http://www.aolnews.com/opinion/article/opinion-arming-the-us-for-cyberwar/19547156

snip (but consider yourself encouraged to read the whole thing):


With this legislation, if the government knew an attack that could have catastrophic consequences for Americans or our economy was imminent or under way, the president could implement emergency measures protecting a select group of the most important networks and assets needed to maintain our way of life, while still respecting the civil liberties of our citizens.

without discussing the politics and thus getting this thread closed, let's conjecture about what this could mean at a technical level.

my conjecture:

disconnecting the banking, financial, and defense sectors from the wider internet upon presidential order.

keep a redundant backup online and internet-facing so folks can continue banking and trading and whatnot - with the caveat that none of these transactions may count in the long run.

if the catastrophe (real or false alarm) ends and those internet-facing systems are still reliable, then declare all said transactions as valid.

if it ends with the internet-facing banking and financial servers being compromised, then all banking and stock transactions over the last X days are declared void, and everyones stock/bank accounts are restored from the Final Backup Day prior to the compromise.

I don't think that security can be created as an order from the top layer. The whole system has to soaked in it. If something as a nuclear power plant has critical systems facing the internet, heads should be rolling.

Isn't that the concept that backfired in the last Die Hard movie?

my conjecture:

disconnecting the banking, financial, and defense sectors from the wider internet upon presidential order.

keep a redundant backup online and internet-facing so folks can continue banking and trading and whatnot - with the caveat that none of these transactions may count in the long run.

if the catastrophe (real or false alarm) ends and those internet-facing systems are still reliable, then declare all said transactions as valid.

if it ends with the internet-facing banking and financial servers being compromised, then all banking and stock transactions over the last X days are declared void, and everyones stock/bank accounts are restored from the Final Backup Day prior to the compromise.

How is this any different than the disaster recovery plans that many large corporations have already implemented?

How is this any different than the disaster recovery plans that many large corporations have already implemented?

Not significantly different.

What is different, however, is that I don't think CitiBank can simply all-by-itself say "Sorry, but due to the recent emergency, all transactions for the last 30 days for values over $X are invalid due to our system being compromised."

This bill may make that possible.

All your Citibank belong to us.