Print 20 comment(s) - last by tastyratz.. on Dec 20 at 10:27 AM

The U.S. Intelligence community now assumes hostile hackers, like Chinese intelligence agency officials, will eventually gain access to U.S. systems. It's now focused on blocking their beachhead, preventing it from gaining important information  (Source: AP)
Keeping enemies out is no longer good enough to protect our nation's networks

At a cyber security forum sponsored by the Atlantic and Government Executive media organizations, visitors detected a decided shift in U.S. intelligence policy.  Where the community had longed focused on keeping out unwanted intruders, the new assumption was that these efforts would eventually fail.  And the new focus appears to be on minimizing the damage when they do fail.

The director of the U.S. National Security Agency (NSA) Information Assurance Directorate, Debora Plunkett, addressed reports, stating:

There's no such thing as 'secure' any more.  The most sophisticated adversaries are going to go unnoticed on our networks.  We have to build our systems on the assumption that adversaries will get in.  We have to, again, assume that all the components of our system are not safe, and make sure we're adjusting accordingly.

Mike McConnell, a retired Navy vice admiral and former NSA chief from 1992 to 1996 concurred, stating, "[There is not a major computer system of consequence] that is not penetrated by some adversary that allows the adversary, the outsider, to bleed all the information at will."

Many might suspect the source of the policy shift is the recent leak by a disgruntled Army specialist, Bradley Manning, who spilled hundreds of thousands of classified documents to a foreign news site run by a self-proclaimed anarchist.  While the damaging effects of that incident certainly played a role, it is far from the only reason for the shift.

The U.S. has been under increasing attack digitally from foreign intelligence agencies, including China and North Korea.  Foreign spies have infiltrated defense contractors, and retrieved information from lost U.S. government hardware.  Deputy Defense Secretary William Lynn, in the September/October issue of the journal Foreign Affairs, estimated that at least 100 foreign intelligence agencies are trying, night and day, to hack into U.S. government systems.  He says that many of these agencies have the sophistication to succeed, at least some of the time, in their plots.

For the NSA, which is tasked both with intercepting foreign communications and protecting those of our nation, the shift in mentality is crucial.  The agency indicates that it has transitioned from trying merely to stop intruders from entering systems to limiting and monitoring access when such intruders do get in.

If the recent forum was any indication, the U.S. intelligence agencies have conceded that hostile parties will likely establish beachheads on crucial systems in the coming decades of cyberwarfare.  The key battle will be to prevent them from moving inland and capturing valuable documents or messages.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

I've always wondered...
By plupien79 on 12/17/2010 11:40:59 AM , Rating: 3
IF something is SO Secret... maybe the server that hosts the data shouldn't be connected to the public internet....

Just Saying...

RE: I've always wondered...
By MindParadox on 12/17/2010 11:50:15 AM , Rating: 4
that works fine if the only people who will EVER need that information all have access to that computer anytime they might need it

in any other more realistic situation, that simply doesnt work

RE: I've always wondered...
By jimhsu on 12/17/2010 12:08:18 PM , Rating: 3
Indeed things that are actually national security issues (power plants, nuclear weapon designs) are not kept on any accessible network. Things below that (Secret to Confidential) make it onto SIPRnet ( ) which the recent wikileaks news has made familiar to a much broader audience. In both of these cases stuff doesn't make it onto the public internet unless it was intentionally posted there; in that case you have other problems to deal with (your employees).

RE: I've always wondered...
By bah12 on 12/17/2010 12:55:29 PM , Rating: 2
quote: that case you have other problems to deal with (your employees).
Correct it is not that a public facing system can never be secure, just that a public facing system can't be secure if a fallible human presence is involved.

I've always preached that computers cannot make a mistake, there is always a human somewhere responsible for the problem. It could be as simple as the employee with 1234 as their password, or as complex as the engineer that missed the security hole in the firewall firmware they wrote. Either way somewhere in the chain a person screwed up, even if that screw up was the inability to imagine the threat and program against it.

RE: I've always wondered...
By foolsgambit11 on 12/17/2010 2:45:30 PM , Rating: 2
There is a possibility that a sophisticated enemy could get into SIPRNet. It may be a 'secure network', separate from the internet, but it is still a worldwide network, including satellite relays and other snoop-able links. With the right equipment and the right knowledge, an enemy could gain access to the network. The same goes for other, even more classified networks (JWICS, NSANet, etc.).

While all of these networks are pretty well protected from intrusion, it is still safer to take a stance that they will be breached, and be prepared.

RE: I've always wondered...
By zixin on 12/17/2010 12:55:53 PM , Rating: 3
It wasn't. It was posted on a secured classified network that needs a secret clearnace to access. With that said, there are a lot of people with secret clearance, including the private who stole the information. What is dumb is that the information is not compartmentalized such that access is limited to a need to know basis, like it should be for secret information.

RE: I've always wondered...
By Spuke on 12/17/2010 2:11:03 PM , Rating: 3
It wasn't. It was posted on a secured classified network that needs a secret clearnace to access.
Where you had ready access, via removable media, to an unclassified network. Where I have worked previously, there was no unclassified network and internet access was literally miles away. Mixing the two is asking for trouble, not to mention, allowing removable media on a classified network? LOL! Again citing my previous employment, removable media was not allowed, period. Any data was moved via the internal network.

RE: I've always wondered...
By gamerk2 on 12/17/2010 2:22:11 PM , Rating: 3
What is dumb is that the information is not compartmentalized such that access is limited to a need to know basis, like it should be for secret information.

Remember back in 2001, when we found out we weren't sharing enough information to enough people?

See that catch-22?

RE: I've always wondered...
By Solandri on 12/17/2010 6:46:04 PM , Rating: 2
I've thought about that, and the idea behind SIPRNet of just making all this secret stuff available freely to anyone with clearance seems rather reckless and over-simplistic. Like something an IT guy would come up as an interim solution while working on a better permanent fix.

At the very least, they should've put a limit on how many docs a single individual could access per day. If someone is downloading tens of thousands of documents off the network, you can be pretty sure something is not right.

RE: I've always wondered...
By tastyratz on 12/20/2010 10:27:05 AM , Rating: 2
Its also very complicated. Cant have your cake and eat it too - information sharing means sharing with more people and people are your biggest security hole (some being bigger holes than others)

The number of documents could easily be overwhelming it they all concern a specific individual or project.
I do however believe that your superior should be sent an immediate notification when a specific number of documents are retrieved, as well as that persons superior after another level has been hit, etc. A weighting system could be applied based on your level of clearance and the clearance required (for example, someone with secret clearance can open 50 documents with secret clearance levels, or 75 with confidential levels before setting off a page, and someone with top secret clearance might set it off with 50 top secret or 75 secret documents, etc)

Specific documents could be given a weight multiplier and once a threshold is reached the person is detained in the facility until their superiors approve.

I also think the allowance of removable media in ANY form on airgapped networks was an embarrassment to security professionals. MP should have been detaining and seeking explanation within 5 minutes of it being plugged in.

"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton

Latest Headlines

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki