Slashdot Mirror
US Plans Cyber Shield For Private Companies and Utilities
wiggles writes "The federal government is launching an expansive program dubbed 'Perfect Citizen' to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program. The surveillance by the National Security Agency, the government's chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn't persistently monitor the whole system, these people said. How do we feel about NSA spyware in all of our infrastructure?"
Yes, because more surveillance is what is needed. Every year it goes further and further. The good thing is that at least they know to take it slowly - increase the surveillance just a little bit at a time and people wont really complain or notice. In a few years you will be there, just like with UK.
I would think that internet infrastructure belongs to the "critical" category too. Just tell your political opinions in a private conversation to someone, say you don't like the mayor and expect a lawsuit. How long until "harmful content" like P2P and porn starts to get blocked? Looks like USA is not that far from China after all.
And a name like a "Perfect Citizen"...
That's the problem with big expensive publicly-announced efforts to protect against known attacks. The bad guys tend to not be idiots, and don't do what you expect. Come on, we can't even protect ourselves from our own stupidity, like when a trader accidentally enters an order for a billion rather than a million. If our systems are so fragile, then it doesn't take much. Oh, and what makes anyone thing that we don't have insiders willing to initiate cyber attacks? A big fire wall on the ourside doesn't help much there.
.. seriously, are we that far behind in our critical infrastructure that its still just plopped down on the internet without a firewall, filtering, port blocking, like some infected win95 machine from the 90s? Stuff like that should not be on the internet directly, ever. Private networks only, connected only to systems that need to monitor/control. Sure its faster/cheaper to plop a dsl line to that remote site, but its far less expensive to just get a direct private line to it than it would be to implement any of this other security theater the govment likes to use. Imagine your corporate firewall being run by the NSA....Hah
Tm
Support TBI Research: http://www.raisinhope.org
There it goes out the window with all of the Bills currently in Congress to chase the internet "boogie man" as they hire "governmental approved companies" to produce boxes to install on your internet line.
Proprietary and very secret boxes.
They will track how long you play WoW, what you buy and put you in prison for that Virus that downloads pr0n.
SO much easier to get rid of people they don't like especially if the black box has the ability to infect and download the pr0n for them onto your home PC using "government approved software".
This is getting way out of control very fast.
One thing for sure though, you won't run LINUX, you won't run anything except what that black box says you can run.
Ironically there is a very real chance that only the collusion of fascism can take down Open Source because companies can't compete against it and governments absolutely hate systems built in the open because they can't lie about what they are doing to the masses.
The "Perfect Citizen" in this definition is one who doesn't question, only uses what the government tells them to and more importantly believes that the internet is better off with it.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
The first thing I thought of when I read the flame-inducing "How do we feel about NSA spyware in all of our infrastructure?" was "oh well, at least there will be good-guy spyware in there with the bad-guy spyware..."
Do you really think that these private firms are honky dory with their current systems? As discussed to death at Black Hat 20[insert any year here], most private firms are years behind the DOD when it comes to info security, some of them ignoring it outright (the new power grid technology comes to mind).
If these companies aren't going to take security seriously, is it really wrong to offer a program that lets the NSA help them out? Or worse, would you rather the NSA simply hold out for a secret executive order to place surveillance equipment without the need to tell anyone? I think that this step, at least, is in the right direction. It could still go horribly wrong, but why kill it before it has the chance to do some good?
How do we feel about NSA spyware in all of our infrastructure?
Better than Chinese spyware in all of our infrastructure.
Start with the basics. Map the traffic patterns and usage patterns.
Now, roll that data up from a hundred different companies.
You'll see the patterns.
Share that information (anonymized) with the companies so that they can hunt down any "weird" traffic on their networks.
The net has huge tides - but unpredictable ones such as the traffic burst that happened when Michael Jackson died.
Those traffic shifts, along with the introduction of new technologies (such as IPv6, cloud computing, and smaller things like the next twitter) will create false positives.
And an attacker, knowing that there are these bursts fairly frequently and that during them there will be false triggers, will time the launch his attack so that it occurs during or shortly after one of those events.
Personally I don't think NSA has the chops to do this monitoring job. Why? Because to do a good job a lot of data needs to be correlated and NSA, if anything, is very unwilling to share its data with others who may also be watching - like ISPs and power companies or just those of us chatting on mailing lists and noticing that weird things are happening.
How about just... not connecting EVERYTHING to the net? The best way to prevent an unauthorized user access to the main control switches of a power plant is to simply have those commands input manually by someone you reach directly by phone. You won't be able to hack those employees directly until those nifty GITS full body replacements roll in (ETA Q4 2013)
would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack
How will the "sensors" communicate with the NSA while being attacked? The internet?
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
What if there are no "massive cyber-attacks" by "Chinese hackers"?
Who'd know? The key part of almost every successful TCP/IP network attack or compromise is the ability to manipulate intermediate hosts, etc. to obfuscate and mislead as to the actual "real location" of the attacker or malicious agent. When I was so preoccupied, in the mid/late-nineties, it was common practice to use Chinese IP space as "base-camp" for our explorations. I remember, in particular, an entire University lab of several dozen Sparc5 clones, directly connected to the Internet. Getting shell on these was a trivial exercise. The poor quality of the systems administration on these hosts was also an excellent indication that any forensics effort would be pretty hopeless, with the simple deletion of local logfiles.
Given the resources of a US or Israeli intelligence agency, it is completely likely that attacks could appear to be "Chinese" - without ever having a ZH presence. Manipulation of BGP, etc. could produce the required 'evidence'.
Which also begs the question: why would "Chinese" or "North Korean" state-sponsored "hacker gangs" be able to launch attacks with sophistication enough to be considered a threat to national infrastructure, yet simultaneously naive enough to be triangulated back to their supposedly surreptitious origin?
As they say, "Pull the other one, it has bells on it."
The only serious outcome of any mass-scale foreign cyber-attack has been to create a climate for the acceptance of increased surveillance, demolition of limits for Federal agencies and the Military in regards to the law-abiding civilian US population, and the complete obliteration of 4th and 1st Amendment protections afforded by the U.S. Constitution. What if that is not the "unintended consequence"?
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell