I have recently been fuming and ranting about all the cyber-stupidity going around, from the various reports by the various commissions to the lies, hype, and nonsense President Obama has recently spread (of course some of his talk was lies, he is a politician, it's what they do- come on, you are interested in security, you can't afford to be naive).
I have found a couple of very good posts on the issues, whether you are interested in cutting through the hype or fanning the flames of FUD, check out Gene Spafford's excellent post, A Cynic’s Take on Cyber Czars and 60-day Reports. Also, be sure to check out S.773 - The Cyber Security Act of 2009 - part 1 over on the SoVAsec blog for a detailed analysis (and skewering) of the Cyber Security Stupidity Act of 2009.
It appears that rolling out the memory of 9/11 is no longer guaranteed to have people rolling over and throwing money, so something new is required- calling it cyber-something. (Here's a neat trick, the next time someone within earshot babbles something about 9/11, ask them what year it happened and watch them fumble). Now the threat of a "Cyber-Katrina" or "Cyber-9/11" is supposed to make us throw money at an undefined problem and possibly cede control (via laws and regulations) of networks and systems to regulators. Given how disastrously the US government handled the incident response and remediation of 9/11 and Katrina, I cannot imagine that any sentient beings would fall for it, but then I am apparently a naive optimist for thinking this way. (Any day that I fall into the category of "naive optimist" we are SCREWED). And, who do you think is lining up for the buckets of cash? That's right, the usual suspects in the military-industrial complex. That would be great if the defense contractors had not repeatedly proven themselves inefficient, overpriced, and incompetent.
And remember, when people talk about spending "government money" on a problem, they are really talking about "tax money"; you know, money that was formerly yours.
Jack
