish, and Russian reflected a consistent
interest in and widespread familiarity with electrical and chemical engineering,
atomic physics, ballistics, computers, and radios,” according to researchers and
journalists who reportedly examined the documents.46
Just as people all over the world now use the Internet, terrorists also use it as a
modern tool for communication.  Terrorists and extremist groups have reportedly

44 GAO,   Information Security; Emerging Cybersecurity Issues Threaten Federal Information Systems, report 05-231, May 2005.
45 Tom Spring, “Al Qaeda’s Tech Traps,”   PC World, September 1, 2004, [,aid,117658,00.asp].  46 Anthony Davis, “The Afghan files: Al-Qaeda Documents from Kabul,”   Jane’s Intelligence Review, February 1, 2002.
generated thousands of Internet web sites to support psychological operations, fund
raising, recruitment, and coordination of activities. Recently, the Department of
State’s Counterterrorism Director noted “the most worrisome scenario of another
attack in the homeland is lone operatives who slip into the country and take
directions through cyberspace.”47  A significant concern is that some of these web
sites used for the suspected terrorist activity are hosted on Internet Service Providers
inside the United States.48  The level of technical sophistication of the extremist
groups that use and operate these web sites has also increased.  In 2006 it was
reported that an organization linked to al-Qaeda produced a 26-page manual
providing instructions on the use of the Google search engine to further the goals of
global jihad.49  Recently British forces in Iraq have found print-outs of Google-Earth
pictures that reportedly were to be used for targeting of coalition forces.50
A recent study of more than 200,000 multimedia documents on 86 sample websites concluded that extremists exhibited similar levels of web knowledge as U.S.  government agencies, and that the terrorist websites employed significantly more sophisticated multimedia technologies than U.S. government websites.  The study concluded that these extremist websites support advanced Internet-based communication tools such as online forums and chat rooms more frequently than U.S. government web sites.51   Because of perceived anonymity, terrorist likely feel safer when working together on the Internet.
In April 2002, the Central Intelligence Agency (CIA) stated in a letter to the
U.S. Senate  Select Committee on Intelligence that cyberwarfare attacks against the
U.S. critical infrastructure will become a viable option for terrorists as they become
more familiar with the technology required for the attacks.  Also according to the
CIA, various groups, including Al Qaeda and Hizballah, are becoming more adept
at using the Internet and computer technologies, and these groups could possibly
develop the skills necessary for a cyberattack.52  In February 2005, FBI director
Robert Mueller, testified before the Senate Select Committee on Intelligence that
terrorists show a growing understanding of the critical role of information technology

47 Michael Isikoff, Terror: We’re Going to Get Hit, Newsweek, January 22, 2007.  48 Internet Service Providers (ISPs) are not liable for terrorist propaganda posted on their systems unless they have actual knowledge of it.  Once discovered, terrorist web sites can quickly jump to another ISP faster than system administrators, or law enforcement, can track them.  Evan Kohlman, Al Qaeda on the Internet, Washington Post online interview, August 8, 2005, 3 P.M. E.T.
49 “Terrorists Launch Google Guide,”   The Jawa Report, November 29, 2006, [].
50 Thomas Harding, “Terrorists use Google Maps to hit UK Troops,” Telegraph, January 13, 2007,   [ wgoogle13.xml].
51   Jialun Qin et al., Analyzing terror campaigns on the internet: Technical sophistication, content richness, and Web interactivity, International Journal of Human-Computer Studies, November 1, 2006, vol. 65, p.71-84.  
52   Verton, Black Ice, p. 87.
in the U.S. economy and have expanded their recruitment to include people studying
math, computer science, and engineering.53
Senior leadership of al-Qaeda, who reportedly have access to the most modern technology equipment,54 and other terrorist groups are reportedly building a massive and dynamic online library of training materials, many of which are supported by subject matter experts who answer questions on message boards or in chat rooms.
This online library covers such areas as how to mix poisons for chemical attacks,
how to ambush U.S. soldiers, how to coordinate a suicide bomb attack, and how to
hack computers.55  One discussion forum popular with supporters of terrorism is
called Qalah, or Fortress, where potential al Qaeda recruits can find links to the latest
in computer hacking techniques in a discussion area called “electronic jihad.”56
Some security experts do not think it is worthwhile to hijack or disrupt the web
sites created by terrorists.  This is because terrorists will usually find a way to quickly
put their sites back up under different, multiple names, which may be even more
difficult to monitor.  Instead, U.S. intelligence sources can gain valuable information
by simply monitoring the web sites they already know about.  This may also include
monitoring the Internet addresses of those who frequent these web sites.  However,
more skilled analysts are needed to help translate the communications and
information that is posted on the many different terrorist web sites.57
The Washington Times has reported that Islamic extremists are calling for
creation of an Islamist hackers’ army to plan cyberattacks against the U.S.
government and that postings on the extremist bulletin board, al-Farooq, carry
detailed cyberattack instructions, and include spyware programs for download that
can be used to learn the passwords of targeted users.58  Other extremist websites
reportedly resemble online training camps that may offer instructions for how to
create a safe-house, how to clean a rocket-propelled grenade launcher, or what to do
if captured.59

53 Testimony before the Senate Select Committee on Intelligence, February 16, 2005.  54 “Al-Qaida leaders have the best computer technology that money can buy.” Evan Kohlmann, terrorism consultant, Newsday, Tunnel Plot Talk in Web Chat rooms can net cyber terrorists, July 8, 2006.  
55 Some have described these web training sites as an open university for jihad.  Steve Coll and Susan Glasser, “Terrorists Turn to the Web as Base of Operations,” Washington Post, Aug 7, 2005, A1.
56 Steve Coll and Susan Glasser, “Terrorists Turn to the Web as Base of Operations,” Washington Post, Aug 7, 2005, A1.
57 Susan Glassar, “The Iraq Insurgency’s Online Strategy,” Washington Post online interview, August 9, 2005, 11 A.M. E.T.
58 Shaun Waterman, “Islamists Seek To Organize Hackers’ Jihad in Cyberspace,” Washington Times, August 26, 2005, p. 9.
59 Tom Spring, “Al Qaeda’s Tech Traps,”   PCWorld, September 1, 2004, at [,aid,117658,00.asp].
Iman Samudra, convicted and now awaiting execution for taking part in the
2002 bombings of two Bali nightclubs, has written a book titled “Aku Mekawan
Terroris!”, which reportedly translates to “Me Against the Terrorist”.  Samudra
advocates that Muslim youth actively develop hacking skills “to attack U.S. computer
networks.”  Samudra names several websites and chat rooms as sources for
increasing hacking skills.  He urges Muslim youth to obtain credit card numbers and
use them to fund the struggle against the United States and its allies.60  The terrorist
attacks in Bali, and recent attacks in several other countries, may have been funded
through stolen credit cards.61
Cyberterrorism Capability of State Sponsors of Terrorism
Methods for conducting information warfare to advance the goals of a nation
state might also involve secretly sponsoring terrorists.  In March 2005, a Department
of Homeland Security (DHS) report indicated that, of the six nations currently listed
by the State Department as terrorist sponsors, five of them — North Korea, Sudan,
Syria, Libya, and Cuba — are described as a diminishing concern for terrorism.  Only
Iran remains listed as a nation-state possibly having a future motivation to assist
terrorist groups in attacking the United States homeland.  However, some experts
believe that a decline in state-sponsorship of terrorism may push terrorist
organizations to increasingly embrace the drug trade or other forms of cybercrime.62
China is often cited as providing government support to computer-hackers.  A
paper published in 1999 authored by two senior colonels in the Chinese military
specifically discusses the need for China to place new emphasis on information
warfare methods to attack enemy financial markets, civilian electricity networks, and
telecommunications networks by burying “... a computer virus and hacker
detachment in the opponent’s computer systems in advance...” of launching the
information warfare network attacks.63
DOD officials have acknowledged that hackers, apparently based in China, have been successfully penetrating U.S. military networks since 2001, and perhaps earlier.
Although some of these successful cyberattacks were directed against unclassified
networks, one intrusion reportedly did obtain data about a future Army command and

60 FBI Report FEA20041222000744, version 17, Convicted Indonesian Terrorist Calls for C o m p u t e r   H a c k i n g ,   J i h a d   A g a i n s t   U S ,   D e c e m b e r   4 ,   2 0 0 4 , [ %3B/ 051585].  
61 Richard Clarke, former counterterrorism advisor for Presidents George W. Bush and Bill Clinton, stated that we are vulnerable to people who would use our identities against us.  Kevin Rademacher, “Clarke:  ID Theft Prevention Tied to Anti-Terrorism Efforts, Las Vegas Sun, April 13, 2005, at [ 05/apr/13/518595803.html].
62 Jennifer Hesterman, Transnational Crime and the Criminal-Terrorist Nexus, Walker Paper No.1, Air University, Air University Press, May, 2005, p.32.  63 Qioa Lang and Wang Xiangsui, Unrestricted Warfare, Beijing: PLA Literature and Arts Publishing House, February 1999.
control system.64  Although the hackers are suspected to be based in China, DOD and security officials remain divided over (1) whether the ongoing cyberattacks are coordinated or sponsored by the Chinese government, (2) whether they are the work of individual and independent hackers, or (3) whether the cyberattacks are being initiated by some third-party organization that is using network servers in China to disguise the true origins of the attacks.  It remains very difficult to determine the true identity, purpose, or sponsor (if any) of a cyber attacker.
Trends in Cyberterrorism and Cybercrime
Today, cyberattacks are increasingly designed to silently steal information
without leaving behind any  damage that would be noticeable to a user.  These types
of attacks attempt to escape detection in order to remain on host systems for longer
periods of time.  Research has shown that attackers are now focusing their efforts on
infecting home user desktops or taking control of web applications, allowing the
attacker to steal confidential information such as passwords or account codes.  The
attackers are also using new malicious code tools called “bot networks” that attempt
to deny Internet service to targeted victims.  According to recent studies by the
security organization Symantec and the Cyber Security Industry Alliance, in the first
six months of 2006 the home user sector accounted for a large percentage of all
targeted attacks, and many home users now believe their financial and personal
information may be at risk due to cybercrime.65
Identity theft involving thousands of victims is enabled by advances in computer
technology, and by poor computer security practices.66  In June 2006, officials from
the U.S. Department of Energy acknowledged that names and personal information
belonging to more than 1,500 employees of the National Nuclear Security
Administration (NNSA) had been stolen in a network intrusion that apparently took
place starting in 2004.  The NNSA did not discover the security breach until one year
after it had occurred.67

64 Frank Tiboni, “The New Trojan War,” Federal Computer Week, August 22, 2005, p. 60.  Nathan Thornburgh,   Inside the Chinese Hack Attack, August 25, 2005, at [,8816,1098371,00.html].  65 Vincent Weafer, Statement before the House Subcommittee on Telecommunications and the Internet, Committee on Energy and Commerce, September 13, 2006.  66 On April 12, 2005, personal information, such as Social Security Numbers for 310,000 U.S. citizens, may have been stolen in a data security breach that involved 59 instances of unauthorized access into its corporate databases using stolen passwords.  Boston College reported in March 2005 that a hacker had gained unauthorized access to computer database records with personal information for up to 106,000 alumni, and in the same month, Chico State University of California, reported that its databases had been breached containing the names and Social Security numbers for as many as 59,000 current and former students.  David Bank and Christopher Conkey, “New Safeguards for Your Privacy,” The Wall Street Journal, March 24, 2005, p. D1.
67 Dawn Onley and Patience Wait, DOD’s efforts to stave off nation-state cyberattacks begin with China, Government Computer News, August 21, 2006.  
A series of computer attacks launched in 2003 against DOD systems and computer systems belonging to DOD contractors apparently went undetected for many months.  This series of cyberattacks was labeled “Titan Rain,” and was suspected by DOD investigators to originate in China.  The attacks were directed against the U.S. Defense Information Systems Agency (DISA), the U.S. Redstone Arsenal, the Army Space and Strategic Defense Installation, and several computer systems critical to military logistics.  Although no classified systems were breached, many files were copied containing information that is sensitive and subject to export-control laws.  
In November 2006, an extended computer attack against the U.S. Naval War
College in Newport, Rhode Island, prompted officials to disconnect the entire
campus from the Internet.68  DOD officials acknowledge that the Global Information
Grid, which is the main network for the U.S. military, experiences more than three
million daily scans by unknown potential intruders.  DOD officials also suspect that
most of these scans originated in the United States and in China (although some of
the attacks apparently only traversed through networks in China, casting some doubt
on the true origin).69
Security experts warn that all U.S. federal agencies should now be aware that in cyberspace some countries consider that no boundaries exist between military and civilian targets.  According to an August 2005 computer security report by IBM, more than 237 million overall security attacks were reported globally during the first half of the year.70  Government agencies were targeted the most, reporting more than 54 million attacks, while manufacturing ranked second with 36 million attacks, financial services ranked third with approximately 34 million, and healthcare received more than 17 million attacks.  The most frequent targets for these attacks, all occurring in the first half of 2005, were government agencies and industries in the United States (12 million), followed by New Zealand (1.2 million), and China (1 million).  These statistics may represent an underestimation, given that most security analysts agree that the number of incidents reported are only a small fraction of the total number of attacks that actually occur.

Usually, a cyberattack is difficult to detect until after it is well underway, and
may involve hundreds or thousands of compromised computers from all parts the
globe that are directed by a cybercriminal to attack as a swarm.  If the attack is
directed against a yet-undisclosed, or newly-discovered security vulnerability, the
targeted computer systems may be at a significant disadvantage.  Most commercial
computer security safeguards operate mainly to prevent the types of attacks that are

68 Chris Johnson, Naval War College Network, Web Site Back Up Following Intrusion, Inside the Navy, December 18, 2006.  
69 Some estimates say that up to 90% of computer software used in China is pirated, and thus open to hijack through computer viruses.  James Lewis, Computer Espionage, Titan Rain and China, Center for Strategic and International Studies, December 14, 2005.  70 The Global Business Security Index reports worldwide trends in computer security from incidents that are collected and analyzed by IBM and other security organizations.  IBM press release, IBM Report: Government, Financial Services and Manufacturing Sectors Top Targets of Security Attacks in First Half of 2005, IBM, August 2, 2005.
already known to administrators.  A new, unique type of attack against computers may encounter inadequate, untested, or non-existent defenses.
A 2004 survey by an internet security company, covering 450 networks in 35
countries, found that hacking had become a profitable criminal pursuit.71  Hackers
sell unknown computer vulnerabilities (commonly called “zero-day exploits”) on the
black market to criminals who use them for fraud.  Hackers with networks of
compromised computers (also known as “bot nets”) rent them to other criminals who
use them to launch coordinated attacks against targeted individuals or businesses,
including banks or other institutions that manage financial information.72
It has been reported that stolen credit card numbers and bank account
information are now traded online in a highly structured arrangement, involving
buyers, seller, intermediaries, and service industries.  These services include offering
to conveniently change the billing address of a theft victim, through manipulation of
stolen PINs or passwords.  Estimates by some observers are that, in a highly
profitable black market, each stolen MasterCard number can be sold for between $42
and $72.73
MasterCard International reported that in 2005 more than 40 million credit card
numbers belonging to U.S. consumers were accessed by computer hackers and were
at risk of being used for fraud.74  Some of these account numbers were reportedly
being sold on a Russian website, and some consumers have reported fraudulent
charges on their statements.  Officials at the UFJ bank in Japan reportedly stated that
some of that bank’s customers may also have become victims of fraud related to theft
of MasterCard information.75
In Autumn 2004, organized cybercriminals appear to have infiltrated the
computer systems of the London offices of Sumitomo, the Japanese bank, in an
attempt to steal £220 million.  The cybercriminals reportedly planned to transfer the
money to other bank accounts around the world. Officials at the London police fraud
squad reportedly stated that Sumitomo is the only incident so far in which an attack

71 Counterpane   Internet Security, Attack   Trends   2005,   June   2005,   at [].
72 Bruce   Schneier,   Attack   Trends:   2004   and   2005, June   6,   2005,   at
73 CCRC staff, Russia, Biggest Ever Credit Card Scam, Computer Crime Research Center,
July 8, 2005, at [].
74 Jonathan Krim and Michael Barbaro, “40 Million Credit Card Numbers Hacked,”
Washington Post, June 18, 2005, p. A01.  See also the report by the U.S. House of
Representative Homeland Security Committee, July 1, 2005, raising concerns about
potential ties between identity theft victims and terrorism.  Caitlin Harrington, “Terrorists
Can Exploit Identity Theft, Report From House Democrats Says,” CQ Homeland Security,
July 1, 2005.
75 BBC   News,   “Japan   Cardholders ‘Hit’ by Theft,” June   21,   2005,   at
by external cybercriminals has nearly succeeded against a major bank.76  Figures from
the National Hi-Tech Crime Unit in England show that, in 2003, at least 83% of U.K.
companies were targeted by hackers in attempts to seize control of their systems.77
The Insider Threat
A 2003 study of security incidents, conducted by the U.S. Secret Service and
the Carnegie Mellon Software Engineering Institute, found that attacks on computer
systems committed by insiders with authorized access, have reportedly cost industry
millions of dollars in fraud and lost data.78  Insider employees with access to sensitive
information systems can initiate threats in the form of malicious code inserted into
software that is being developed either locally, or under offshore contracting
arrangements.  For example, in January 2003, 20 employees of subcontractors
working in the United States at the Sikorsky Aircraft Corporation were arrested for
possession of false identification used to obtain security access to facilities containing
restricted and sensitive military technology.  All of the defendants pleaded guilty and
have been sentenced, except for one individual who was convicted at trial on April
19, 2004.79
Links Between Terrorism and Cybercrime
The proportion of cybercrime that can be directly or indirectly attributed to
terrorists is difficult to determine.  Linkages between criminal and terror groups may
allow terror networks to expand and undertake large attacks internationally by
leveraging criminal sources, money, and transit routes.  For example, observers
speculate that Aftab Ansari, a criminal suspect located in Dubai, used ransom money
earned from prior kidnappings to assist with funding for the September 11, 2001
terrorist attacks.  Also, London police officials believe that terrorists obtained the
high-quality explosives used for the 2005 bombings through involvement with an
Eastern European black market.80  The recent  subway and bus bombings in the U.K.
also indicate that groups of terrorists may be active within other countries that have
large computerized infrastructures, along with a large, highly skilled information
technology workforce.  A report by the Department of Homeland Security (DHS)
predicts that other possible sponsors of terrorist attacks against the United States
homeland may include groups such as Jamaat ul-Fuqura, a Pakistani-based

76   Conal Walsh, “Terrorism on the Cheap — and with No Paper Trail,” The Guardian
Observer (London), July 17, 2005.  (Hereafter cited as Walsh, Terrorism on the Cheap.)
77   Hi-Tech   Crime:   The   Impact   on   U.K.   Business   2005,   2004   Survey,   at
[].  78 Marisa Randazzo et al., Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, Carnegie Mellon Software Engineering Institute, August 2004.  79 U.S. Attorneys Office District of Connecticut, at [].  80 Walsh,   Terrorism on the Cheap.  Rollie Lal, “Terrorists and Organized Crime Join Forces,” International Herald Tribune, May 25, 2005, at [ 05/23/opinion/edlal.php].  Barbara Porter, “Forum Links Organized Crime and Terrorism,” By George!, summer 2004 [].
organization allegedly linked to Muslims of America; Jamaat al Tabligh, an Islamic
missionary organization; and, the American Dar Al Islam Movement.81
Officials of the U.S. Drug Enforcement Agency (DEA), reported in 2003 that
14 of the 36 groups found on the U.S. State Department’s list of foreign terrorist
organizations were involved in drug trafficking.  Consequently, DEA officials
reportedly argued that the war on drugs and the war on terrorism are and should be
linked.82  A 2002 report by the Library of Congress Federal Research Division,
revealed a “growing involvement of Islamic terrorist and extremists groups in drug
trafficking”, and limited evidence of cooperation between different terrorist groups
involving both drug trafficking and trafficking in arms.83  State Department officials,
at a Senate hearing in March 2002, also indicated that some terrorist groups may be
using drug trafficking as a way to gain financing while simultaneously weakening
their enemies in the West through exploiting their desire for addictive drugs.84
Western Europe and North America continue to be regions that have major narcotics
markets, optimal infrastructure, and open commercial nodes that increasingly serve
the transnational trafficking needs of both criminal and terrorist groups.85
Drug traffickers are reportedly among the most widespread users of computer messaging and encryption, and often have the financial clout to hire high level computer specialists capable of using steganography (writing hidden messages contained in digital photographs) and other means to make Internet messages hard or impossible to decipher.  Access to such high level specialists can allow terrorist organizations to transcend borders and operate internationally without detection.

81 The DHS report, dated January 2005, is entitled “Integrated Planning Guidance, Fiscal Years 2005-2011.”  Justin Rood, “Animal Rights Groups and Ecology Militants Make DHS Terror List, Right-Wing Vigilantes Omitted,” CQ Homeland Security, March 25, 2005.  Eric Lipton, “Homeland Report Says that Threat From Terror-List Nations Is Declining,” The New York Times, March 31, 2005, p. A9.
82 Authorization for coordinating the federal war on drugs expired on September 30, 2003.  For more information, see CRS Report RL32352, War on Drugs: Reauthorization of the Office of National Drug Control Policy, by Mark Eddy.  Also, see D.C. Préfontaine, QC and Yvon Dandurand, Terrorism and Organized Crime Reflections on an Illusive Link and its Implication for Criminal Law Reform, International Society for Criminal Law Reform Annual Meeting — Montreal, August 8 — 12, Workshop D-3 Security Measures and Links to Organized   Crime,   August 11,   2004, at [ blications/Reports/International%20Society%20Paper%20of%20Terrorism.pdf].  83 L. Berry, G.E. Curtis, R.A. Hudson, and N. A. Kollars,   A Global Overview of Narcotics-Funded Terrorist and Other Extremist Groups, Federal Research Division, Library of Congress, Washington, DC, May 2002.
84 Rand Beers and Francis X. Taylor, U.S. State Department, Narco-Terror: The Worldwide Connection Between Drugs and Terror, testimony before the U.S. Senate Judiciary Committee, Subcommittee on Technology, Terrorism, and Government Information, March 13, 2002.
85 Glenn Curtis and Tara Karacan, The Nexus Among Terrorists, Narcotics Traffickers, Weapons Proliferators, and Organized Crime Networks in Western Europe, A study prepared by the Federal Research Division, Library of Congress, December 2002, p. 22, at [].
Many highly trained technical specialists available for hire are located in the
countries of the former Soviet Union and in the Indian subcontinent.  Some
specialists will not work for criminal or terrorist organizations willingly, but may be
misled or unaware of their employers political objectives.  Still, others will agree to
provide assistance because well-paid legitimate employment is scarce in their

An emerging area of concern is the involvement of terrorist groups in
counterfeiting of intellectual property, which can be even more lucrative than drug
trafficking.  In other areas, where criminals and terrorists work together to move
money internationally, members of terrorist groups may be given special training in
computer software, or in engineering, to facilitate communications through the
Internet.  In-house financial specialists and experienced advisors may also knowingly,
or sometimes unknowingly, help cybercriminals evade the scrutiny of bank regulators
and international investigators. These reportedly may include, accountants, bank
employees in offshore zones and in major financial centers who may or may not also
be terrorists or supportive of the political motives of their clients.87

International Efforts to Prevent Cybercrime
Cybercrime is a major international challenge, however attitudes about what composes a criminal act of computer wrongdoing may still vary from country to country.  The European Union has set up the Critical Information Infrastructure Research Coordination Office (CI2RCO), which is tasked to examine how its member states are protecting their critical infrastructures from possible cyberattack.  The project will identify research groups and programs focused on IT security in critical infrastructures.

The Convention on Cybercrime was adopted in 2001 by the Council of Europe, a consultative assembly of 43 countries, based in Strasbourg.  The Convention, effective July 2004, is the first and only international treaty to deal with breaches of law “over the internet or other information networks.”  The Convention requires participating countries to update and harmonize their criminal laws against hacking, infringements on copyrights, computer facilitated fraud, child pornography, and other illicit cyber activities.88  To date, eight of the 42 countries that signed the Convention have completed the ratification process.

86 Louise Shelly, Organized Crime, Cybercrime and Terrorism, Computer Crime Research Center,   September   27,   2004,   [ rism_Cybercrime/].
87  Louise I. Shelley and John T. Picarelli, “Methods Not Motives: Implications of the Convergence of International Organized Crime and Terrorism,”   Police Practice and Research, vol. 3, no. 4, 2002 p. 311, at [ Shelley%20Pubs/To%20Add/MethodsnotMotives.pdf].
88 Full   text   for   the   Convention   on Cyber Crime   may be   found   at [ 18/06/04&CL=ENG].
Although the United States has signed the Convention, it did not sign a complementary protocol that contained provisions to criminalize xenophobia and racism on the Internet, which would likely not be supported by the U.S.
Constitution.89  The complementary protocol could be interpreted as requiring nations
to imprison anyone guilty of “insulting publicly, through a computer system” certain
groups of people based on characteristics such as race or ethnic origin, a requirement
that could make it a crime to e-mail jokes about ethnic groups or question whether
the Holocaust occurred.  The Department of Justice has said that it would be
unconstitutional for the United States to sign that additional protocol because of the
First Amendment’s guarantee of freedom of expression.  The Electronic Privacy
Information Center, in a June 2004 letter to the Foreign Relations Committee,
objected to U.S. ratification of the Convention, because it would “would create
invasive investigative techniques while failing to provide meaningful privacy and
civil liberties safeguards.”90  However, a coalition of U.S. industry associations,
including the Business Software Alliance, the Cyber Security Industry Alliance, the
American Bankers Association, the Information Technology Association of America,
InfraGard, Verisign, and several others, have urged the U.S. Senate Foreign Relations
Committee to recommend ratification of the Convention.91
The Bush Administration submitted the Convention on Cybercrime (Treaty Doc.  108-11) to the Senate for hearings and resolution in November 2003.  On July 26, 2005, the U.S. Senate Foreign Relations Committee approved the signed Convention.
The United States will comply with the Convention based on existing U.S. federal
law; and no new implementing legislation will be required.  Legal analysts say that
U.S. negotiators succeeded in scrapping most objectionable provisions, thereby
ensuring that the Convention tracks closely with existing U.S. laws.92

Analysis and Policy Issues

Computer security experts disagree about whether a widespread coordinated
cyberattack by terrorists is a near-term or long-term possibility.  However, terrorists
have repeatedly demonstrated a willingness to plan and  launch conventional attacks
against targets that have easy accessibility and numerous vulnerabilities.  Internet and

89 The U.S. Senate Committee on Foreign Relations held a hearing on the Convention on June 17, 2004.  CRS Report RS21208, Cybercrime: The Council of Europe Convention, by Kristin Archick.  Estelle Durnout, Council of Europe Ratifies Cybercrime Treaty, ZDNet, March 22, 2004, at [,39020651,39149470,00.htm].  90 [].  91 Patience Wait, “Industry Groups Urge Senate Ratification of Cybercrime Treaty,” Government Computer News, June 6, 2005, at [ 57-1.html].  Declan McCullagh, Tech Firms call for approval of cybercrime treaty, Cnet,   June   29,   2005,   at   [ 8462.html?tag=st.util.print].
92 For more information about the Convention on Cybercrime, see CRS Report RS21208, Cybercrime: The Council of Europe Convention, by Kristin Archick.
computer system vulnerabilities are persistent and widely publicized.  As technology continues to advance, the capability, reliance, and interdependent nature of computer systems likely will be more vulnerable to cyberattack tools that are becoming faster and more sophisticated.  Terrorists may also be developing links with cybercriminals that will give them access to high-level computer skills.  The time may be approaching when a cyberattack may offer advantages that cause terrorists to act, even if the probability of success, or level of effectiveness, is unknown.  Similar to terrorists reconnaissance of physical targets to assess the level of security prior to an attack, it is suggested that the U.S. may experience a number of small cyber intrusion events prior to an attempt at a larger more devastating attack.
Given the ability of a catastrophic cyber-attack to disrupt a significant portion of the nation’s infrastructure, some national security observers suggest that the Director of National Intelligence (DNI) should have the responsibility for monitoring the capabilities and identities of the countries and groups that may wish to cause the Nation harm through cyberattack.  The DNI, as the Nation’s Chief Intelligence Officer, has the ability to coordinate all known cyber-threat related information and then task the intelligence community to collect information to better understand the groups that may wish to cause the U.S. harm, and to forecast their intentions and capabilities.
One issue is whether DHS has done enough to strengthen computer security for civilian federal agencies and for the private sector.  In July 2005, DHS Secretary Michael Chertoff announced creation of the new position of Assistant Secretary for Cyber and Telecommunications Security.  In doing so he acknowledged both the efficiencies and vulnerabilities of modern technology upon which so much of society now depends.93  Many cybersecurity observers hope that by elevating the DHS Cyber Security Officer from a Division Director to an Assistant Secretary level position, the new senior official will become a more effective proponent of federal government efforts to address and manage information technology vulnerabilities, incident response programs,  and remediation efforts.
DHS is also supporting efforts to encourage U.S. computer systems to change
to the new, reportedly more secure, IPV6 Internet Protocol.94  Despite these efforts,
according to GAO officials, DHS does not have an Internet recovery plan, or a
national cybersecurity threat assessment.  DHS officials have stated that a draft
cybersecurity threat evaluation plan will be available in late 2005, but a finalized
cybersecurity plan that pinpoints the nations’s weakest security links will likely not
be available until 2006.95  Leaders of the Senate Committee on Homeland Security
and Governmental Affairs, Subcommittee on Financial Management, Government

93 Secretary Michael Chertoff, U.S. Department of Homeland Security, Second Security Stage   Review   Remarks,   July 13,   2005,   at   [ /interapp/speech_0255.xml].
94 IPV6 is the designation for a newer, more secure communications protocol for the Internet.  For more information, see CRS Report RL32411, Network Centric Warfare:
Background and Oversight Issues for Congress, by Clay Wilson.  95 Wilson Dizard, “Cybersecurity Plans Wait for Dhs to Complete its Evaluation of Threats,” Government Computer News, July 25, 2005, vol. 24, no. 20.
Information and International Security, reportedly have stated that DHS does not
have a robust way to detect a coordinated attack against the critical infrastructure.96
Security vulnerabilities found in the Internet and in critical infrastructure computer systems are widely publicized.  Many experts are concerned that private sector cyber security firms do not notify DHS or their customers immediately upon recognition of a potentially serious Internet security vulnerability.  If hackers become aware of this vulnerability, observers speculate that these individuals could disable portions of the Internet, or successfully disrupt selected portions of the United States or international critical infrastructure.  This raises the following questions:
!   Should vendors of computer products be required to quickly report all serious, newly discovered product vulnerabilities to DHS?
!   Should computer service providers or businesses be required to report to DHS any major security vulnerabilities that have been newly exploited by cybercriminals?
!   Should there be penalties if an organization has a poor security policy that contributes to a major loss of sensitive information?
Some actions are underway that Congress may consider.97  For example, on
September 30, 2005, an interim rule was issued by the Federal Acquisition
Regulations Council, outlining several new steps acquisition workers must take to
ensure IT security is incorporated into all federal purchases.  Under this interim rule,
government contracting officers must  include additional cybersecurity rules in their
acquisition planning, which will require vendors to improve computer security for
the IT products and services they supply to the federal government.98
Experts now believe that terrorist collaborate with organized crime networks in the Middle East for international smuggling of arms and illegal drugs.  Criminal drug traffickers can provide terrorists with access to computer specialists with high-level technical skills.  What are the pro’s and con’s of linking counterterrorism efforts more closely to the efforts of agencies that counter drug trafficking?
Should the counterterrorism efforts be linked more closely with international efforts to prevent cybercrime?  What are effective ways to encourage more international cooperation for identifying which activities should be labeled as cybercrime, and for punishing those who operate as cybercriminals?

96 Grant Gross, Senators Call on DHS to Improve Cybersecurity Efforts, Symantec, at [].  97 See National Institute of Standards and Technology website for Federal Agency Security Practices, at [].
98 Jason Miller, “IT Security Requirements Now Part of the FAR,” Government Computer News, September 30, 2005, at [].  Federal Register, September 30, 2005, vol. 70, no. 189, pp. 57449-57452.
Security experts have reportedly stated that, although U.S. military networks are relatively secure, many of those networks remain highly dependent on the civilian communications infrastructure.99  Should DOD collaborate more closely with DHS for new technologies to strengthen the computer security of civilian agencies and infrastructure?
Trends for cybercrime indicate that computer attacks could increase in number, speed, and sophistication.  Will future unknown computer vulnerabilities and sophisticated attacks allow terrorist to launch an effective cyberattack that might overwhelm the ability of civilian agencies to respond effectively?  Could a new approach to computer security reduce vulnerabilities?  An example of a new approach to improve computer security for computer systems and the Internet might include development and refinement of quantum methods for unbreakable cryptography.100  However, new approaches to computer security could also lead to the emergence of new threats directed against new vulnerabilities.  For example, the proliferation and use of commercial products with unbreakable cryptography could seriously undermine the ability of law enforcement to perform critical missions such as protecting against threats posed by terrorists, organized crime, and foreign intelligence agents.

Related Legislation
The following bills are related to improving national computer security, or the prevention of cybercrime:
H.R. 1.  H.R. 1, “Implementing the 9/11 Commission Recommendations Act of 2007,” was referred to the Senate Committee on Homeland Security and Governmental Affairs on January 9, 2007.  The DHS Secretary shall evaluate and annually prioritize all pending applications for covered grants based upon the degree to which they would lessen the threat to the critical infrastructure, including, but not limited to, cyber threats.  Evaluation and prioritization shall be based upon the risk assessment by the Office of Intelligence Analysis and the Office of Infrastructure Protection of the threats of terrorism against the United States.

99   Barton Reppert, remarks made by Clifford Lau, July 26, 2005, at the Rayburn House Office Building, subsequent to a hearing by the House Science Committee.  100 Quantum cryptography:  In the microscopic world, once a system is observed, it is inevitably affected and changes into another state (Heisenberg’s Uncertainty Principle). By incorporating the fact that weak light behaves as “photons” subject to this law, quantum cryptography is an unbreakable cryptography with the photons becoming the information carriers,   or   information   cameras. Press   Release,   Mitsubishi   Electric,   2002, [].

Offline adissenter2

  • Member
  • *****
  • Posts: 2,044
  • Revolt Time
Re: Bill would give president emergency control of Internet
« Reply #94 on: September 02, 2009, 03:19:36 am »
Bill to Shut Down Internet In An Emergency When We Need it most

Faux News Video Clip

CyberSecurity Act of 2009   
2% of users support the bill at 16 in favor / 782 opposed
Sponsor -Senator John Rockefeller D-WV .. go figure

Official Title as Introduced: A bill to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption, and for other purposes.

text of legislation

I believe there already has been an Executive Order on the books since JFKs time that gives authority to take over communications.... while looking into EXECUTIVE ORDER 10995
which allowed the government to seize and control the communication media, I found that it was revoked by some new Executive Order then changed again and it led me to the:

Office of Preparedness and Emergency Operations

and from there I go its newsroom

and find much news on the H1N1 subject, go there and look for yourself

heck I did a bit of poking around and found this chart

U.S. 2009-H1N1 Vaccine Schedule

poking around a bit more I find a 300,000.000 $ contract award for:
A new contract for the purchase of vaccine against the H1N1 2009 variant influenza virus

but then I found this right above the award link:
H1N1 2009 virus strain is a novel isolate, no vaccine is yet available against it and thus none has been acquired for the stockpile.

and from what I understand about a novel isolate virus strain is not much, looking into it...

expecting to find evidence that any vaccine produced will not even touch the mutated strain, thus there is no point in getting vaccinated besides taking money from taxpayers and awarding contracts to vaccine manufacturers

ΜΟΛΩΝ ΛΑΒΕ! Molon Labe! Come and take them!

Offline Volitzar

  • Member
  • *****
  • Posts: 1,731
Re: Bill would give president emergency control of Internet
« Reply #95 on: September 02, 2009, 03:23:10 am »
Right there aren't enough internet companies that can do internet security we need Federal-Government involvement.    ::) ::) ::) ::) ::) ::)

Talk about Orwellian !!!!!!!!!!!!!!!!!!


  • Member
  • *****
  • Posts: 1,845
  • Commander
Re: Bill would give president emergency control of Internet
« Reply #96 on: September 02, 2009, 03:23:44 am »
Bill to Shut Down Internet In An Emergency When We Need it most

CyberSecurity Act of 2009    
2% of users support the bill at 16 in favor / 782 opposed
Sponsor -Senator John Rockefeller D-WV .. go figure

What if they quietly pass it anyway?
Automatic User Post Signature:
The message has to be put out in the right way.
Website Still Needs to be updated ||

Offline adissenter2

  • Member
  • *****
  • Posts: 2,044
  • Revolt Time
Re: Bill would give president emergency control of Internet
« Reply #97 on: September 02, 2009, 03:38:32 am »
What if they quietly pass it anyway?

either that or by Executive Order / Edict

as AI has been pointing out, look out for Internet 2 being implemented during continuity of government ops

this story is huge and should be followed to the end game


just as Mike R on the show said today, we do not realize how big the free flow of information is, it is like the Gutenberg Bible back when that was printed.. anyone listen in better than me?  i was on the phone

they are pulling no punching and going for all out control of every aspect of our lives

enter Vigilant Guard and Ardent Sentry exercises this month

ΜΟΛΩΝ ΛΑΒΕ! Molon Labe! Come and take them!


  • Member
  • *****
  • Posts: 1,845
  • Commander
Re: Bill would give president emergency control of Internet
« Reply #98 on: September 02, 2009, 03:52:17 am »

No better time to take action than the present.
Automatic User Post Signature:
The message has to be put out in the right way.
Website Still Needs to be updated ||

Offline Harconen

  • Member
  • *****
  • Posts: 2,761
Re: Jay Rockefeller-Evidence of Psychosis: I OWN THE INTERNET/OBAMA CAN PULL PLUG
« Reply #99 on: September 02, 2009, 06:08:35 pm »
Eavesdropping on Internet

Korea Times
Wed, 02 Sep 2009 20:46 UTC

Top Spy Agency Aims to Become Big Brother

Imagine an invisible person is behind you watching all you do on the Internet, like searching, chatting and file downloading. Horrible as it may sound, this was what the National Intelligence Service allegedly did to a pro-unification civic group leader.

As if that was not enough, the NIS agents wiretapped all communications in cyberspace, not just of the suspected violator of the anticommunist law but of his family members and coworkers who shared the same Internet lines with him, in what experts call ''packet eavesdropping." Could one brush it aside as just another shady aspect of ''IT Korea"?

Even more astonishing was nobody knew about the Internet bugging until the prosecution presented wiretapped contents as evidence during a trial. Most shocking of all, the top spy agency says its agents acted with court warrants and committed no legal violations, reaffirming the nation's far too porous legal system to protect communication secrecy and other privacy.

The NIS says all these activities are for the sake of defending the ''national interest," but it is also apparent the two words can't justify everything done by these government agencies ― all of which cite this term whenever they go beyond their legal bounds. Some kinds of wiretapping may have to be permitted for investigations related to national security, but it's time to restrict digging into private information, such as e-mails and Web surfing.

Many other countries are also allowing their spy agencies to eavesdrop on mobile phone calls and peek at e-mails to let them keep up with the post-Cold War, IT-dominating world, but only to a limited extent and under strict criteria. Japan, for instance, makes it obligatory for investigators to submit wiretapped contents to courts for after-the-fact screening. Korea has no such checks and surveillance, while the courts give the go-ahead to almost all would-be buggers' requests for warrants, with the rejection rate remaining below 5 percent.

One can't help but wonder whether it was a coincidence that the NIS's domestic spying activities have deepened and widened with the inauguration of the Lee Myung-bak administration.

Particularly, NIS chief Won Se-hoon, one of the closest confidantes of President Lee since he was the Seoul mayor, has often tried to stretch the espionage agency's authority to an unreasonable extent, even including the gathering of ''political intelligence" and tracing of financial accounts without court approvals. Some civic groups claim the NIS has exerted pressure to cut government subsidies to organizations critical of government policies and even conducted surveys on academics opposing the government's major policies and programs, such as spending trillions of won on a river-refurbishing ― or ravaging ― project.

Nothing can be more dangerous than a technological leap-off unaccompanied by corresponding maturity of consciousness. This is why the just-opened National Assembly's regular session should do all it can to supplement the pending acts on communication secrets and the NIS's authority, to prevent the aspiring Big Brother from eroding civil liberties any further.


They need internet to watch on us, and it will bee shut down when they decide to hit our doors with boots.
Resist. Rebel. Cry out to all peoples and nations from the sky as the lightening flashes from the east to the west and judge the living and the dead.Or choose submission and slavery.

The light shineth in darkness; and the darkness comprehended it not.  (John 1:5)

Offline rio

  • Member
  • *****
  • Posts: 1,708
Wired Magazine says Congress not trying to give control of internet to Obama
« Reply #100 on: September 02, 2009, 06:09:29 pm »
Another poo-poo article trying to debunk something that ends up confirming what they are trying to debunk.

Quote from:

Umm… Actually Obama Doesn’t Want to Take Over The Internet

A number of people — including two of my favorite tech writers, Mike Masnick at Techdirt & Declan McCullagh at CNET — are up in arms about a new bill going through the Senate that allows Obama to “take over private networks.” Oh no! That would be really stupid.

But actually, the Senate bill in question does nothing of the sort.

The controversy dates back to April when Senators Olympia Snowe and Jay Rockefeller drafted S-773, a bill that, in its original form, did have some seriously bad ideas in it. For example, in an emergency, the president could “order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network.”

Outrage predictably followed. And the bill got better, much better. I’ve just read a draft of the whole thing. (Click here to read it too.) And there’s nothing in it that merits the current outrage.
Most of the bill, in the draft I read, proposes ways to improve our cyber-security infrastructure. It recommends scholarships for kids who want to work on cyber security (good idea!) and prizes to inspire contests that will get people to do things in the field (good idea!).

The formerly onerous section, which begins on p.25, has been changed to the following:

Quote from:
In the event of an immediate threat to strategic national interests involving compromised Federal Government or United States critical infrastructure information system or network — [the president] may declare a cybersecurity emergency; and may, if the President finds it necessary for the national defense and security, and in coordination with relevant industry sectors, direct the national response to the cyber threat and the timely restoration of the affected critical infrastructure information system or network.

Notice all the hedging. He “may”, “may”, “if he finds it necessary”, “in coordination.” And then they payoff? He can “direct the national response”!

That’s not giving him any powers that he doesn’t already have, and there’s no justification in that language for the hysteria. It is also much more in sync with what Obama himself has said. He has been very clear that he doesn’t want to snoop on private networks, much less take them over.

So why write the bill if it doesn’t give the president any more authority? I’ve heard two reasonable theories. Marc Ambinder at the Atlantic suggests that the goal may be to give power to the president on these issues at the expense of the less-open NSA and DOD. Under that theory, the bill is actually designed to keep potential channels of dissent in a crisis more open to the public, rather than less.

The second theory is that it’s just a senate jurisdictional battle. Every senator knows that cybersecurity is a pressing issue, and everyone wants his or her name on the big bill. So the Commerce Committee, with authors Snowe and Rockefeller on it, is trying to define the issue of cybersecurity as depending on relationships between the government and private companies — thus making it something they have authority over. Other senators, of course, will try to define the issue so it falls under the authority of their committees.

So, in the end, it has much more to do with Senate power games than men in black hats.


  • Guest
Re: Bill would give president emergency control of Internet
« Reply #101 on: September 02, 2009, 06:17:58 pm »
Right there aren't enough internet companies that can do internet security we need Federal-Government involvement.    ::) ::) ::) ::) ::) ::)

Talk about Orwellian !!!!!!!!!!!!!!!!!!

Try global government involvement, it is hardly relegated to "federal".  There are many foreign military generals, and officials involved with this.

Btw the U.S. govt. has no say in anything pertaining to the internet whatsoever.  It should belong to the people but it belongs to the same ppl who stole the 24 trillion.  Rockefeller's bill is ceremonial for: "hey we need to make iot look like congress has any say whatsoever, when we would really just take it over anyways, but we need to once again give you the illusion that your elected government actually runs things."


  • Guest
Re: Wired Magazine says Congress not trying to give control of internet to Obama
« Reply #102 on: September 02, 2009, 08:45:14 pm »
Lemme dig up some dirt on Wired.

It's owned by Condé Nast Publications which also owns reddit, Ars Technica, Vanity Fair, The New Yorker, Golf Digest, Golf World, Vogue, W, Glamour, Allure, Self, Teen Vogue, and GQ.

Profile of Condé Nast CEO Charles H. Townsend:

Ad Council Board of Directors
George W. Bush for President

Condé Nast's parent company is Advance Publications, owned by Samuel Irving "Si" Newhouse, Jr.,_Jr.

Bottom line: Wired Magazine is corporate media.

OMFG! Advance Publications is part-owner of Discovery!

Offline IridiumKEPfactor

  • Member
  • *****
  • Posts: 3,668
Re: Wired Magazine says Congress not trying to give control of internet to Obama
« Reply #103 on: September 02, 2009, 09:00:12 pm »

The magazine was founded by American journalist Louis Rossetto and his partner Jane Metcalfe in 1993 with initial backing from software entrepreneur Charlie Jackson and eclectic academic Nicholas Negroponte of the MIT Media Lab

Nicholas Negroponte. He is the younger brother of John Negroponte, former United States Deputy Secretary of State.

John Negroponte AKA the death Squad master.


  • Guest

"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience."

Note on the stone, the date of C.S. Lewis' death....


"There's no way to rule innocent men. The only power
any government has is the power to crack down on
criminals. Well, when there aren't enough criminals,
one makes them. One declares so many things to be
a crime that it becomes impossible to live without
breaking laws."
~Ayn Rand


  • Guest
Note, on the stone, the date of C.S. Lewis' death....


"There's no way to rule innocent men. The only power
any government has is the power to crack down on
criminals. Well, when there aren't enough criminals,
one makes them. One declares so many things to be
a crime that it becomes impossible to live without
breaking laws."
~Ayn Rand

Yes the same day JFK passed on.

Offline ekimdrachir

  • Member
  • *****
  • Posts: 7,144
    • Go Outside
Re: Jay Rockefeller-Evidence of Psychosis: I OWN THE INTERNET/OBAMA CAN PULL PLUG
« Reply #106 on: September 07, 2009, 11:58:21 am »
This is very important.


  • Guest
Re: Jay Rockefeller-Evidence of Psychosis: I OWN THE INTERNET/OBAMA CAN PULL PLUG
« Reply #107 on: September 07, 2009, 10:55:03 pm »
9 years ago the DoD had another groundbreaking cybersecurity solution, (presumably for real security back then) and they had 9 years to improve upon it's already superior capabilities claimed in the article. Apparently none of it must matter with all the arm flailing, and screaming to the top of their lungs that they are doing today (because we know the real agenda):

DARPA's EMERALD Proves Worth in Cyberdefense

By Jim Garamone
American Forces Press Service

WASHINGTON, Aug. 14, 2000 – EMERALD is a gem in the world of cyberdefense.

This EMERALD is not a green jewel, but the Event Monitoring Enabling Responses to Anomalous Live Disturbances.

Developed by SRI International and the Defense Advanced Research Projects Agency, EMERALD's ability to detect computer hackers and other intruders surpasses current technology, said Michael Skroch, program manager of the DARPA information assurance program.

The new technology is needed. "We're seeing an increase in the number of attacks and the severity of attacks in the cyberdomain," Skroch said. The recent "ILoveYou" virus and the denial of service attacks are just two examples of the threats facing DoD and computer users worldwide.

DARPA has long been involved in combating cyberattacks. "We're currently focusing on integrating technologies into systems that can defend against a broader range of attacks and (provide) a broader set of capabilities that the warfighter depends upon," Skroch said.

He called EMERALD a quantum leap improvement over "signature- based" technology. "Signature-based detectors are those that are currently on most computers," he said. "They are able to detect things they have seen before, but not things that are new." Because EMERALD is anomaly-based, it can detect "novel attacks that the computer system has never seen before," he said.

"EMERALD is not focused on just one computer system," Skroch said. "It can be deployed among many systems in the network and correlate that information on one display, so the warfighter can see the effect of an attack on the entire network."

Skroch compared EMERALD to the security at a military base. A guard at the "front gate," such as a firewall, can stop intrusions coming in that way, he said. EMERALD, however, also implements sensors or detectors around the computer network on different machines -- all can detect anomalous behavior, misuse or other incoming attacks.

"By having all those sensors come to one central point, you are able to see a coordinated attack much more easily," he said. Because system administrators can see the whole scope of a cyberattack in real time -- as it happens -- they can better defend against it.

Skroch said network administrators or security personnel alerted by EMERALD could, for instance, block a specific attack or turn off the targeted service rather than pull the plug completely."

EMERALD allows a more flexible response, but doesn't respond itself. It would share information with responders. "In the future, we'll be able to use EMERALD to detect and another system to provide automated response," he said.

Tested with an operational command, EMERALD perform 10 times better than similar technologies being evaluated, Skroch said. "It was able to perform about 20 times better than commercial products available today," he said.

Offline Overcast

  • Member
  • *****
  • Posts: 4,133
Re: Jay Rockefeller-Evidence of Psychosis: I OWN THE INTERNET/OBAMA CAN PULL PLUG
« Reply #108 on: September 09, 2009, 01:23:55 pm »
So should we start putting together a BBS network now?

Just like in the 'olden' days, lol :)

Rockefeller or whatever NWO lackey's are out there - pull the plug big boy, it's your precious money and power that drives it all. You are the one that NEEDS money and power for happiness. I don't give a flying f**k, I'll start preaching to my neighbors. It may well have the opposite effect you power brokers desire. It will give us more time to watch Endgame and other stuff that has already been burned to DVD.

So you'll have to cut the power too. But then, I guess we'll talk about it over a campfire.

You know - the American Revolution did NOT need the internet or TV to toss the British out on their asses. Does it worry you that 'terrorists' like George Washington, Thomas Paine, Patrick Henry, John Hancock and others put a dangerous concept in our minds that liberty and freedom are more important than your little toys like TV, Computers, and Money?

Take all the money you want for now - but the very second your body dies; if you do have a soul, it will realize - suddenly, it doesn't have a penny to it's name. And then on with eternity...

So in the REAL ENDGAME - we will ALL BE EQUAL as it was intended to be. Regardless of what you do here and now, it will make no difference in the long run. All your money, all your power, all your bodyguards - like humpty dumpty won't be able to put you back again.

Problem with corporations and politicians - they think too much in the short term and don't worry about the long term.

So if you are lucky, maybe there is no God and you'll only rot in the ground. Otherwise...
And dying in your beds, many years from now, would you be willin' to trade ALL the days, from this day to that, for one chance, just one chance, to come back here and tell our enemies that they may take our lives, but they'll never take... OUR FREEDOM!

Offline menace

  • Member
  • *****
  • Posts: 1,841
Re: Jay Rockefeller-Evidence of Psychosis: I OWN THE INTERNET/OBAMA CAN PULL PLUG
« Reply #109 on: September 10, 2009, 06:13:28 pm »
Tell Congress to REJECT Giving Barack Obama Total Control of the Internet


  • Guest
Re: Jay Rockefeller-Evidence of Psychosis: I OWN THE INTERNET/OBAMA CAN PULL PLUG
« Reply #110 on: September 10, 2009, 07:07:29 pm »
Obama Readying Appointment Of New Cybersecurity Czar
Former military official from the Clinton administration reportedly is front-runner for the job

The long-awaited appointment of a cybersecurity czar is imminent, with a former Clinton administration Department of Defense official at the top of the list, according to a Reuters report.

Frank Kramer, former assistant secretary of defense, is the front-runner for cybersecurity head, according to an unnamed source in the report. Kramer served as assistant secretary of defense for international security affairs from 1996 to 2001, according to published reports. Most recently Kramer served as an adviser for an international investment firm, and he has written various cybersecurity papers and reports. Kramer also described cybersecurity as a component of national security in Congressional testimony in 2005, according to a report in The Atlantic.

President Obama is expected to announce his cyber czar appointment in the coming weeks.

"Kramer is the right person for cyber security czar. His military and international background give him the perspective needed to lead the U.S. in its cyberdefense preparedness," says Richard Stiennon, chief research analyst for IT-Harvest. "That said, if the position is the recommended cybersecurity policy coordinator job described in Melissa Hathaway's Cybersecurity Policy Review [CPR], then this would be a complete waste of an able man


  • Guest
Re: InfraGard complained of lack of I/O for SCADA-they couldn't False Flag it
« Reply #111 on: September 12, 2009, 04:29:53 pm »
"I/O"= Interoperability

Read between the lines, it is obvious what they mean:


  • Guest
Re: Jay Rockefeller-Evidence of Psychosis: I OWN THE INTERNET/OBAMA CAN PULL PLUG
« Reply #112 on: September 12, 2009, 05:00:39 pm »

Who's On The Shortlist For Cyberczar?

Posted on: Friday, 12 June 2009, 05:55 CDT

Scott Charney, head of Microsoft's cybersecurity division, and a former member of President Bush’s and President Clinton’s national security teams are on the shortlist to be the nation’s new cybersecurity czar, according to a Reuters report.

President Barack Obama announced the creation of the new post last month, saying that he would personally decide who would lead the nation’s defense and response against major cyber attacks.

Although Charney has said he won't take the job, he could change his mind if pressed, Reuters said, citing a source with direct knowledge of the matter.

Charney also led the Justice Department’s computer crime section as well as PricewaterhouseCoopers' cybercrime unit.

His top competitor for the post is likely Paul Kurtz, who led Obama's cybersecurity transition team and was a member of the National Security Council under both Clinton and Bush, Reuters said.

Others in the running include former Rep. Tom Davis (R-VA), Sun Microsystems executive Susan Landau, Maureen Baginski, formerly with the National Security Agency and the Federal Bureau of Investigation, and Frank Kramer, former assistant defense secretary under President Clinton, Reuters said.

Less likely candidates include Melissa Hathaway, who conducted Obama’s cybersecurity review, and James Lewis of the think tank Center for Strategic and International Studies (CSIS).

Symantec Corp. board chairman John Thompson had been a candidate, but declined consideration, Reuters said.

Although specific details of the responsibilities of the new post have not yet been defined,  the position described in Hathaway's review involves a coordinator who reports to both the National Security Council and the National Economic Council.

Shortcomings in U.S. cybersecurity defenses have resulted in major incidents of thefts of money, identity, intellectual property and corporate secrets.   In one instance, a financial institution lost $10 million in cash in one day.  Sensitive military information has also been stolen, and the U.S. electrical grid has been penetrated.


Landau, a Sun Microsystems engineer who has worked on digital rights, privacy and export control, said she would advise Obama to make the new post a top-level position.

"The job is very important," Landau told Reuters.

"We have all sorts of different kinds of threats. ... What you want is ubiquitous security."

Lewis, who declined to confirm whether he was under consideration for the new job, said Obama must emphasize national security expertise in selecting the cybersecurity czar.

"Some guy from industry is going to write a national security strategy? No, they aren't. You don't just pick this up," he told Reuters.

"You need somebody who knows the national security game, who knows government and who knows about the technology,” he added.

Before becoming a national security and technology senior fellow at CSIS, Lewis was foreign service officer with a variety of assignments including encryption, global arms sales and high-tech trade with China.

Congress appears to share Lewis' and Landau's views, said Reuters, quoting a senate staffer familiar with the matter.

"The president's vision is a heavyweight," the staffer said.

"I'm concerned that he or she will get sort of tied up, like Gulliver, tied down by a million different reporting requirements."


  • Guest
Re: Jay Rockefeller-Evidence of Psychosis: I OWN THE INTERNET/OBAMA CAN PULL PLUG
« Reply #113 on: September 17, 2009, 02:48:45 pm »
Go ahead, pull the plug. Then people will have no choice but to hit the streets and abandon the keyboard warrior scenario. They WILL pull the plug, it's just a matter of time.
Everything is being setup now with the help of Congress for total martial law dictatorship takeover and they want this to go smoothly with everything already in place in order to secure total infrastructure control right away. All 35+ czars will have their orders straight from the fuhrer himself.
Once again I have to congratulate all you 'folks' that voted for Obama/McCain and helped trash what's left of your own country along with everybody in it. Well done! You should be very proud of yourselves, you wanted change and change you WILL get. After all, that's how Hitler got elected too and it worked for him.


  • Guest
too late for Australia, they are censoring the internet in the next 2 years