Obama's Legacy in Internet Security

NextGov has a nice article summarizing President Obama's accomplishments in Internet security: what he did, what he didn't do, and how it turned out.

Posted on January 23, 2017 at 6:55 AM • 33 Comments

Comments

cphinxJanuary 23, 2017 7:17 AM

Good read.

DC will always be DC's biggest problem.

However, I think there have been significant grounds gained for the U.S. But not enough. From my general experience, the infrastructure in generally a joke. Great intentions from most (cybersecurity personnel); with an inherent lack of understanding and budgets to solve the problem (at the top). Bad Execution, I'd say, which occurs just about everywhere.

I wasn't a fan of many Obama Administration policies. But he did make great efforts in line of cyber, both public and clandestine (I assume).

Martin WalshJanuary 23, 2017 7:25 AM

It is an informative article, a good perspective.

Many feel that Obama got a free pass from the media for 8 years for getting behind same-sex marriage. I wonder if the corollary is now true and the exact opposite will hold. So you will never know the truth given popular journalism. I try to read more of what I first disagree with, it helps to question your own assumptions. I did that a lot as the Snowden revelations unfolded.

IonJanuary 23, 2017 7:45 AM

He did care about increasing presidential powers. That is about it. The results are to be seen in the next decades, not right now. But that is the press. Take a simple thing and make it click bait.

WinterJanuary 23, 2017 8:14 AM

"He did care about increasing presidential powers."

I am curious how much of that was motivated to avoid attempts by the Republican dominated congress to let the USA implode by sheer inaction?

The Republicans have tried several times to get the USA to default on their debts and to shut down the federal state wholesale.

AnuraJanuary 23, 2017 9:47 AM

@John

I'm assuming you believe that this level of debt is a problem for some reason? Republicans stopped believing the debt was a problem a few days ago, although Democrats will start showing concern.

ScissorsJanuary 23, 2017 9:47 AM

“Government moves at 60 miles per hour and internet innovation moves at 6,000 miles per hour,"
That basically sums up the problem. The Internet and the computing world was moving at 6,000 mph long before the late president took office, so even if he could have pulled the government up to speed they would have been behind. 'Herculean' it a word that begins to describe such a challenge.
The world had Windows Vista when he took office; if Microsoft could morph from that to 10 during the late president's tenure, thden surely darker elements of the software industry morphed likewise. Who would want to secure the U.S. government against a threat like that?

My InfoJanuary 23, 2017 10:21 AM

Re: "damaged faith in the nation's democratic institutions"

Losing faith in treacherous institutions and the traitors who run them is not a bad thing.

Those institutions have failed and are rotten to the core. Unfortunately it will take more than fines and prison time to fix them.

The Constitution of the United States has not failed. It is the legislative, even more so the executive, and most of all the judicial branches of our government that have failed to live up to our Constitution.

I am transgender. It is not a choice. It is a result of conception and of how my body and mind developed in the womb. Do not force me to live with an inappropriate classification of gender. Do not make me use the sex room when I need to urinate or defecate.

I need medical care, which was completely unavailable under Obamacare.

More urgently I need the murders, the attempted murders, and the conspiracies to commit murder to stop. The gas chambers must be torn down. The lethal and non-lethal injections without due process must end. It does not cost that much to execute an accused criminal, nor does it require inflicting that much pain: you simply need to stand up like a grown man, pull the trigger, and live with what you have done. And no, I do not believe in capital punishment in peacetime.

The canard of terrorism must go away: if it is a crime, prosecute it judicially; if it is an act of war, fight it militarily. Do not scream "Terrorism!" like a little girl frightened of the monster under her bed.

The canard of mental illness must go away, too: it is another bird of the same feather. Stop the hiring preferences on Carl Jung's personality types and Sigmund Freud's psychosexualism. Stop the false imprisonment and forced sterilizations of patients. Stop the forced administration of drugs that cause "metabolic syndrome," diabetes, weight gain, high cholesterol, impotency, birth defects, dysmenorrhea, and worse. Stop the libel, slander, false allegations of danger to self or others, false allegations of incompetency, grave disability, mental retardation, occupational disability, and so on and so forth.

Clive RobinsonJanuary 23, 2017 10:47 AM

@ Anura, John,

Republicans stopped believing the debt was a problem a few days ago, although Democrats will start showing concern.

It's been said that the Republican's want to write off US debt by simply disowning it... That would be a fairly major mistake and I would suggest wiser heads might make that fairly clear to the the members of the houses and the White House.

The value of the US Dollar is artificialy high because it is considered the only trading currency currently. If the Republican politicians were to default on the various forms of US debt, then it would get marked down to maybe as little ad 30% of it's current value. Because international trade would move to what it would consider a more stable and reliable currency, which would start a downward spiral and even possably a run on the banks the FED could not stop.

Whilst in theory sovereign nations do not become bankrupt, other nations are not forced to trade with them unless they have a rare resource that is in effect unavailable else where. I'm not sure the US is in such a position.

Likewise other nations could take any US IP they wish and claim it is in effect assets against any default by the US... Of course there are also sanctions that other nations could (as the US has done with Russia) be put in place against US entities both legal and natural...

All in all it would be very very messy.

trentJanuary 23, 2017 10:53 AM

@Anura

It's like regexes. First you (might) have one problem. But if the "solution" is less about whether it's really a problem and more about who's problem it is, now we have two problems.

And yes, at the 20 trillion mark, I think it's fair to transition into a globally communal "we" for the second problem.


@My Info

... why are you linking to them? Not even to any kind of criticism, but instead to their actual pages?


@Clive Robinson

> If the Republican politicians were to default on the various forms of US debt

Does "Trump" still want to be able to operate internationally? Does he want to be able to tweet internationally?

JohnLJanuary 23, 2017 10:56 AM

Interesting that there was no mention of encryption in the article. The FBI/Apple fiasco was very damaging for any remaining trust between the Federal Government and Silicon Valley. Also not mentioned was the push for encryption backdoors. While the Obama Administration did do quite a few things to push government information security forward, it should be realized that it was focused purely on the security of government data. For the average citizen, the Obama Administration was pushing hard to make our data less safe.

AnuraJanuary 23, 2017 11:05 AM

@trent

My concern is that we keep try fixing a problem that no one can explain why it's a problem. 5 trillion of that debt can be paid off legitimately, without a tax increase just by changing how social security works (i.e. intergovernmental debt doesn't matter), so that leaves you with 14 trillion. So where is the problem and why is it a problem?

Also, recommended reading:

http://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=1025&context=faculty_publications

keinerJanuary 23, 2017 11:13 AM

Really? You have there now the next Hytllar and really care for "looking back the old days"? Can't be true...

My InfoJanuary 23, 2017 11:44 AM

@Scissors, others

When Goliath not only defies the armies of the living God, but rapes their wives, daughters, sisters, and mothers as well, he still receives the same answer: a single stone to the center of his forehead, and then to be decapitated with his own "scissors."

hawkJanuary 23, 2017 12:41 PM

Actually federal gov't policies can be summed up in two seconds.

The first:

ONE SIMPLE TRICK TO PROTECT YOUR STUFF
Just encrypt your files. All you have to do is enter a key and algorithms jumble your files so no one can read them without your secret key!

The second:

ONE WEIRD TRICK TO STOP HACKERS
Just load our ten-ton program onto your server and it is so smart it monitors every byte coming and going then smokes out the hackers and will actually show you where they're hiding!

Millions in grants and awards and prizes! Don't miss out!

albertJanuary 23, 2017 12:44 PM

@Anura, etc.,

Way off topic, but

I didn't have time to read the paper you cited, but did download it for future study.

It's generally accepted by experts internationally that gov't debt is not a problem. US National Debt statistics are used as a bogeyman by politicians all the time, because the electorate likens it to personal debt, and since most folks carry a lot of it, it's scary. In addition, it's a complicated system.

At -present-:
1. The USD is a world reserve currency (you can buy anything anywhere with US dollars).
2. No single country can crash the US financially.
3. The corporate handlers won't allow Congress to eff-up their system. It's a win/can't-lose setup.

Mitigation:
1. Eliminate the Federal Reserve (a private banking system).
2. Allow the Treasury to mint money, as authorized by the Constitution.
3. Establish a US National Bank, for USG use.
4. Establish State Banks, for state use. (like North Dakota, See Ellen Brown)
5. Separate investment banks from commercial banks.
6. Reestablish strict banking regulations.
7. Eliminate corporate welfare, national and state.
8. Increase corporate taxes.
9. Eliminate the use offshore tax havens.
10. Eliminate bailouts, under any conditions.

And get rid of the CIA :)

Yeah, yeah, I know, but I can dream, can't I?
. .. . .. --- ....


