backtop


Print 20 comment(s) - last by tastyratz.. on Dec 20 at 10:27 AM


The U.S. Intelligence community now assumes hostile hackers, like Chinese intelligence agency officials, will eventually gain access to U.S. systems. It's now focused on blocking their beachhead, preventing it from gaining important information  (Source: AP)
Keeping enemies out is no longer good enough to protect our nation's networks

At a cyber security forum sponsored by the Atlantic and Government Executive media organizations, visitors detected a decided shift in U.S. intelligence policy.  Where the community had longed focused on keeping out unwanted intruders, the new assumption was that these efforts would eventually fail.  And the new focus appears to be on minimizing the damage when they do fail.

The director of the U.S. National Security Agency (NSA) Information Assurance Directorate, Debora Plunkett, addressed reports, stating:

There's no such thing as 'secure' any more.  The most sophisticated adversaries are going to go unnoticed on our networks.  We have to build our systems on the assumption that adversaries will get in.  We have to, again, assume that all the components of our system are not safe, and make sure we're adjusting accordingly.

Mike McConnell, a retired Navy vice admiral and former NSA chief from 1992 to 1996 concurred, stating, "[There is not a major computer system of consequence] that is not penetrated by some adversary that allows the adversary, the outsider, to bleed all the information at will."

Many might suspect the source of the policy shift is the recent leak by a disgruntled Army specialist, Bradley Manning, who spilled hundreds of thousands of classified documents to a foreign news site run by a self-proclaimed anarchist.  While the damaging effects of that incident certainly played a role, it is far from the only reason for the shift.

The U.S. has been under increasing attack digitally from foreign intelligence agencies, including China and North Korea.  Foreign spies have infiltrated defense contractors, and retrieved information from lost U.S. government hardware.  Deputy Defense Secretary William Lynn, in the September/October issue of the journal Foreign Affairs, estimated that at least 100 foreign intelligence agencies are trying, night and day, to hack into U.S. government systems.  He says that many of these agencies have the sophistication to succeed, at least some of the time, in their plots.

For the NSA, which is tasked both with intercepting foreign communications and protecting those of our nation, the shift in mentality is crucial.  The agency indicates that it has transitioned from trying merely to stop intruders from entering systems to limiting and monitoring access when such intruders do get in.

If the recent forum was any indication, the U.S. intelligence agencies have conceded that hostile parties will likely establish beachheads on crucial systems in the coming decades of cyberwarfare.  The key battle will be to prevent them from moving inland and capturing valuable documents or messages.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

security vs convience
By kattanna on 12/17/2010 11:15:44 AM , Rating: 2
security is always a "great idea" until some one in power is inconvenienced, then it becomes a burden.

and how a low ranking non commissioned officer even had access to such high level diplomatic documents in the first place, highlights that exact thing.




RE: security vs convience
By Dr of crap on 12/17/2010 11:21:17 AM , Rating: 2
Yea,
But it's only inconvenient until there is a hack.
Then it's a problem, and no one pushes for changing the incovenient things they have to go through.
Human nature!


RE: security vs convience
By Yames on 12/17/2010 12:20:43 PM , Rating: 2
The politics in Govt don't allow for proper security designs. They cost too much and become burdensome.


RE: security vs convience
By Spuke on 12/17/2010 2:14:55 PM , Rating: 2
quote:
The politics in Govt don't allow for proper security designs. They cost too much and become burdensome.
In my experience, the handling of lesser classified info is sloppy. The higher classification/need-to-know is taken MUCH more seriously. It all should be taken seriously.


"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki