Slashdot Mirror
FBI Warns of Sweeping Global Threat To US Cybersecurity
GovIT Geek writes "The FBI's newly appointed chief of cyber security warned today that 'a couple dozen' countries are eager to hack US government, corporate, and military networks. While he refused to provide country-specific details, FBI Cyber Division Chief Shawn Henry told reporters at a roundtable that cooperation with foreign law enforcement is one of the Bureau's highest priorities and added the United States has had incredible success fostering overseas partnerships."
Where have I heard that before? Oh yeah.
But the second quote happened at the beginning of a horrible paranoia based on a real external threat. We still have the apparatus of that paranoia, though most of it was outlawed in the late 1970s and the only credible external threat is now our largest trade partner and "most favorable nation." Today we have secret "terrorist" blacklists with more than a million names. Domestic spying, especially web based spying, has jumped to levels that would make the freedom loving senator from Wisconsin angry. Anti-death penalty and peace groups are among those watched. Shame, isn't it?
Shoring up the nation's IT against spying is as easy as dumping the prevalent non free software used by most big dumb companies. This would also save the country hundreds of billions of dollars in licensing fees and other headaches unique to non free software. The problem is that it would make wiretapping very difficult or impossible.
Friends don't help friends install M$ junk.
I'm now worried that mine's at risk.
News Flash: Guy in new job declares new job important!
A little inaccuracy sometimes saves tons of explanation.
Don't worry, if McCain wins he'll make Joe the Plumber his special advisor on such issues.
Trolling is a art,
and here come the cries from the government "Quick we pass these laws to protect us!!!" Yeah right...
Threats against cybers? Uh-oh. I've been cybering all morning. Heck, I even did cam to cam once. No global sweepers have threatened me yet, but now I'm scared. I hope they don't hurt me.
Since when is it the FBI's mandate to protect online sex chatting?
Modern copyright is theft of culture from everyone and it retards the progress of the useful arts and sciences.
. While he refused to provide country-specific details[...]
He then hinted that an announcement[...]
Henry would not comment in detail[...]
He shied away from commenting[...]
So a newly appointed government official announces something that we in the network world have known for years and suddenly it is news? I think that anyone who has any amount of experience in computers would know this by now. If I had a dollar for every attack on my network from Asia, I'd take us all to lunch.
Of course he will talk up the threat - that's his job. Since there's no way that these intangibles can ever be measured, he's on pretty secure ground too. If no threats materialise it's because of his vigilance and the skill of his team - not because there were never any real threats to begin with.
If a threat does turn into a real attack - well, he needs more money, powers and curtailed freedoms to ensure it doesn't happen again.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
There is no doubt there are bad people that would like to do bad things to others in the world, but why anyone takes this kind of propaganda seriously is beyond me.
It's more than likely the amount of funding he gets is directly proportional to the amount of fear mongering produced.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Aight, I put on my robe and wizard hat.
-Peter
http://defensesystems.com/Articles/2008/10/Air-Force-demotes-Cyberspace-Command.aspx The Air Force announced last week that it has backed off even further from its grand plan to establish a cyberspace command as the military entity primarily responsible for securing and conducting offensive operations in cyberspace. The Air Force launched a provisional Cyberspace Command more than a year ago and scheduled a formal command launch for Oct. 1. However, officials delayed that effort after the departures of Air Force Chief of Staff T. Michael "Buzz" Moseley and Air Force Secretary Michael Wynne, who were fired for incidents involving the mishandling of nuclear detonators and weapons.
Nice way to get more budget, "OMG the terrorists are going to control our nukes from their iPhones!!!11!! You must give us lot of money to protect you".
I know there are threats, and I know that a lot needs to be done about them, but this kind of scaremongering is getting boring after nearly a decade.
This is a real problem, there is no need to exaggerate it. You use unsupported hyperbole at your peril, after a while no-one will take you seriously. Especially now, when budgets are under so much scrutiny.
In many ways these financial problems could be great for civil liberties, constructing a surveillance society costs real money. Just take a look at the UK ID scheme, it will cost billions.
Paul Leader
Al Qaeda is on AOL chat rooms asking A/S/L ?
I want to delete my account but Slashdot doesn't allow it.
You are inferior. Man will be reborn as Cybermen, but you will perish under maximum deletion. Delete, delete, delete, DELETE!
The implication of a government person saying we have a problem, is that the government should do something about it. And for the military and other government networks, that's fine.
But why do we ("we" being the government) need to do anything to protect corporate (or any other private) computers? The owner/operators of computers can protect them on their own. Just stop running foreign code.
This isn't like physical security, where, say, IBM can't (and shouldn't have the means) to protect themselves from nuclear ICBM attack. It makes sense to put government in charge of securing the country against certain threats, and that job (if stated broadly enough) is arguably the only reason we need government to exist at all. But cyber-security isn't one of those situations, because individuals and groups can protect themselves, without putting anyone else at risk.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
That guy knows how to fix a series of tubes!
USA! USA! USA!
"When information is power, privacy is freedom" - Jah-Wren Ryel
The implication of a government person saying we have a problem, is that the government should do something about it. And for the military and other government networks, that's fine.
But why do we ("we" being the government) need to do anything to protect corporate (or any other private) computers? The owner/operators of computers can protect them on their own. Just stop running foreign code.
This isn't like physical security, where, say, IBM can't (and shouldn't have the means) to protect themselves from nuclear ICBM attack. It makes sense to put government in charge of securing the country against certain threats, and that job (if stated broadly enough) is arguably the only reason we need government to exist at all. But cyber-security isn't one of those situations, because individuals and groups can protect themselves, without putting anyone else at risk.
If you're premise was correct your position would have some merit, but because you're probably thinking very narrowly about the problem you've missed some very big issues.
First, much of our infrastructure is run by private companies. Think about how effective inter agency communication isn't when phones and cell phones don't work (think Katrina and 9-11). Our utilities are almost completely under private control and that includes nuclear reactors, dams, and the electrical grid. The Nuclear Regulatory Commission sets standards for security, but computer systems and security (both virtual and real) are all handled by private companies, most often contractors.
Second, even non-infrastructure companies can be hugely disruptive. Think what could happen if someone gained control over the automated systems that report on the prices of stocks, commodities, bonds, and other financial mechanisms. Creating a run on a bank, Wall Street, or a huge fluctuations in the value of the Dollar would be trivial if someone just had access for a short time period. If someone had undetected access and a more subtle mindset the damage could be both much longer term and much worse.
Finally, even companies and organizations that don't control infrastructure or financial systems can have a huge impact if their systems are compromised. Your example of IBM's being able to protect themselves without risk to others is also critically flawed. Last year IBM did $1.43 billion in consulting work for the US government. (1.4% of total 2007 revenue) You don't suppose that in that some of the work is classified? I know some of it is and further, given continued access, I could see the new stuff as the contracts are awarded to Big Blue. This also ignores the disruption that they could create because they are a well trusted ASN on the Internet. The sheer number of workstations and servers they have would also make them attractive to operate as part of a bot net.
In short, there are lots of ways that any large company can hurt the rest of us if they aren't responsible with their security. Now, I'm not buying into the idea that the government being responsible for everyone's network security, they couldn't if they wanted to, but right now network security is something that a lot of companies haven't taken seriously and they _can_ harm us with their negligence.
First worry about individuals and groups of individuals, that are already doing some damage. Worms, spam, virus, botnets, exploiting vulnerabilities, social engineering, phishing... you dont need to have a country's government behind those threats.
And part of the solution is not "attacking", but defending having things right in your side. Detect infected and vulnerable sites and pcs and warn/educate owners/vendors about that, as they are the perfect source for i.e. a big DDos or other kind of attacks. That US is the biggest source of spam and probably botnet activity of the world is a good warning sign.
Fair enough on that. I'm ok with government demanding authority (or certain standards) over private computer security as a term in government contracts. As long as someone can Just Say No (i.e. don't take the lucrative government business) then surrendering this power isn't hurting anyone.
Infrastructure that is already high-regulated, most of which has some sort of monopoly given by government? Hmm.. ok there too, for the same reason.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
much of our infrastructure is run by private companies.
So, basically privatization leads to nationalization?
Interesting.