MBJanuary 23, 2017 2:05 PM

They mention Putin / Russian meddling several times in this article. As if whether we got Trump/Clinton would have made any difference. The bloated federal government with all its factions and hidden agendas is still in place. The NSA is still spying, the CIA and FBI are still battling it out over who has the biggest ----. When's the last time you looked at a tool or piece of software the government was using and said, "Yes! I want that to protect my network!" No, private industry leads the way here. Obama never signed any executive orders forcing TLS 1.2 or requiring SSL on websites. No, it took some embarrassing hacks and leaks to push these things along. The NSA makes general recommendations, but never any specific software or vendor. They are not obligated to help the private sector. And the private sector should not be obligated to help the government. The government is not our friend.

Dirk PraetJanuary 23, 2017 2:26 PM

NextGov has a nice article summarizing President Obama's accomplishments in Internet security

I don't read it as such. The part describing "the bad and the ugly" is mostly stuff Obama can hardly be held accountable for, blindly copies the IC attribution of the DNC and SPE hacks, blames Snowden for upsetting the "cooperation" with Silicon Valley and growing internet balkanisation, and the conclusion is a not even thinly disguised industry call for even more government budget, interference in and regulation of cyberspace.

@ JohnL

For the average citizen, the Obama Administration was pushing hard to make our data less safe.

A most subtle nuance indeed.

@ Clive Robinson, @ Anura, @ JohnL

Republicans stopped believing the debt was a problem a few days ago, although Democrats will start showing concern.

Debt in itself is no problem until everybody starts asking his money back, has sufficient leverage to do so and has no problem with equally ruining anyone who owns money to you.

Slime Mold with MustardJanuary 23, 2017 2:32 PM

What, exactly, did we expect the Federal government to do (other than secure themselves)? Pen test every server and issue individual reports? Packet inspection at the border? (Don't tell you-know-who about that one - we'll have dial up speeds on our trunk lines!) I don't expect an FBI agent to follow me around to protect me from the ill intended. The recent experience with Rule 41 show that even modest measures present real threats to liberty.

@ Clive Robinson

"It's been said that the Republican's want to write off US debt by simply disowning it... "

I haven't heard that. Can you help identify these particular blithering idiots?


@ albert

"2. No single country can crash the US financially"

I am not so certain. China holds about $1 Trillion in US treasuries. They are almost all held by banks. Imagine the Chinese government secretly forcing the banks to sell 15% of the notes at 10% below market, then the next day to sell 25% at 20% discount, and so on.

I recently re-read (former Treasury Secretary) Henry Paulson's "On the Brink" about the 2007-2008 meltdown. Panic spreads at the speed of light nowadays.

China, of course, would be left cash strapped after killing its largest market, and unable buy enough oil. But they might do it during our current naval contraction if they think it would delay the forthcoming US naval expansion long enough for them to grab Taiwan and the rest of the East and South China Seas.

AnuraJanuary 23, 2017 3:06 PM

@Dirk Praet

Debt in itself is no problem until everybody starts asking his money back, has sufficient leverage to do so and has no problem with equally ruining anyone who owns money to you.

Unless you can print your own currency, at which point you just print dollars and pay them off, which it is better for them to just let the bonds mature.

That said, market manipulation is something that can happen in any market. Two ways to protect against that are to ensure that our economic relationships are mutually beneficial, and make sure that every individual has equal power in the economy, as much as possible. The former reduces the incentive, and the latter reduces the ability.

Sancho_PJanuary 23, 2017 6:11 PM

@Bruce: Not a nice article, it’s glory and whining as usual.

The
"September 2015 agreement between Obama and Chinese President Xi Jinping to halt purely commercial hacking"
was completely inappropriate.

Instead they should have studied the attacks and fixed what was wrong.

That’s what’s called progress / evolution: Learn, improve and adapt.

albertJanuary 23, 2017 6:36 PM

@keiner,

"7. Eliminate corporate welfare, national and state."

I consider state 'tax breaks' a form of corporate welfare. If a state wants to give _everyone- (including individuals) the same tax break, that's fine... :)

@Slime Mold with Mustard, et al,

Well, I did say 'At -present-'.

I doubt China (or Japan, the 2nd largest holder, IIRC) will make any drastic moves. Now this assumes that the US doesn't do anything stupid....

Sancho_P,
I don't recall reading anything, anywhere, about the cyber-fixes being applied to the OPM. Do you? Does anyone? Would a search be a fools errand? A vain pursuit of an untamed ornithoid?

. .. . .. --- ....

trentJanuary 24, 2017 4:51 AM

@Slime mould with Mustard

> I haven't heard that [Republicans want to write off US debt]. Can you help identify these particular blithering idiots?

I didn't google this for long, but found one guy you might of heard of called "Trump" who might be relevant:

http://www.huffingtonpost.com/entry/donald-trump-default-national-debt_us_572d08e3e4b096e9f0917fac

> “I would borrow, knowing that if the economy crashed, you
> could make a deal,” Trump told CNBC. If the U.S. borrowed
> too much and invested its fresh cash in unproductive products,
> Trump would tell creditors to accept less than what he’d
> initially agreed to.

And also:

http://www.forbes.com/sites/timworstall/2016/05/07/donald-trumps-glorious-threat-to-default-on-the-national-debt-is-just-the-conventional-wisdom/#676256175308

> In the event that the U.S. economy crashed, Donald Trump
> has floated a recovery plan based on his own experience
> with corporate bankruptcy: Pay America’s creditors less
> than full value on the U.S. Treasurys they hold.

hawkJanuary 24, 2017 6:28 AM

SEE: Obama expands NSA powers just before leaving office

https://www.theatlantic.com/technology/archive/2017/01/obama-expanding-nsa-powers/513041/

Kinda flies in the face of the position maintained on this blog.

And "It could be to prevent Trump from extending them even more." confirms what I have said. Obama's support of same-sex marriage means no matter what, he gets a free pass. And Trump? For the next 4 years everything is his fault. If Yahoo! gets hacked it must have been the Russians and Trump was helping them. An asteroid strikes? Trump must have ordered the hit.

Whatever respect the security industry had left, this insanity will destroy it.
Thank you.

Dan HJanuary 24, 2017 7:06 AM

@Anura

Why is the debt a problem? For one, because entitlement spending is growing faster than growth of the economy. Before long it will consume all federal revenue. That is a problem.

keinerJanuary 24, 2017 8:34 AM

@albert

Yeah, that's what we disparately need: Welfare for corporations!

@Dan H
Yep, capitalism is Ponzi. Look in the Bible, every seventh year... Wisdom for longtime, but today we have compuuuuuters, and can extent Ponzi over decades, even when it's definitely over. As in 2008.

Problems become unsolvable (soon :-) ) when all the money "generated" by growth is not enough to pay the rent (federal, private or both). Then it's GAME OVER. ECB can print money and buy trash as long as they want. Game over soonish. Maybe China kills the Dollar before the Euro. Who knows....

AnuraJanuary 24, 2017 9:11 AM

@Dan H

I've seen no projections that show unsustainable growth in entitlement spending, or government spending in general. Besides, entitlements are cash transfers - you can increase taxes and entitlement spending as much as you want, the money goes right back into the hands of consumers. Even at 99.999% flat tax, if it is just transferred back it goes right into our economy. You're right that we probably shouldn't pay cash transfers backed by debt, but we have absolutely no reason to - we can always increase taxes.

JohnJanuary 24, 2017 10:11 PM

75% tax for anyone earning $10 Million+ seems about fair. There are plenty of loop holes, and other methods where you can reduce tax like donating to charity. You can't argue you don't have an accountant, or can't afford one with North of $10 Million.

There is also the grey area of offshore bank accounts, and I'd assume you probably fly or have at least an internet connection if you earn around $10 Million or more a year.

sidelobeJanuary 25, 2017 6:26 AM

Government has attempted to protect business from citizens (DMCA) and to protect itself from terrorism (CALEA), but it is ill-equipped to protect the individual citizen from internet crime. That threat is fundamentally different from what governments are equipped to combat. The government can require me to lock my door, or to give them a key to my door, but that will not stop the burglar from entering my window or mugging me on the street. A different approach is needed, and it has to start with empowerment rather than control.

mozJanuary 26, 2017 1:02 PM

The BBC Stuxnet documentary reminded me that probably Obama's most important decision related to internet security is completely missed from this article. It seems that although the development happened under Bush, he was directly responsible for the decision to allow the Stuxnet attack on Iran's Nuclear facilities making the idea of "cyber war" move from something we joked about when used as a term for web site vandalism to something we had a clear example of and something that all states are now considering.

It seems that the public discovery of Stuxnet was driven by the Israelis. Was this due to Obama's weakness that they took advantage? Was this due to his lack of decision in doing other things?

I am not sure that, ironically, the incompetence around Stuxnet isn't doing good for internet security since people now know that they have to take state actors seriously. More likely, though, it's just given the others the excuse they need to carry out the same kind of attacks and made us less secure.

rFebruary 1, 2017 8:43 PM

@moz,

We smuggled/interdicted infected printers into iraq preceding the original invasion, stuxnet was just more sophisticated.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.