backtop


Print 48 comment(s) - last by johnsmith9875.. on Mar 12 at 4:01 PM


  (Source: Keaitu.com)
Even teenagers can defeat U.S. network security

Will the U.S. government ever step up to the plate and properly defend the nation in cyberspace?  

I. Government Has Already Flunked the Cybersecurity Test

That's the pressing question as Democrats and Republicans in the U.S. Senate bicker over a pair of proposals designed to offer some improvements to the nation's overall extremely poor state of cybersecurity.

Flunking
The U.S. has flunked the "real world" security test. [Image Source: The Evergreen Foundation]

The situation as it stands is dire.  Tech-savvy teens in the last year have humiliated government IT departments, shutting down or hacking government websites, while the government has been unable to find a way to shut down these hackers' homepages, such as "LulzSec".  

Topiary
These days even teens can outwit the U.S. government's internet security.
[Image Source: Financial Times (left); Michael Mayer (right)]

Meanwhile the U.S. is still grappling with the fallout of giving a low ranking private in the U.S. Army complete, virtually unrestricted access to the entire body of U.S. diplomatic cables and a great deal of military footage.  

The soldier -- a teen at the time -- then passed the information on to Wikileaks, a fame and fortune seeking "leaks" brainchild of ex-Australian college professor Julian Assange who resorted to creative Hollywood editing to make U.S. attacks on armed militants look like the murder of unarmed civilians (see the scandal regarding the unedited "Collateral Murder" video).  The loss could well end up costing lives, a prospect that allegedly delights WikiLeaks founder who is quoted by a prestigious British journalist (and supported by several other journalists who were at the meeting) as stating that those who cooperate with U.S. forces in the Middle East are traitors to the their people and "deserve to die" (Assange denies saying this calling the journalists liars).

Leak -- blood
Military secrets leaked and subsequently doctored by Wikileaks have been a massive PR setback for the U.S. military and its allies -- one which may cost lives.

This was just one high profile example in a long string of horrific data losses for the hapless government agencies [1][2][3].

But all of those embarrassments stand secondary to the far more dangerous threat from America's economic superpower rival, China.  At a time when there's strong impetus in the U.S. to downsize the federal government and cut programs, the nation is also grappling with the reality of a Chinese government that has no such concerns and is more than willing to reportedly spend billions on its own cyberoffensive programs.  

While the U.S. government recently drafted strict rules about when it can cyberattack other countries, China seems to have no such scruples.

China hackers
U.S. agencies have proved woefully incapable of protecting their data against Chinese hackers.
[Image Source: Asia Society]

China has stood accused of conducting massive intellectual property thefthacking into financial institutions, stealing government information, and compromising U.S. Department of Defense systems.  The problem is that America is unable to retaliate in any meaningful way. The American economies' is predicated on China manufacturing the goods U.S. companies "design", and hence the nation cannot hope to respond with economic sanctions.  At the same, time its lack of security competence limits its bloodless counter-offensive options.

II. Defending the Nation?  It's Congress's Constitution Duty

Article 1, Section 8 of the U.S. Constitution, the foundation of the U.S. government, clearly grants Congress the power:

U.S. Constitution
[Image Source: EL Civics]

The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;

To raise and support armies, but no appropriation of money to that use shall be for a longer term than two years;

To provide and maintain a navy;

To make rules for the government and regulation of the land and naval forces;

To provide for calling forth the militia to execute the laws of the union, suppress insurrections and repel invasions;

The U.S. Congress has been ineffectual in legislating funding and creating proposals outlining a sensible digital "common Defense" of the nation -- i.e. a "militia" (say, competent contracted security officials) or a digital age army (such as China has built).

In other words, when it comes to their Constitutional responsibility to protect the U.S. against invasions -- including cyberinvasions -- both parties in Congress have failed.  Yet the American people remain largely apathetic of these failures and continue to vote for their party of choice, while doing little to voice public discontent over America's ongoing losses in the global cyberwar.

III. U.S. Senate, House Can't Agree on What to do

In the Senate U.S. Senator Harry Reid (D-NV) has proposed a broad bill that would pay for improvements to the government security infrastructure.  The bill would authorize the Department of Homeland Security (DHS) to both crack down on IT incompetence in the various federal agencies.  It also would authorize the DHS to crack down at similar poor practices at U.S. government contractors, such as Lockheed Martin Corp. (LMT) whose F-35 Lightning II fighter program was infiltrated by foreign spies.

The bill has strong Democratic support.  Other co-sponsors include Sens. John D. "Jay" Rockefeller IV (D-WV) and Dianne Feinstein (D-CA).  But the bill also has a degree of bipartisan support as it is co-sponsored by Sens. Joseph Lieberman (I-NH) and Susan Collins (R-ME).  Sen. Collins' mentor is Sen. Olympia Snowe (R-ME), who recently announced that she would not seek reelection as should could not stand the partisan conflict that has infected Washington D.C.

That conflict threatens to sink the Reid bill, as strong opposition from the Republican majority is overwhelming the minority in the party who support the measure.  Senator Saxby Chambliss, Jr. (R-GA), states [press release], "More government is seldom a solution to any problem."

Sens. Chambliss and former 2008 presidential candidate John McCain (R-AZ), along with 6 other high-ranking Senate Republicans have sponsored an alternate bill [press release].  Reuters describes the bill as "softer".  That bill would not provide any additional funds to U.S. cybersecurity or authorize increased DHS oversight of IT/contractors.  Instead, it would step up "information sharing" efforts between the U.S. gov't agencies and contractors regarding threats.

John McCain
Sen. John McCain opposes the Reid bill to fund cybersecurity. [Image Source: kwout]

Sen. McCain lauded the bill as implement far less regulation than Sen. Reid's proposal.  He states, "We believe that ensuring our nation's cybersecurity is critical. We have a bill that would do plenty to meet current challenges."

It should also be noted that Sen. Reid's bill also includes proposals to increase information sharing.  Responding to the criticism, he stated, "I look forward to a debate on the Senate floor that will ensure this bill and other proposals get a fair hearing, and which will allow thorough consideration of amendments to improve the legislation."

While the Republicans are in the minority in the U.S. Senate, they do have strong support on the bill from the telecommunication industry, which is wary of increased regulatory powers to the DHS in the Democratic bill.  

Industry officials also enjoy a close relationship with the bill's sponsor, Senator McCain.  AT&T, Inc. (T) America's second largest mobile carrier and major ISP has provided free service to Sen. McCain's ranch complex in Ariz.  And Telecoms/ISPs have heavily financed Sen. McCain's Senate and Presidential runs raising millions for him, favors he returned with hundreds of millions of dollars in tax cuts and tax holidays.

USTelecom President Walter McCormick offered glowing praise for the McCain measure, stating, "We can support the bill introduced today because it pursues those objectives without creating new bureaucracies or regulatory mandates that would erode, rather than enhance, the ability of network providers to provide nimble and effective responses to cyber threats."

The question is whether "information sharing" would do enough to improve the ineffectual cyberdefenses of the U.S. nation against threats from the Chinese and others to water supply, electric grid, financial networks, and transportation infrastructure.

The U.S. House of Representatives' efforts are still in their earlier stages, but a bill similar to Sen. McCain's Senate proposal authorizing the Pentagon to conduct two-way sharing of information with ISPs and contractors regarding threats.  The bill passed a procedural vote by the House's Permanent Select Committee on Intelligence and will be headed to a vote on the House floor sometime later this year.

Congress Buillding wide
Congressional cybersecurity efforts have stalled. [Image Source: U.S. Congress]

But the Democratic minority in the Republican-controlled House is expected to be crafting their own counterproposal.  Thus partisanship may stall legislative efforts in the House, much as the rancor is currently sinking the Senate bills.

In the last five years similar bills have been proposed and slowly died.

IV. Will Someone Who Cares, Please Step up

Howard Schmidt, the White House cybersecurity policy coordinator, is hopeful that Sen. Reid's measure passes.  But amid the partisan rancor he's not counting his digital eggs before they hatch.  He instead is pushing government agencies to reinterpret current authorization bills and work to promote self-dense of the private sector, aware that Congress may not be able to reach the compromises necessary to defend the nation.

In that way the White House may try to sneak increased cybersecurity regulation "in the back door" via existing programs.  But such efforts stand a strong chance of winding up in court, as contractors may sue the federal government if it adopts what they view as unauthorized regulation.

Cybersecurity wide
No one seems interested in solving America's cybersecurity problems. [Sen. Collins]

Ultimately at the end of the day all parties involved -- the majority of U.S. businesses and the U.S. government -- are lukewarm on providing strong cybersecurity.  That's not to say their half-hearted efforts have come for free.  Both the government and private sector pay a lot for cybersecurity.

While an overt attack by China is unlikely -- they are as economically dependent on the U.S. as the U.S. is on China.  However, China appears to be instead opting to use its steady cyberattacks on the U.S. for financial and technological gains.  The nation has made tremendous progress in its stealth fighter and space programs, progress many U.S. officials believe was fueled by stolen U.S. government secrets.

But in an era where China is conducting almost open for-profit cyberwar against the U.S. and amid a string of embarrassing security breaches to amateur attention-seekers, the efforts are clearly not enough.  The problem is that few seem willing to pay the high cost of providing a strong security solution.

At the end of the day, this means that until something changes, the embarrassments for the U.S. government will likely continue.  And, China will enjoy a faster path towards its goal of displacing the U.S. as the number one global financial power.

And for skeptics eager to smash that analysis as alarmism, listen to Sen. McCain [press release]:

All of us recognize the importance of cybersecurity in the digital world. Time and again, we have heard from experts about the importance of possessing the ability to effectively prevent and respond to cyber threats. We have listened to accounts of cyber espionage originating in countries like China; organized cyber criminals in Russia; and rogue outfits with a domestic presence like ‘Anonymous,’ who unleash cyber-attacks on those who dare to politically disagree. Our own Government Accountability Office has reported that over the last five years, cyber-attacks against the United States are up 650 percent. The threat is real.

He's certainly right about that.

Sources: John McCain [press release], Reuters



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By blankslate on 3/2/2012 4:10:13 PM , Rating: 5
I remember watching this show on CNBC nameed Code Wars: America’s Cyber Threat

One of the segments for the show was about efforts made by the U.S. government to ensure electronics made in China used by the government don't have backdoors physically built into the electronic circuits or flashed into the memory on the boards.

It's painful to think about how much time and money is wasted on that instead of having a domestic source of electronics that we can trust.

http://www.cnbc.com/id/42210831/

here's the hulu link

http://www.hulu.com/watch/257903/cnbc-originals-co...

the relevant information on the electronics inspections required are at about the 8 minute 35 second mark.

A country that wants to be secure, in all senses of the word needs a robust manufacturing sector.




By rpsgc on 3/2/2012 4:51:08 PM , Rating: 2
Or they could just be manufactured elsewhere, on another country with almost-as-cheap labour but "friendlier". You know? Like Thailand or Vietnam.


By blankslate on 3/2/2012 5:53:17 PM , Rating: 1
Maybe...

However, who's to say those countries couldn't be bought off or that the companies in those countries couldn't be compromised by China... then if we asked that question we'd be back to square one.


By Ramtech on 3/2/2012 7:38:07 PM , Rating: 2
Thailand umm do you like water soaked electronics?
Vietnam is communist country...


By Lonyo on 3/3/2012 6:14:42 AM , Rating: 2
How about Taiwan? Or South Korea?

There are more countries in the world than just those he mentioned.


By bupkus on 3/3/2012 3:47:42 PM , Rating: 3
Right. Surely we can't produce those things here in the US.


By bigdawg1988 on 3/8/2012 10:15:22 PM , Rating: 2
Or they could just be manufactured elsewhere, on another country with almost-as-cheap labour but "friendlier". You know? Like Thailand or Vietnam.

Haha, you mean the way the Chinese infiltrated the Thai company that puts the chips in US passports and stole the technology? smdh


By bobsmith1492 on 3/3/2012 9:31:00 AM , Rating: 2
We make plenty of "electronics boards," that is PCBs, here in the USA. Everything made here is fully automated pick-and-place manufacturing and reflow or wave soldering. There are several manufacturers even here in Michigan that my company uses.

Most of these are for lower-volume products, though. Any time someone wants 10 million of something a year it will end up coming from China.

But, there's no way you can say the USA doesn't make any PCBs anymore.


CyberSecurity and SOPA
By drlumen on 3/2/2012 7:41:22 PM , Rating: 5
So there is no problem with them trying to fast track SOPA to protect private corporations but it's hard for them to protect national secrets?

I don't think it's a lack of funding but a lack of campaign contributions!




RE: CyberSecurity and SOPA
By bupkus on 3/3/2012 4:01:48 PM , Rating: 5
As long as the media is controlled by corporate interests and the people of the US have such crappy educations and a taste for drama over the discipline of logic we will be herding creatures to the end.

Usually, when we hear about people making bad decisions and sinking their lives we get statements here at DT about survival of the fittest. Maybe the US is just passing on as did the Roman Empire or the Soviet Union?


Cut all the cables to China?
By Rob94hawk on 3/2/2012 8:09:17 PM , Rating: 4
What would be the downside to cutting all internet access to the US from China? Just asking.




RE: Cut all the cables to China?
By abscode on 3/3/2012 12:13:17 AM , Rating: 3
It's not that simple. There are various technological techniques that can be used to make the traffic not look like it's coming from China directly. Even if there wasn't, the Chinese government could send the hackers to some other country and have then set up shop there.

Aside from that, consider how much legitimate internet traffic is going between the US and CN since so many business have moved many operations to China. Personally, I love the idea of making it harder for businesses to offshore with China, but that's another conversation.


By johnsmith9875 on 3/12/2012 4:01:02 PM , Rating: 2
I can't honestly think of any chinese websites I regularly visit, other than Wal-Mart


Hi stupid Americans!
By Ziggizag on 3/4/2012 6:52:03 PM , Rating: 4
Perhaps you did not notice, but timer is counting down to zero when America will become one of a few China's meaningless subcontractors, completely dependent on Bejin's money and goodwill.

Each year America looks more dumb and grotesque like a farm of complete morons bred by selfish and corrupted financials ready to sell the nation to whatever power for yet another lucrative contract.

And you even do not know how funny it is to watch your presidential candidates who all are like caricature of your old glory - outdated puppets from the house of wax.

It is unbelievable what a weirdo today's America has become.




By Beenthere on 3/3/2012 4:00:51 PM , Rating: 2
Most of our government elected officials should be hanged for their criminal behavior. All that can be done at this time is to continue to prosecute all who hackers be they script kiddies or those from foreign countries. The only good hacker is dead.




Good story
By Jeff7181 on 3/3/2012 10:08:54 PM , Rating: 2
I think there should be a lot more attention given to this issue. The population is largely unaware that this stuff is happening. If you want a small taste if how much "hacking" China is doing, put an FTP server out on the Internet for a week and log all login attempts.




Information..
By zodiacfml on 3/4/2012 10:41:28 PM , Rating: 2
I thought the future of warfare is on information? I guess we have to wait for substantial damage before the message get into people.




By xenol on 3/5/2012 12:46:27 PM , Rating: 2
I believe the government exists to protect the sovereignty of its nation. Instead, the US government is more concerned about dissent within than others (more organized than a ragtag bunch of terrorists) attacking it. And I feel that's when a nation is most vulnerable.




But Democrats
By Reclaimer77 on 3/2/12, Rating: -1
RE: But Democrats
By yomamafor1 on 3/2/2012 2:58:54 PM , Rating: 2
I love it when people turn an issue that's supposed to have bipartisan support into a partisan war.


RE: But Democrats
By Reclaimer77 on 3/2/2012 3:05:53 PM , Rating: 3
Everyone can get behind this issue. The problem is HOW you tackle the issue. The Democrats, as usual, want to use anything as an excuse to increase the Government's power and budget.

Simply giving the DHS more money and telling them to "crack down" on stuff isn't actually going to make us safer. That's not even a plan! Just more of the typical Democratic mindset that, well, we've mandated something so problem solved! It's not going to increase our technical prowess and computer security literacy.

Half our problem is VERY basic knowledge that any IT professional or college student could tell you. When the problem is in the Government, how is MORE Government the solution again?


RE: But Democrats
By gamerk2 on 3/2/12, Rating: 0
RE: But Democrats
By Reclaimer77 on 3/2/2012 4:01:11 PM , Rating: 2
Did the Republican solution to this involve the military somehow? Oh yeah, you were just trolling.

quote:
Like it or not, completely re-working and upgrading on the IT side takes MONEY. No money, no upgrades.


Money isn't the issue. This is a damned good use of money in my opinion. We, Republicans, obviously have reservation about putting the DHS in charge of something like this. The idea of DHS "crackdowns" in this area should give ANY American reservations. Even Democrats. Good grief, don't you have ANY consistency? I can just imagine what they would be saying if Bush tried to appoint the DHS to oversee our nations cyber security! lol, oh man.

quote:
And I note, you didn't exactly put forward a competiting option yourself


Well that's because it's so simple and based in common sense, it would be NUTS! How about before trying to pass a bill to fix a problem, we identify it first?

1. Hire a professional cyber security consulting firm to do a complete audit and probe of the networks in question and to make recommendations. Swear them to secrecy and make them sign non-disclosure agreements if you have to.

2. Read report from said firm on said recommendations.
3. Implement recommendations to networks. Using whatever equipment and personnel needed.

But I guess that would never work because we apparently need an act of Congress to do what we've been paying our IT people to do for years in the private sector any Government for that matter. I'm sure the DHS will do a great job.

The DHS, who if you had the same name as someone on the "no fly list" told you that you couldn't fly either, because they didn't know how to write a program to tell two people apart if they had the same name...THEY, the DHS, are the supreme authority in cyber security now.

God help us...


RE: But Democrats
By Ringold on 3/2/2012 4:26:44 PM , Rating: 2
That's my primary reservation, that they want to put the DHS at the forefront. The same fools that pat down Senators, put innocent people on no-fly lists and inspect little old ladies adult diapers are the people we now trust for cyber-security? Further, how did the 'homeland' have 'security' prior to DHS? Somehow I think, since we're all alive and living relatively free, we managed.

This would be a step away from what I'd prefer: the dismantling of the DHS, along with most of its inane rules, with its roles given back to the proper authorities; FBI, CIA, state and local law enforcement.


RE: But Democrats
By JasonMick (blog) on 3/2/2012 4:30:02 PM , Rating: 2
quote:
Money isn't the issue. This is a damned good use of money in my opinion. We, Republicans, obviously have reservation about putting the DHS in charge of something like this. The idea of DHS "crackdowns" in this area should give ANY American reservations. Even Democrats. Good grief, don't you have ANY consistency? I can just imagine what they would be saying if Bush tried to appoint the DHS to oversee our nations cyber security! lol, oh man.

Hey to be fair it was a Republican who created the DHS, so both parties are culpable for that mess. But I agree, the DHS both under Obama and Bush has been given many questionable authorities.

quote:
1. Hire a professional cyber security consulting firm to do a complete audit and probe of the networks in question and to make recommendations. Swear them to secrecy and make them sign non-disclosure agreements if you have to.

2. Read report from said firm on said recommendations.
3. Implement recommendations to networks. Using whatever equipment and personnel needed.

But I guess that would never work because we apparently need an act of Congress to do what we've been paying our IT people to do for years in the private sector any Government for that matter. I'm sure the DHS will do a great job.

This is my thought too, in terms of defense.

I also think we need offensive capabilities.

I would also suggest recruiting black hat hackers who have committed high profile intrusions or particularly clever crimes. The longer the rap sheet, the better, assuming they're selfish and sane.


RE: But Democrats
By Reclaimer77 on 3/2/2012 5:11:40 PM , Rating: 2
quote:
Hey to be fair it was a Republican who created the DHS, so both parties are culpable for that mess.


http://www.dhs.gov/xlibrary/assets/brief_documenta...

Interesting read. Not making any "partisan" argument here at all, I just honestly wasn't aware of the events that lead to the creation of the DHS before 9-11.

So just months before 9-11 a Commission on National Security suggested something like the Department of Homeland Security was needed to consolidate some 40 departments and other agencies into a single department.

And yes, a Republican did create it. Even I thought it was Bush, but apparently it was Mac Thornberry of Texas who first proposed the bill to create the National Homeland Security Agency. It died in Congress.

Then boom, 911 happens and here's this bill sitting there all ready to go from months earlier to create the DHS.

quote:
But I agree, the DHS both under Obama and Bush has been given many questionable authorities.


No doubt. If the goal was just to consolidate a bunch of wasteful and ineffectual agencies into one big one, I could get behind that in theory. Provided it actually IS leaner and more efficient than the alternative. But the extreme anti-terrorism measures tacked on...I dunno. And obviously the concern is when you consolidate this much power that was before divided, you lose checks and balances.

Also where exactly does the DHS begin and the Patriot Act end? Seems like we went WAY overboard with the regulations. Maybe one would have been fine, but three? (DHS, Patriot Act, TSA) Overkill.

These should have been temporary measures. If such a thing can ever be possible with this Government. I guess the prevailing fear at the time was that 9-11 was a prelude to a continued campaign of attacks on American soil.

Whoa I just got way off topic, sorry. I found that link interesting though. Learn something new every day, go Google.


RE: But Democrats
By Cerin218 on 3/4/2012 1:30:46 PM , Rating: 2
Bush was a Republican? Could have fooled me. His words may have said Republican, but MANY of his actions screamed Progressive Democrat. Hard to tell the difference between Bush and the guy after him...


RE: But Democrats
By TSS on 3/2/2012 6:51:58 PM , Rating: 2
Well first off the republican counter proposal had no extra money alotted, so it's definitly part because of the money.

Also, the counter proposal calls for the information to be sent to so called "cybersecurity centers". That's what they mean by "enhanced information sharing".

I did some digging. Those are NSA centers.

http://www.nsawatch.org/scandal.html

real frickin trustworthy. How is this better then the DHS, exactly?


RE: But Democrats
By Reclaimer77 on 3/2/2012 7:02:50 PM , Rating: 2
NSAwatch is an activists website. That would be like me trying to use Obamawatch.com as a source or Democratsuck.org. Nobody would accept it.

quote:
Well first off the republican counter proposal had no extra money alotted


We already allotted like 2 billion dollars to the NSA in 2009 to build a cyber-security center! Money is allocated to this purpose all the time. So what are you and the Democrats saying? Forget that money and all the resources we've already poured into the NSA for this task, we need to just scrap that, flush it down the toilet, and pump up the DHS. Who is NOT even remotely as equipped and staffed for this role as the NSA is.


RE: But Democrats
By TSS on 3/3/2012 11:27:55 AM , Rating: 2
It's simply the first website i found. I know the NSA has been in the news before but i have a horrible memory when it comes to dates and names.

http://en.wikipedia.org/wiki/NSA_warrantless_surve...

that's the next one. there's also couple of things on the main wikipedia page about the NSA. everything else is buried on slow moving websides and the like, and i can't be bothered to look up more really.

I'm saying it's not gonna get any better for consumers. If you really are that fearfull of government why are you agreeing to any proposal that allows centralization of some very, very sensitive data under the government? They can protect you without knowing everything.

http://cyber.umd.edu/about/index.html

That's the right way. Yes it's still government and NSA but it's not collecting data - it's education. Education is your most powerfull tool because it doesn't matter how much you centralize information, if you have 1 idiot who enters a default password on that system you're really, really screwed.

It's not so much that i have a problem with the NSA, or DHS. I have a problem with the "enhanced sharing" Combined with the incredible powers both the NSA and DHS have obtained over the last few years. You, of all people on this website, should recognise that.

Oh and there's no "you and the democrats". I'm dutch, so really it doesn't affect me either way what you guys decide. I'm just suprised you'd support either one of the proposals. Like you said, the NSA already builds cyber security centers. Why do they need extra authority, again?


RE: But Democrats
By PrezWeezy on 3/5/2012 1:48:58 PM , Rating: 2
quote:
1. Hire


With what money?


RE: But Democrats
By fortiori on 3/2/12, Rating: -1
RE: But Democrats
By Reclaimer77 on 3/2/12, Rating: -1
RE: But Democrats
By nafhan on 3/2/2012 5:18:25 PM , Rating: 2
Not to put words in someone else's mouth, but in a two party system, disagreeing with a good bit of the policies, politicians, and actions of the party you associate with is going to be the norm. "Should I vote for the party I disagree with a lot, or the one I disagree with not quite as much?" is, sadly I'd say, the question for most (rational) voters in the US.


RE: But Democrats
By Reclaimer77 on 3/2/12, Rating: 0
RE: But Democrats
By michael67 on 3/3/2012 8:12:17 PM , Rating: 2
quote:
alf our problem is VERY basic knowledge that any IT professional or college student could tell you. When the problem is in the Government, how is MORE Government the solution again?

Uselessly i don't agree mouths with you, as according to you everything is the fault of big gov.

But here i have to agree, less is more.

I work for Statoil, and a couple of years ago they changed the network policy.

First rule, the network PCs are for work only!
We do have public PCs separated from the main system, that can be use for privet stuff

No thumb drives other then authorized by the company are allowed or even working on the system.

The web browser and email client are both sandboxed.

Almost every website is blocked by default, and new sites can only be accessed after asking permission.
Uselessly very quick (less the 5min), there is a URL submit page ware you can request for a page to be on the white list.

Before you get a password, you have to watch a movie, of the do and dont's on the network.
And breaking the rules means losing your job.
Last year a plant manger (responsible for about 1000 people) got fired, for breaking network policy.
So there is now a zero tolerance policy, and its working


A good and clear network policy, and competent net-admins is a must.

Less rules, and more enforcement will do the job, as making charts like this will not help at all.
http://static.vizworld.com/wp-content/uploads/2010...


RE: But Democrats
By NellyFromMA on 3/5/2012 1:24:16 PM , Rating: 2
The true problem is Reid bill seeks to punish AMERICAN's for 'IT incompetence' rather than actually deal with the problem which is the fact our systems (at ANY LEVEL OF competence) are attacked by foreign entities on a regular basis and our government can never hope to unite and actually stand up against any of these foreign parties.

So, instead, let's punish the people charges with securing our systems. It's a fools errand to assume an impenetrable system can be devised anywhere and placing that burden on anyone with fear of punishment is pathetic and an absurd prospect.

For sure, we should encourage and educate those who could have done better. Perhaps internal reprimands are in order for particularly greivous errors. But this approach.... It's actually anti-American and doesn't even asolve the problem..

Actually, it sounds EXACTLY like what I expect from our Congres... ::facepalm::


RE: But Democrats
By JasonMick (blog) on 3/2/2012 4:16:06 PM , Rating: 2
quote:
I thought the Department of Homeland Security couldn't possibly make us more safe? Now you want to give them a bigger budget, turn them inward on our own people, and make them into Cyber Gestapos and "crack down" on everyone. How does that make our Internet more safe again by the way?

There's GOTTA be a better way. But what more can you expect from a Bill written by Harry Reid?

Remember, when you use DHS to secure our networks, the terrorists..errr, Chinese win!

I'm not supporting either bill.

Actually I'd like to see a bunch of other kinds of things done:
1. Remove rules on cyber offensive, w.r.t. nations with high levels of known attacks (e.g. China, etc.).
2. Recruit black hat hackers (think the LulzSec kids). Stroke their egos, give them money, and use them to target attacker IPs in China, as well as to conduct off-the-record "retrieval" of Chinese financial and business information, as China is doing to the U.S.

In an era where a bright individual can be a on
3. Recruit new private sector firms to protect U.S. networks, with particular attention to high-tech targets, government networks, and high-profile contractors.
4. Move gov't websites to DDOS-proof ("in theory") hosting schemes, a la CloudFlare.

If you trust the Pentagon, CIA, and DOD in general, China is conducting mass offensive for-profit theft of American tech and financial IP. So pay the price to recruit forces and then mount a digital counterattack, while scaling up your own defenses.

I think the Reid bill has the right idea in that $$$ will be needed. But I think you are right -- pouring those dollars in to the DHS is questionable at best.

What I'd like to see done, again is to have a bill that puts $$$ towards contractors that will be employed in a mixture of offensive and defensive efforts.

I agree with both bills' suggestion of data sharing.

My issue with Congress in general, BOTH PARTIES, is that this should have been done 4 or 5 years ago. I've been with DT since 2007 and my whole time @ the site virtually I've been writing about these bills coming out then slowly dying due to partisan rancor.

I agree, you have to be careful not to accidentally hand the federal government greater powers of domestic surveillance, but when the nation and its businesses are under full and perpetual attack by an organized national threat, the nation is essentially at war and must come up with strategies and spend money to protect itself, not waste years bickering due to partisan differences.

Congress needs to see this for what it is -- war.

It may be a digital age war, and a financially motivated (bloodless) conquest, but if America does not defend itself, this situation will only further deteriorate.


RE: But Democrats
By JasonMick (blog) on 3/2/2012 4:27:26 PM , Rating: 2
(To finish my thought with point 2.)

* In an era where a bright individual can be a one man army online , we must recruit and reward financially the best and brightest, NOT imprison them .

China realizes this -- that's part of why it's cyber efforts are so hard to pin on it. It hires talented black hats and then sicks them on the U.S. for its own gains.

I think the U.S. is being too soft-hearted in preferring not to mass-employ its cyber-criminals. When these rogues are more powerful (skilled) than the government's paid IT employees in terms of intrusions, you need to be recruiting these valuable weapons (in an official capacity) and setting them to work against your enemies, not punishing them.

(Though perhaps psych profiles for potential recruits are in order to make sure their past transgressions were out of greed/curiousity/attention-craving, not just pure insanity. Lunatics make poor employees for positions of trust.)


RE: But Democrats
By Reclaimer77 on 3/2/2012 4:39:42 PM , Rating: 2
I agree with everything you said. But I don't see this happening under this Administration. Obama seems to think that any aggressive move, even to defend ourselves, simply invites more aggression. When we know the truth is quite the opposite.

I like your ideas. Peace through strength, my old standby :)

quote:
I think the U.S. is being too soft-hearted in preferring not to mass-employ its cyber-criminals. When these rogues are more powerful (skilled) than the government's paid IT employees in terms of intrusions, you need to be recruiting these valuable weapons (in an official capacity) and setting them to work against your enemies, not punishing them.


I think this would be a tough sell in Congress. Because you're basically talking about exposing our most secret networks to, literal, criminals. And once they are plugged in and doing their thing, it would be literally impossible to make sure they are doing their jobs and not more seedy endeavors. Like you said, they're smarter than our own IT experts for the most part. Hard to track and monitor and keep tabs on.

Notice I said Congress would rip the idea apart, so would the media. I personally think it's worth the risk.


RE: But Democrats
By JasonMick (blog) on 3/2/2012 4:41:22 PM , Rating: 2
quote:
I think this would be a tough sell in Congress. Because you're basically talking about exposing our most secret networks to, literal, criminals. And once they are plugged in and doing their thing, it would be literally impossible to make sure they are doing their jobs and not more seedy endeavors. Like you said, they're smarter than our own IT experts for the most part. Hard to track and monitor and keep tabs on.

My notion would be to have some sort of ambiguous money pool e.g. perhaps by bumping the CIA budget and letting them funnel it.

Don't give your new "friends" access to your networks or government hardware. That's the LAST thing you should be doing. Just give them CASH and basic instructions about the target and leave the rest to their creativity. A cash "signing bonus" should get them started with all the equipment they need.

Have them give you files of what they obtain or damage they do for analysis and then pay them bonuses (say in the $100K-$1M USD range) for each major success.

That's likely the model China is using, if I had to speculate.

Of course there's the risk of the Chinese or others trying to lure them, so the CIA or whoever is involved will need to carry out some monitoring of their connections.


RE: But Democrats
By JasonMick (blog) on 3/2/2012 4:45:41 PM , Rating: 2
And let me be noted I said the CIA because it is a government agency that is neither authorized nor does it have an extensive history of spying on U.S. citizens. Thus it'd be a relatively safe point to inject funds.

Unlike the DHS.

A bill could be proposed in Congress under the premise of cybersecurity with ambiguous language that obfuscates the true purposes as long as the President and a handful of trusted Congresspeople know what is going on.

It'd be a wise move if the President "had the balls" to do it.


RE: But Democrats
By Reclaimer77 on 3/2/2012 5:19:26 PM , Rating: 2
Ohh a black project. Now you're talking. I must have misunderstood. Politically it's risky though if this gets out in the press or Congress gets a wiff of it.

I like it. Sounds like a great idea for a book too. If it hasn't been done already that is.

quote:
That's likely the model China is using, if I had to speculate.


Well except for the high pay and bonuses and freedom to operate on their own, yeah. I get the feeling China's approach is more likely "Good job, we WONT shoot you today. And you've earned a pee break!" :P


RE: But Democrats
By wifiwolf on 3/2/2012 9:42:10 PM , Rating: 2
It will be know (there's still wikileaks). But just because everyone will be screaming "The horror" doesn't mean they won't do it anyway when they need to.


RE: But Democrats
By bah12 on 3/5/2012 12:48:08 PM , Rating: 2
That's good in theory, but haven't we learned anything from history? Providing your enemy's enemy with weapons/resources almost never helps in the long run. Think Iraq/Afghanistan. There it was physical guns, but the concept is the same. Arm the bad guys because they are a little less bad than then immediate threat.

Problem is your "plan" has a fatal flaw. Immediate short term gains at the risk of long term pain. What happens when your plan is successful? Do the hackers just retire and burn all the shiny new super computers they've bought. Or do they hire their services out to the lowest bidder?

They are anarchists,by the very definition of the word they cannot or will not submit to "control" via any means. Their ideology would certainly have no issue taking your funds to use against you. Any control you may think you have would be nothing more than an illusion.

The other flaw in your argument is that the only place to find "smart" people is via the criminal element. There are plenty of smart law abiding IT people out there. That is not the issue, the issue is the political BS and red tape that prevents them from doing what needs to be done. Like many jobs security holes exist not because of a lack of IT talent, but a lack of IT authority. IT is almost always an afterthought, and good forbid the CEO not be able to see that youtube post on his iPhone.


RE: But Democrats
By Ringold on 3/2/2012 4:33:59 PM , Rating: 2
Another idea.. If domestic hackers that've attacked/infiltrated government services don't want to join us, then to treat it, like you said, like war. In other words, treat them like we would've Soviet or Chinese spies in our nuclear weapons programs during the Cold War, with sentences ranging between spending the rest of their lives behind bars or execution, with none of the 20 years on death row that is usually the case.

If, say, half a dozen hackers that infiltrate CIA networks get lined up in a field and shot (which is EXACTLY what China would do for far lesser offenses), then it'd send a message: attacking the government is a serious matter.


RE: But Democrats
By JasonMick (blog) on 3/2/2012 4:35:44 PM , Rating: 2
quote:
If, say, half a dozen hackers that infiltrate CIA networks get lined up in a field and shot (which is EXACTLY what China would do for far lesser offenses), then it'd send a message: attacking the government is a serious matter.

True, but I would adopt a carrot or stick approach.

One man in today's global IT atmosphere can do a lot of damage. If China wants to attack us nonviolently, we should attack them right back nonviolently.

The offer could be something like:
quote:
Hey line up and get shot in the field.

Orrrrr we will pay you NFL money to work FOR us. You'll have women and power. All you have to do is hack those that hack us. Your salary will be structured heavily on bonuses, based on our assessment of what you have obtained and what kinds of damage you have done.

Let China and other aggressors taste their own poison.


RE: But Democrats
By tecknurd on 3/3/2012 4:59:36 PM , Rating: 2
quote:
Actually I'd like to see a bunch of other kinds of things done:
1. Remove rules on cyber offensive, w.r.t. nations with high levels of known attacks (e.g. China, etc.).
2. Recruit black hat hackers (think the LulzSec kids). Stroke their egos, give them money, and use them to target attacker IPs in China, as well as to conduct off-the-record "retrieval" of Chinese financial and business information, as China is doing to the U.S.

In an era where a bright individual can be a on
3. Recruit new private sector firms to protect U.S. networks, with particular attention to high-tech targets, government networks, and high-profile contractors.
4. Move gov't websites to DDOS-proof ("in theory") hosting schemes, a la CloudFlare.

Sure remove offensive rules, but then include a rule to be offensive by attacking. If you want to start a war, then your statements makes war to happen.

Really if number 2 is done, we or the whole world will be in big trouble. Cyberwar will begun and every country will filter every packet coming in and out of the country. Mainly there will be only Intranets that people will be able to access. Attacking by hacking China does not make it right because they did it to us (USA). There is an old saying two wrongs does not make it right. It is best to use the ol' famous hackers to help defend us from hacks that China is doing to us.

It is best to combine 2 and 3 for the best lines of cyber-defense. Only 1 is when it is absolutely necessary. Is now absolutely necessary? No because two wrongs does not make it right. Have to understand that attacking a country by hacking can enter into war with each other.

My rule is every country should get on the same page of agreeing to cyber security treaty, so this hacking country crap does not happen and it is not allowed.

Congress should of done something in the 80's when hacking begun going crazy. Though lawmakers does not understand computers at the time and they still scratching their head to figure out how to turn on a computer or probably they are at the stage of what is the combination of keys that prints the at sign.


"I modded down, down, down, and the flames went higher." -- Sven Olsen














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki