Wednesday, September 25, 2013

Has done NIST done enough damage control?

We really need to be able to trust NIST, and the Patrick Gallagher keynote did little to re-enable that I didn't watch the General Alexander keynote because my lack of trust in this individual is such that it simply isn't worth the bother.

Michael Daniel is a Special Assistant to the President, and Cyber-Security Coordinator at the White House.

In the first couple of minutes of his keynote, there was a nice mention of Northrup-Grumman, a huge defense contractor, a buyer of 0-day exploits, etc. as the lunch sponsor. I don't want to go into vulnerability disclosure here, save mentioning that the No More Free Bugs argument does have merit -- this is yet another complex issue.

From there the keynote promised to be more spin and politics. I really didn't have the time to spare for this one, as I have no trust in a national effort for identities in cyberspace. So I only half listened to Mr. Daniel.

Here is the lead URL that links to all three keynotes.

I am a bit busy right now, as I indicated in Back to Back Projects. Yes, a very 'duh' title. But that is just one reason that I am so very, very annoyed that I have to be dealing with this stuff right. As a society, we decided back in the 90s that there would be no mandated back-doors. No key escrow, no Clipper Chip. The NSA has apparently just decided that they would do it anyway, behind everyone's back.

I would *really* like to see someone go to prison over this, and that is an entirely non-political desire. This dates back to the Clinton administration, intervening Republican administrations have been at least as thoughtless, and President Obama has never, since before he was elected for his first term, shown much concern for doing the right thing in this regard.

Politics is a dirty business. Always has been, always will be.

And now, back to the salt mines. Some of us actually have to demonstrably help people, on daily basis. To us, the cyber-whatever politics game is, at best, bemusing. For instance, don't get me started on critical infrastructure protection.

No comments:

Post a Comment

Comments on posts older than 60 days go into a moderation queue. It keeps out a lot of blog spam.

I really want to be quick about approving real comments in the moderation queue. When I think I won't manage that, I will turn moderation off, and sweep up the mess as soon as possible.

If you find comments that look like blog spam, they likely are. As always, be careful of what you click on. I may have had moderation off, and not yet swept up the mess.