"Nothing so bold is forthcoming in the Strategy. Which is yet another indicator that the czars of national computer security are perfectly content to tease out the hyperbole in perpetuity. The bigger the perceived threat, the greater their importance inside the Beltway."

I've been neglecting my Info Security category, for no real good reason other than nothing interesting has popped out at me, until now.  Bush's "National Strategy to Secure Cyberspace" - which I've mentioned here a few times before - was released last month, to resounding silence.  Most of the Info Security punditry had already dismissed it as an industry scary-story with few good practical suggestions and a complete lack of serious consequences.  In this Slate opinion piece, New American Brendan Koerner joins the chorus, blaming the security industry, government policy makers and law enforcement agencies for using a serious problem for political and financial gain.  OpenBSD also gets a good mention at the expense of Microsoft, always a crowd pleaser around these parts.

The Total Information Awareness program may have removed its ominous logo from its Web site -- but you can still get your TIA-insignia T-shirts, teddy bears, mugs and thongs! Hurry, though, they're going fast (into detention)!

I want the greeting cards in hat form.

[via Scott Rosenberg's Links & Comment]

"The Digital Millennium Copyright Act of 1998 (DMCA) tilted the balance in our copyright laws too heavily in favor of the interests of copyright owners and undermined the longstanding fair use rights of information consumers, including research scientists, library patrons, and students at all education levels. With the DMCRA, we intend to restore the historical balance in our copyright law that has served our nation well in past years. "

As mentioned here before, the DMCRA is an important piece of legislation that will be considered this year.  It aims to knock the DMCA down a peg and restore our fair use rights.  The EFF is starting a campaign to get the word out to your representatives.  Drop them a letter and let them know you want your rights back.

[via Slashdot]

CDT has the text of both the Wyden and Grassley amendments mentioned below and Grassley's comments before the Senate.  The potential toothlessness lies here:

"Notwithstanding any other provision of law, commencing 60 days after the date of the enactment of this Act, no funds appropriated or otherwise made available to the Department of Defense, whether to an element of the Defense Advanced Research Projects Agency or any other element, or to any other department, agency, or element of the Federal Government, may be obligated or expended on research and development on the Total Information Awareness program unless--

[...]

(2) the President certifies to Congress in writing, that--

(A) the submittal of the report to Congress within 60 days after the date of the enactment of this Act is not practicable; and

(B) the cessation of research and development on the Total Information Awareness program would endanger the national security of the United States."

...or do they?

"Saying they feared government snooping against ordinary Americans, U.S. senators voted on Thursday to block funding for a Pentagon computer project that would scour databases for terrorist threats.

By a voice vote, the Senate voted to ban funding for the Total Information Awareness program, under former national security adviser John Poindexter, until the Pentagon explains the program and assesses its impact on civil liberties."

The provision has been tacked onto the Omnibus Appropriations Bill currently being considered by the Senate.  If it makes it through the House and Senate, TIA wouldn't be able to be operationally deployed, and here's the key, EXCEPT IN CASES OF NATIONAL SECURITY.  Given this Administrations penchant for using their executive powers, this provision would seem a little more toothless than the article is making it out to be.  The text isn't up yet, but I'll keep an eye out for it to see if I'm missing something from the Post's summary.

[via DrudgeReport]

"Sen. John Edwards has introduced a bill that would require agencies to identify vulnerabilities in their systems and set up timetables for eliminating them.

The North Carolina Democrat’s National Cyber Security Leadership Act of 2003 would also mandate the use of IT security standards and guidelines established by the National Institute of Standards and Technology. "

A candidate that has good ideas on infosec?  I'll keep be keeping an eye out for more info on this.

[via NewsNow: Encryption/Security]

"Observant Derek Vadala noted that it ' Looks like the exploit code from the Security Focus (i.e. Bugtraq) vulnerability database has been removed. There used to be an _exploit_ tab between _discussion_ and _solution_ on the individual vulnerabilty pages. It provided exploit code, if available. This was extremely useful for doing vulnerability testing so it's too bad. Seems to me that this is just one less resource for white hats and one more advantage for the blacks hats. I wonder if the recent acquisition by Symantec had something to do with the change."'

Of course, there's a flip side to Symantec aquiring all those companies.  Securityfocus takes one more step towards irrelevence.

"Inside a cavernous room on the first floor there, security analysts for Symantec sit in long, curved rows 24 hours a day, working on computers and facing a wall of theater-size screens. Information displayed on the screens helps them keep tabs on whether any attacks are underway at any of the company's more than 600 corporate clients. "

A good short article on Symantec's managed security business and what they've been doing with their recent aquisition of Riptech and Securityfocus.  While this type of operation isn't really new - Security Operation Center's (SOC's) have been around for a couple of years now - it does give a good layman's picture of the usefulness of data collection and mining for insight into security problems, something on many people's minds with the emergence of TIA.  They even have a video tour!

[via SecurityNewsPortal]

Let's hope this year is better than the last, and that there's many more to come!