backtop

Print 47 comment(s) - last by ggordonliddy.. on Apr 27 at 11:31 PM

Melissa Hathaway file photo  (Source: BusinessWire)
Cybersecurity is still a hot topic in Washington

After Pres. Barack Obama ordered a 60-day cybersecurity evaluation, rumors immediately began to surface that the White House could possibly take over cybersecurity responsibilities for the U.S. government.

"We have witnessed countless intrusions that have allowed criminals to steal hundreds of millions of dollars and allowed nation-states and others to steal intellectual property and sensitive military information," according to Melissa Hathaway, Obama's acting senior director of cyberspace technologies.

Hathaway also said cybersecurity is "one of the most serious challenges of the 21st century," and warned that the Internet won't be "secured overnight on the basis of one good plan."

Hathaway understands that despite what Obama does, fixing the country's cybersecurity problems will take a long time.  The 60-day report is expected to be made public soon, with experts noting how easily intruders can steal, compromise and destroy information on U.S. networks.

The U.S. government is expected to work more closely with security companies and other private companies to help secure the Internet -- especially government computers -- from possible intrusions.  At the very least, a Washington cyber czar will likely be appointed to handle cyber security issues, and to serve as a middle man between the government and private security companies.

A bipartisan group of politicians and cybersecurity experts last year urged the White House to create a new department specifically aimed at dealing with cybersecurity issues.  Furthermore, Rod Beckstrom, former National Cybersecurity Center director, said there is a power struggle led by the National Security Agency -- the NSA recently responded by saying it doesn't want sole control of cybersecurity.

Despite a slumping economy and lingering problems in Iraq, cybersecurity has been one of Obama's main focus points since becoming president.  The cybersecurity threat was recently highlighted when the U.S. F-35 fighter project was reportedly infiltrated by cyberspies earlier in the week, with numerous other incidents in the past few months.

Earlier in the month, foreign cyberspies reportedly attacked an electrical grid, which caused the Chinese government to issue a statement saying it doesn't condone such acts, and also must deal with cyber attacks.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Cybersecurity...
By iFX on 4/24/2009 3:19:36 PM , Rating: 4
Anyone who actually uses this term shouldn't be allowed anywhere near any computer network and kicked in the balls/vag for good measure.




RE: Cybersecurity...
By rdeegvainl on 4/24/2009 3:56:21 PM , Rating: 2
care to explain why?


RE: Cybersecurity...
By Yawgm0th on 4/24/2009 4:04:37 PM , Rating: 3
Because it's a particularly bad MSM term and not a computer science term. No one who actually works in IT or information security would or should ever use it.

It's actually not even etymologically correct to throw cyber in front of the word security in this context.

Mostly, it just sounds really dumb.


RE: Cybersecurity...
By iFX on 4/24/2009 4:13:09 PM , Rating: 5
This.

Basically, the people using the term have a 99.9 percent chance of not knowing what they are talking about and should therefore not be allowed to administer or make decisions about the administration of computer networks.


RE: Cybersecurity...
By 85 on 4/24/2009 4:28:12 PM , Rating: 3


+1

I'm happy you were 1st to post. as someone who works with network security i cringe every time i hear that blasphemous word!


RE: Cybersecurity...
By cubby1223 on 4/24/2009 5:52:03 PM , Rating: 5
Okay, we'll officially change it to internet contingency operations. Does that make it better? It's just a word...


RE: Cybersecurity...
By Ammohunt on 4/24/2009 10:50:50 PM , Rating: 3
The Correct term since the Government is involved is Cyberbureaucracy. They will spend billions and billions of dollars to write a government version of Zone Alarm.


RE: Cybersecurity...
By foolsgambit11 on 4/25/2009 6:05:48 PM , Rating: 1
Cybersecurity is used as a term by the government because it fits into the "SEC" pattern. CYBERSEC is a subcategory under INFOSEC. Everything must be 'word' security. What word would you suggest to fit the pattern?


RE: Cybersecurity...
By HighWing on 4/27/2009 3:33:37 PM , Rating: 2
quote:
What word would you suggest to fit the pattern?


Internet and/or Network Security... which coincidentally happens to be THE correct term.


RE: Cybersecurity...
By ggordonliddy on 4/27/2009 11:31:32 PM , Rating: 2
The correct terminology is "multimedia cybersecurity".


By Hakuryu on 4/24/2009 4:06:24 PM , Rating: 2
I don't understand why a project like this would even be connected to the internet. Isn't the simplest solution to simply make all data relevant to the project reside on a closed network that is not connected to the internet?

If they have people around the world working on subystems and they need to connect, instead of simply using passwords or encryption keys to log in, why not make them use a webcam and have to be authorized by a live human being that can't be hacked into thinking a 14 year old chinese boy is an aerospace engineer?

You can easily find the number of connections to your network, and if each of these were logged in like visitors to a building that you could see and monitor for strange activity, I think problems with hackers would decrease. Sure it might be expensive if you have alot of connections, but wouldn't it be worth it?




By s12033722 on 4/24/2009 4:42:06 PM , Rating: 3
All classified information for the F-35 is indeed on machines not connected to the internet. Not only are they not connected to the internet, but for even moderately high levels of classification the system hosting the data are in shielded enclosures that even prevent EMI from getting out. The data that was leaked on the F-35 project wasn't classified, it was For Official Use Only data, which isn't intended for public consumption but isn't particularly sensitive info. The whole story the media is making such a fuss about is really pretty much a non-issue for anyone that knows the facts.


By BailoutBenny on 4/24/2009 5:55:23 PM , Rating: 5
Back when the hacked power grid story broke I said the news story was a black flag operation. The f35 news story was a black flag operation. It is the propoganda machine spooling up for the huge push for the Cybersecurity Act of 2009. The government wants huge undefined power over the internet. They don't want you buying things online and not paying your use taxes. They don't want you to write your friends about Ron Paul or Chuck Baldwin without knowing what you are saying. They don't want you to do anything without their knowledge or approval.


By JCA on 4/25/2009 1:41:26 AM , Rating: 5
And anyone that's worked in or around SCIFs or secured buildings will know that projects like this aren't connected to outside networks. Like said, this was unclassed information. Anyone working in the military contractor or active (I come from NORAD, US Space Command, AF Space Command, and NORTHCOMM) will know that what the media is purporting is foolishness at best. It's because the public is ignorant of the real story because the media is, by all means, the gospel truth. The current administration will use it to its advantage, after all, that's how they got to be where they sit now.

Don't believe that our military agencies or federal agencies have their heads screwed on backwards. They're quite capable of securing information. And yes, cybersecurity is an idiotic name for it.


By foolsgambit11 on 4/25/2009 5:47:09 PM , Rating: 2
I'm of two minds about this (I spent 8 years working in SCIFs around the globe). On the one hand, if the information were valuable enough, it would have been classified. On the other, I worked with an OSINT (open source intel) team in Iraq that produced very good products - both actionable intelligence and situational awareness-related info. This is why we have FOUO. So while this "breach" may not be indicative of highly refined intel gathering by its perpetrators, and while it may not be a harbinger of greater things to come, we shouldn't discount the value of the compromised information based solely on its classification level.


By Manch on 4/26/2009 11:15:19 AM , Rating: 2
They're changing what was once part of the 3C0X1 Computer Communications Operators...err IT admin career field that dealt with securing the network (Information Assurance) into....

CYBERSURETY!!

OK, you can now point and laugh.

I'm thinking about the blue to green program a lot more now.


Offtopic
By i4mt3hwin on 4/24/2009 1:37:21 PM , Rating: 4
What ever happened to Michael Asher (Masher2)? I haven't seen anything by him in a while and this reminded me of that.




RE: Offtopic
By Noya on 4/24/2009 1:48:35 PM , Rating: 2
Yeah, I loved reading Asher's blogs and comments. The funniest was at Christmas when someone parodied his views to "The 12 Days of Christmas" (not that I disagree with all his opinions).


RE: Offtopic
By Lord 666 on 4/24/2009 7:21:29 PM , Rating: 2
Thank you. You just made my day.


RE: Offtopic
By Lord 666 on 4/25/2009 11:26:07 AM , Rating: 2
Here it is again

http://www.dailytech.com/Michaels+Holiday+Gift+Gui...

Asher added something extra to DT. Without him, its just a technology site.


RE: Offtopic
By Spivonious on 4/24/2009 2:06:16 PM , Rating: 2
I heard in another article that he is on sabbatical.


RE: Offtopic
By alanore on 4/24/2009 2:36:58 PM , Rating: 2
Probably blew a head gasket after all the european vs american motor debates.


RE: Offtopic
By Staples on 4/24/09, Rating: -1
Another misleading title
By stromgald30 on 4/24/2009 1:42:44 PM , Rating: 5
I'm a little skeptical about the conclusion that the White House should 'take over' cybersecurity. I doubt they have the personnel or infrastructure to do this. This seems to be more of a sensationalist title based on loose definitions of 'take over' and 'White House'.

Doesn't the NSA, FBI and other cybersecurity groups already report to the White House? All the 60 day study seems to say is that the White House should take a 'more active role' in cybersecurity, which hardly means to take over.

The biggest issue with all this is that the NSA and FBI aren't willing to play nice with each other. IMHO, a separate group should be formed to either coordinate between the agencies and report to the White House, or a new group should be formed from the cybersecurity divisions of the NSA and FBI to create a more elite, specialized group.

That first link also doesn't seem to be working.




RE: Another misleading title
By Starcub on 4/24/2009 4:33:36 PM , Rating: 3
quote:
The biggest issue with all this is that the NSA and FBI aren't willing to play nice with each other.

Not just the NSA and FBI, but the DoD too. Having worked under the DoD data standardization program many years ago I can tell you that even within these organizations there is staunch reluctance to surrender any authority whatsoever over their systems.

In the information age, everyone wants to own their own island. Ms Hathaway was correct in her observation that no one plan will do. In fact, I'm somewhat skeptical that this effort will accomplish much even with emphasis given by the White House.


RE: Another misleading title
By Manch on 4/26/2009 11:32:10 AM , Rating: 3
I wouldn't worry. "Take over" is about as accurate as "90% of the guns recovered in Mexico come from the U.S.".

Take over is probably being used interchangeably.

JTMFC


RE: Another misleading title
By foolsgambit11 on 4/26/2009 5:31:38 PM , Rating: 2
Well, the best statistics we have put the number right around there. But our best statistics aren't that good. Of all the guns that get traced, roughly 90% are American. There are reasons why the guns which aren't traced may be different - i.e. they already know the origin. But that doesn't mean the origin isn't American. It's just most likely via the Mexican police or army. But the origin of the weapon is still American. The weapon arrives in Mexico legally and at the request of the Mexican government. Maybe you could call the 90% number disingenuous, but not inaccurate.

The US Bureau of Alcohol, Tobacco, Firearms, and Explosives estimates between 95% and 100% of the guns the cartels possess are of American origin.

But the whole debate is really moot, anyway, since there's almost nothing we can do to stop the flow of weapons into Mexico, just like how powerless we are to stop the flow of drugs (and people) into America.


Won't happen...
By iFX on 4/24/2009 3:16:55 PM , Rating: 2
Private companies won't turn over control of their networks or even allow government agents to run security on their networks. The government has no jurisdiction on a privately owned network conducting legal business.




RE: Won't happen...
By Yawgm0th on 4/24/2009 4:07:15 PM , Rating: 2
quote:
The government has no jurisdiction on a privately owned network conducting legal business.
Nor has the government any interest in them. The government does have jurisdiction (or should) on private contractors developing military and government technology.


RE: Won't happen...
By iFX on 4/24/2009 4:18:29 PM , Rating: 2
Sure they do. There are already government sanctioned security requirements for financial institutions (called PCI compliance) and these institutions are private (well, they were prior to a few months ago but these regulations have been around for a while anyway). As of yet the government doesn't execute these regulations, they only inspect private networks to make sure they are meeting them. The government most certainly [i]thinks[/i] they have the right to poke their nose into any private network they want.


