Comments

iglooDecember 24, 2008 11:15 PM

It appears to be a wide ranging wish list! It's provision for centralising the forces for cyber security would overcome the disparate approaches from a large variety of military and civil bureaucracies. However, with a single overarching authority you have to get it right the first time!

Whether the new president is going to be strong enough to implement all, or at least the majority, of these recommendations remains to be seen.

In my quick perusal, I did not see any recommendations regarding the President's own cyber security. In particular whether they can recommend a way to secure his Blackberry communications ;-)

Clive RobinsonDecember 25, 2008 12:53 AM

Tis early Christmas morn so I'm not going to be reading the PDF till later but the third conclusion smacks of making yet another "big federal agency".

Which immediatly and unfortunatly gives rise to that "uh oh" moment of "have they learnt nothing since 2000".

As was once noted by a major American industrialist teams of more than a certain size don't work.

His reasons for this view point (in the 1960's) have not changed at all in beuracratic organisations...

Paul S.December 25, 2008 3:52 PM

I'm not sure how this will work:

17. The US should allow consumers to use strong government-issued credentials (or commercially issued credentials based on them) for online activites, consistent with protecting privacy and civil liberties.

gclefDecember 26, 2008 3:43 PM

They had a Q&A about this on slashdot (q's here: http://interviews.slashdot.org/article.pl?sid=08/12/12/135207 a's here: http://interviews.slashdot.org/article.pl?sid=08/12/19/1448238 ). In general, I wasn't impressed with the answers (granted, I was one of the people asking questions, but still).

I'll agree with the person above who said it looks like it's a wishlist...while there's nothing wrong with wishlists in general, things become problematic when the wishlist is divorced from reality. (government-issued strong authentication? making government the gold standard for security?)

Clive Robinson December 27, 2008 3:56 PM

After a first quick read three things spring out that are realy realy bad,

1, Cyberspace National ID Cards...

2, Unrestricted remote access to anybodies computer (for sering a data warrent).

3, Pretending Privacy is important whilst the actuall sugestions will do irreprable harm to privacy.

Also there is no real discusion on,

1, Security liability

2, Faulty software from vendors.

So I give it at best 3 out of ten for effort...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..