US Bill Would Grant President Unprecedented Cyber-security Powers

From the FMS Global & UK News Desk of Jeanne Hambleton

Courtesy of eweekeurope.co.uk

By Roy Mark 2009-04-02

The Cybersecurity Act of 2009 introduced in the Senate would allow the president to shut down private Internet networks. The legislation also calls for the government to have the authority to demand security data from private networks without regard to any provision of law, regulation, rule or policy restricting such access.

The headlines were all about creating a national cyber-security czar reporting directly to the president, but the Cybersecurity Act of 2009 introduced April 1 in the U.S. Senate would also give the president unprecedented authority over private-sector Internet services, applications and software.

According to the bill’s language, the president would have broad authority to designate various private networks as a “critical infrastructure system or network” and, with no other review, “may declare a cyber-security emergency and order the limitation or shutdown of Internet traffic to and from” the designated the private-sector system or network.

The 51-page bill does not define what private sector networks would be considered critical to the nation’s security, but the Center for Democracy and Technology fears it could include communications networks in addition to the more traditional security concerns over the financial and transportation networks and the electrical grid.

“I would be very surprised if it does not include communications systems, which are certainly critical infrastructure,” CDT General Counsel Greg Nojeim told eWEEK.

“The president would decide not only what is critical infrastructure but also what is an emergency.”

The bill would also impose mandates for designated private networks and systems, including standardized security software, testing, licensing and certification of cyber-security professionals.

“Requiring firms to get government approval for new software would hamper innovation and would have a negative effect on security,” Nojeim said. “If everyone builds to the same standard and the bad guys know those standards it makes it easier for the bad guys.”

The legislation also calls for a public-private clearinghouse for cyber-threats and vulnerability information under Department of Commerce authority. The Secretary of Commerce would have the authority to access “all relevant data concerning such networks without regard to any provision of law, regulation, rule or policy restricting such access.”

In another section of the bill, though, the president is required to report to Congress on the feasibility of an identity management and authentication program “with appropriate civil liberties and privacy protections.”

Nojeim complained the bill is “not only vague but also broad. Its very broad language is intended to confer broad powers.” Nojeim also speculated that the bill’s vague language and authority may prove to be powerful incentive for the private sector to improve its cyber-security measures.

“The bill will encourage private-sector solutions to make the more troubling sections of the bill unnecessary,” he said.

According to a number of media reports, the bill was crafted with the cooperation of the White House. The legislation aims to create a fully integrated, coordinated public-private partnership on cyber-security in addition to pushing for innovation and creativity in cyber-security solutions.

“We must protect our critical infrastructure at all costs—from our water to our electricity, to banking, traffic lights and electronic health records—the list goes on,” Sen. Jay Rockefeller (D-W.Va.), bill co-sponsor, said in a statement.

“It is an understatement to say that cyber-security is one of the most important issues we face; the increasingly connected nature of our lives only amplifies our vulnerability to cyber-attacks and we must act now.”

Fellow co-sponsor Sen. Olympia Snowe (R-Maine) added, “America’s vulnerability to massive cyber-crime, global cyber-espionage and cyber-attacks has emerged as one of the most urgent national security problems facing our country today. Importantly, this legislation loosely parallels the recommendations in the CSIS [Center for Strategic and International Studies] blue-ribbon panel report to President Obama and has been embraced by a number of industry and government thought leaders.”

The CDT’s Nojeim stressed that are a “number of good things in the bill,” including creation of a cyber-security czar, scholarships for cyber-security programs and collaborations between the government and the private sector. While urging Congress to change the bill, he argued that the “problematic provisions should not crowd out the beneficial provisions of the bill.”


Copyright ©1996-2009 Ziff Davis Enterprise Holdings Inc. All Rights Reserved
(http://www.eweek.com/c/a/Security/Bill-Grants-President-Unprecedented-Cyber-Security-Powers-504520/)

Microsoft Warns of Attacks on PowerPoint Vulnerability

Courtesy of eweekeurope.co.uk

By Brian Prince – 2009-04-02

Microsoft confirmed limited, targeted attacks exploiting an unpatched vulnerability in Microsoft Office PowerPoint. If successfully exploited, the PowerPoint bug could enable hackers to take control of the victim’s computer.

Hackers are launching attacks against an unpatched vulnerability in Microsoft Office PowerPoint, the company’s popular presentation program.

Microsoft described the attacks in an advisory as “limited and targeted” in scope, but cautioned that a successful exploit could allow a hacker to execute arbitrary code with the rights of the logged-on user.

“The vulnerability is caused when Microsoft Office PowerPoint accesses an invalid object in memory when parsing a specially-crafted PowerPoint file,” according to the advisory. “This creates a condition that allows the attacker to execute arbitrary code.”

According to Microsoft, the malicious PowerPoint files are detected by the Windows Live OneCare safety scanner as Exploit:Win32/Apptom.gen. The products impacted by the bug are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3 and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is unaffected.

While users wait for a patch, Microsoft offered up a few pieces of advice. The first is to avoid Office files received from either unknown sources or unexpectedly from trusted sources. PC owners can also turn to Microsoft Office Isolated Conversion Environment (MOICE) to open suspicious files, and utilize Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents.

“Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs,” blogged Bill Sisk, communications manager for the Microsoft Security Response Center.

Copyright ©1996-2009 Ziff Davis Enterprise Holdings Inc. All Rights Reserved
(http://www.eweek.com/c/a/Security/Microsoft-Warns-of-Attacks-on-PowerPoint-Vulnerability-345397/)

MORE IT NEWS: For details of possible Google/Twitter acquisition log on to http://jeannehambleton77.wordpress.com

Advertisements

About jeanne hambleton

Journalist-wordsmith, former reporter, columnist, film critic, editor, Town Clerk and then fibromite and eventer with 5 conferences done and dusted. Interested in all health and well being issues, passionate about research to find a cure and cause for fibromyalgia. Member LinkedIn. Worked for 4 years with FMA UK as Regional Coordinator for SW and SE,and Chair for FMS SAS the Sussex and Surrey FM umbrella charity and Chair Folly Pogs Fibromyalgia Research UK - finding funding for our "cause for a cure" and President and co ordinator of National FM Conferences. Just finished last national annual Fibromyalgia Conference Weekend. This was another success with speakers from the States . Next year's conference in Chichester Park Hotel, West Sussex, will be April 24/27 2015 and bookings are coming in from those who raved about the event every year. I am very busy but happy to produce articles for publication. News Editor of FMS Global News on line but a bit behind due to conference. A workaholic beyond redemption! The future - who knows? Open to offers with payment. Versatile and looking for a regular paid column - you call the tune and I will play the pipes.
This entry was posted in 13606, 16816416, 16816701, 18473400, 18473734, 18475482, 18477189, 18477433, 18542595, 18637166, 18638001, Awareness, Britain feeds, CBS News, cyber-threats, Europe feeds, feed://feedproxy.google.com/bydls, Feeds, feeds://feedburnercomwordpressmytb-2, Fibrohugs, Fibrohugs News, Fibromyalgia, Fibromyalgia Blogs, Fibromyalgia News, Fibromyalgia News UK, Fibromyalgia Press Releases, FMS, FMS Global News, Global News, http://feedburner.google.com/fb, http://feedburner.google.com/fbX, http://jeannehambleton77.wordpress.com, http://www.myspace.com/jeannehambleton, Jeanne Hambleton, Journalist UK, London, London UK, London UK Feed, Microsoft, News, News UK, News USA, RSS, RSS Feeds, Tenderpoints, Twitter, US, USA, Washington D.C. City Feed, World, World feeds, World News, World Wide, Worldwide and tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s