Category Archives: IS Security

Myth vs. Reality: Homeland Security’s Internet Kill Switch

Today SEW posted an article titled “Homeland Security Wants Internet Kill Switch“.

Basically, legislation that passed the Homeland Security and Governmental Affairs Committee last year must now be revisited due to changes in Congress.Cyber Security Threats

In light of events in Egypt, hearing that Homeland Security is considering shutting off internet access in the US is unsettling. It’s supposed to be, otherwise what good is that headline?

According to the original article on Wired, “an aide to the Homeland Security committee described the bill as one that does not mandate the shuttering of the entire internet. Instead, it would authorize the president to demand turning off access to so-called “critical infrastructure” where necessary.”

Last year, when this critical cyber-security bill was originally submitted Senators Joe Lieberman, ID-Conn., Chairman of the Senate Homeland Security and Governmental Affairs Committee, and Susan Collins, R-Me. issued a “fact sheet” on the Myth vs. Reality of the S. 3480 “Protecting Cyberspace as a National Asset Act of 2010” bill.

Myth #1

The bill authorizes a “kill switch” allowing the President to shut down the Internet.


(From the original document, emphasis mine)

Rather than granting a “kill switch,” S. 3480 would make it far less likely for a President to use the broad authority he already has in current law to take over communications networks.

Section 706 of the Communications Act of 1934 provides nearly unchecked authority to the President to “cause the closing of any facility or station for wire communication” and “authorize the use of control of any such facility or station” by the Federal government.  Exercise of the authority requires no advance notification to Congress and can be authorized if the President proclaims that “a state or threat of war” exists.  The authority can be exercised for up to six months after the “state or threat of war” has expired.

The Department of Homeland Security, in testimony before the Committee on June 15, 2010, indicated that Section 706 is one of the authorities the President would rely on if the nation were under a cyber attack.

For more details read the full explanation here.

Myth #2

The bill gives the President the authority to take over the Internet.


S. 3480 would direct the President to set risk-based security performance requirements and, in a national cyber emergency, order emergency measures for our nation’s most critical infrastructure – those systems and assets that are most critical to our telecommunications networks, electric grid, financial system, and other components of critical infrastructure.

To qualify as a national or regional catastrophe, the disruption of the system or asset would have to cause:
•    mass casualties with an extraordinary number of fatalities;
•    severe economic consequences;
•    mass evacuations of prolonged duration; or
•    severe degradation of national security capabilities, including intelligence and defense functions.

Myth #3

The bill would give the President the authority to conduct electronic surveillance and monitor private networks.


The bill creates no new authority to conduct electronic surveillance.

Myth #4

The bill would give the President the authority to regulate the Internet.


The bill would set risk-based security performance requirements only for the owners/operators of our most critical systems and assets, which if disrupted would cost thousands of lives or billions of dollars in economic damage. The risk-based security performance requirements set by the NCCC would be developed in collaboration with the private sector.

Myth #5

By including a strategy to ensure security is considered in federal information technology procurements, the bill would upset international standards for information technology products and services.


For too long, the federal government has failed to adequately account for security when procuring information technology products and services.  S. 3480 would require the government to develop a strategy to consider security risks in information technology procurements.


This bill and the “clarification” thereof don’t seem to leave much room for us to feel comfortable that, should there be a mass uprising among the civilians of the US (reflective of Egypt today), that we would have much freedom to voice our concerns/make plans/organize using internet services.

While this bill may not extend the surveillance possibilities of the government on its people, it does not make us any safer from the possibility of that occurring.

Additionally, this bill does not outline any reasonable methods to prevent and/or handle a massive cyber attack should one occur. Instead it outlines that plans will be developed after an attack has occurred. I wouldn’t put much faith in a system that recognizes a risk and plans to plan for it once it’s occurred.

I’d feel better if the government would have begun training cybersecurity professionals immediately upon determining this threat will occur, rather than waiting to scramble after the damage is done…


Why Get Certified? | IT Manager Salaries

Based on the previous article concerning the lack of professionals in IT Security, I thought it’d be interesting to see what kind of salaries we’re looking at. Check these out:

IT Manager – Database


Base salary: $95,429

Total compensation: $98,683


Base salary: $95,244

Total compensation: $98,552

IT Manager – Data Warehouse


Base salary: $88,345

Total compensation: $93,836


Base salary: $88,678

Total compensation: $93,965

IT Project Manager – Distributed Systems


Base salary: $95,658

Total compensation: $106,752


Base salary: $96,161

Total compensation: $106,759

Interested in learning more about getting a master certificate in is security or training to become CISSP certified? Now’s the time!

Shortage of IT Security Professionals

New IT and IS Security job opportunities.

This morning NPR had a story entitled “Cyberwarrior Shortage Threatens U.S. Security”. A very real threat requiring highly trained professionals.

“We don’t have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,” says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department.

This shortage of trained professionals will reach crisis level in the next few years, now is the time to promote yourself and get in on the jobs opportunities.

With the economy in a slump and the unemployment levels at the highest rate they’ve seen in decades here’s an industry starving for professionals.

Use this to your advantage, take a few classes, see how you could help fill this job gap. Staying up-to-date on the latest technology is not simple, it takes effort and diligence, but it’s a necessary field for the future, worldwide.

Full NPR article here.