RE: Won't happen...
By Yawgm0th on 4/24/2009 6:06:45 PM , Rating: 2
PCI DSS compliance is controlled and enforced by the credit card industry. It is an international standard and has nothing to do with the US federal government. PCI compliance audits are typically performed by qualified third-party vendors and internal security teams. The executive branch doesn't have the resources or, frankly, the expertise to even perform PCI audits. I'd wager that there are a few government agencies that take credit cards payments without meeting PCI requirements.

The Obama administration has not suggested the executive branch would be responsible for information security practices of private industry. This is about military, government, and government contractors responsible for sensitive material.


RE: Won't happen...
By iFX on 4/24/2009 8:24:59 PM , Rating: 2
I'm afraid the information your have yanked from Wikipedia isn't entirely accurate regarding PCI compliance.


RE: Won't happen...
By foolsgambit11 on 4/25/2009 5:59:52 PM , Rating: 2
But the government does have the ability to mandate certain security measures and inspect for compliance as a precondition for receiving a government contract that involves the handling of sensitive government information.

Above and beyond that, I think certain institutions are legally required to provide reasonable protections for consumers' personal information. Although in that case, I don't think the government mandates specific security measures, but just requires some adequate and reasonable measures be taken. Nor do they inspect unless it's part of an investigation into an incident. But this isn't my area of expertise.


here's an idea
By smackababy on 4/24/2009 1:48:40 PM , Rating: 4
Someone appoint Bruce Willis. I know he'll get the job done, with our without bullets.




RE: here's an idea
By BPB on 4/24/2009 2:55:05 PM , Rating: 2
Nah, I think he's a Republican.


RE: here's an idea
By Expunge on 4/24/2009 4:59:47 PM , Rating: 1
And that's why you would appoint him, because it will get taken care of. Hope and change dont cut it. We need experience and results. Something which the current administration is lacking.


RE: here's an idea
By GaryJohnson on 4/24/2009 5:30:36 PM , Rating: 2
Why can't we have hope, change, experience, & results all at the same time?


RE: here's an idea
By Manch on 4/26/2009 11:20:07 AM , Rating: 2
Because Obama only promised Hope & Change so that's all you get.


Great
By Spivonious on 4/24/2009 2:05:57 PM , Rating: 2
More things for the government to control.

I'm currently reading Ron Paul's book ("The Revolution: A Manifesto") and it is so obvious that the people in our federal government have no idea what they're supposed to be doing.




RE: Great
By unableton on 4/24/2009 4:54:52 PM , Rating: 2
Infowars is that way ------------>


Don't Panic.
By Smilin on 4/24/2009 3:03:46 PM , Rating: 2
They haven't assigned a "czar" title so we're good for now.

As soon as they call it a "cybersecurity czar" we're f*cked.




RE: Don't Panic.
By Yawgm0th on 4/24/2009 3:32:11 PM , Rating: 2
quote:
As soon as they call it a "cybersecurity czar" we're f*cked.
Honestly I'm shocked that that term is not used more. I would really expect it.

The thing that irritates me is that any such "czar" would almost undoubtedly be someone with a lot of expertise in middle management and none in information systems security.


By Beenthere on 4/24/2009 8:54:23 PM , Rating: 2
...on the economy we are all doomed.




By BarkyMcWoof on 4/25/2009 12:42:48 PM , Rating: 2
I think everyone is missing the point here: the White House is accumulating more authority; in this case over the internet. This means more surveillance of U.S. citizens.


By callmeroy on 4/24/2009 2:37:15 PM , Rating: 2
The only think that immediately popped in my head when I read this headline was.....

"....this oughta be good...."




Yikes
By Saist on 4/24/2009 6:28:57 PM , Rating: 2
Out of all of the people that I would want in control of "Cybersecurity," Obama's administration is somewhere in the bottom 2, the other being Microsoft.

Although, there is the practical point by way of campaign support and contributions that Microsoft and Obama's administration are one in the same. I think this sort of news qualifies as "Inmates running the Asylum?"




Not Suprising!
By rickon66 on 4/24/2009 6:35:39 PM , Rating: 2
Why not, they have taken over most everything else. Maybe Bo will dig up an answer.




"Folks that want porn can buy an Android phone." -- Steve Jobs











botimage
Copyright 2012 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki