Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Director Says the US Must Secure the Internet

Posted by Soulskill on from the self-proclaimed-internet-police dept.

Trailrunner7 writes "The United States has a responsibility to take a leadership role in securing the Internet against both internal and external attackers, a duty that the federal government takes very seriously, the country's top military cybersecurity official said Tuesday. However, Gen. Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, provided virtually nothing in the way of details of how the government intends to accomplish this rather daunting task. 'We made the Internet and it seems to me that we ought to be the first folks to get out there and protect it,' Alexander said. 'The challenge before us is large and daunting. But we have an obligation to meet it head-on.' It's unlikely that any of Alexander's comments Tuesday will do much to quiet the criticisms of the Obama administration's security efforts thus far. Speaking mostly in generalities, Alexander emphasized the administration's commitment to the Comprehensive National Cybersecurity Initiative, a plan developed by the Bush administration and recently partially de-classified by Obama administration officials."

14 of 250 comments (clear)

  1. Are they joking? by ak_hepcat · · Score: 5, Insightful

    Until you control all the INPUTS, you can't control the OUTPUTS

    I think these folks are actually trying to use scare-tactics in order to increase their own budgets short-term,
    knowing that there is no feasible method of performing such a task.

    --
    Support FSF: Stop thinking with your wallet, and think with your imagination. (cc/non-commercial)
    1. Re:Are they joking? by Burz · · Score: 5, Insightful

      Exactly. What they are demanding is the banishment of anonymity at the very least.

    2. Re:Are they joking? by rwa2 · · Score: 4, Interesting

      Meh, joking aside, there's plenty of technical measures that they could be doing (not that we'd necessarily want these people to do this kind of thing for us)...

      * Plopping down firewalls at internet trunks, then using them to filter out spam and portscans. Propagate rules to shut down bot traffic at the edge routers.

      * Sniffing / logging all traffic with snort / ntop (but more likely something big commercial and expensive) for, uh, forensic analysis

      * Requiring some sort of RealID authenticated onramps, so net access can be traced back to a credit card or better yet an "internet license" associated with someone's passport or other unique government ID

      * Encrypted key escrow so they can peek inside encrypted data and streams.

      Scary stuff with lots of room for abuse, but really not any different than what a mildly competent corporate IT department already does.

      Maybe on the internet2 for mobile phones (the next generation).... the question is whether the new system will be "pre-secured" by the corporate walled gardens, or if the government will finally finish "securing" and thus killing off the first gen internet just as the new one comes online ;-P

  2. What? by bhcompy · · Score: 5, Insightful

    Secure it from you control freaks? Sure.

  3. Can we have our money back? by blair1q · · Score: 5, Insightful

    We did make the Internet, and between government and business and private citizens we spent about $1 Trillion bringing it up to the state where Carly Fiorina and the other outsourcing robber-barons could use it to ship the whole information economy to India and China, cratering the return we expected from our investment, so they could pocket a few $billion in quick profit.

    We'd like our money back. Someone tell Carly she owes us.

  4. Re:The non-technical have lots of crazy ideas by bsDaemon · · Score: 5, Insightful

    He has a masters degree in systems technology and another in physics, according to his biography, in addition to an MBA and a BS undergrad, plus lots of experience in intelligence and counter-intelligence, including in active combat scenarios, according to his biography. I suspect he's probably more "technical" than a large swath of people here, not to mention the general public. Just because he says folks doesn't mean his 'non-technical', so stfu.

  5. I don't want a "protected" internet. by wcrowe · · Score: 4, Insightful

    The way to "protect" it is to not use it for stuff that, um, needs protecting.

    --
    Proverbs 21:19
  6. Protection by D3 · · Score: 4, Interesting

    I think it would be more accurate to say we need to protect ourselves from the Internet vs. we should protect the Internet.

    --
    Do really dense people warp space more than others?
  7. Re:Already secure by arth1 · · Score: 4, Insightful

    And how do you know that the host you SSH to is secure? It has at least one exposed attack vector if you can SSH to it, and probably more. And it's not enough that it's secure right now -- if it was broken into in the past (visibly or without traces), and someone made off with the host key, you can't protect against a man-in-the-middle attack.
    Then there's the possibility of breaking in to the router in front of that host, which might give you access to other and less secure hosts in the same zone. Do you control that too?
    And what about your system? Has it been 100% safe from day one until now?

    No chain is stronger than the weakest link, including the endpoints.

  8. Not quite by Burz · · Score: 4, Insightful

    You could be placed under investigation because of Who you ssh with.

  9. Re:The non-technical have lots of crazy ideas by poetmatt · · Score: 5, Insightful

    if you read the summary about "Securing the internet" you'd know that the comment by this individual, technical or not, would give you the impression that he's a fucking moron.

    I'm sure he's good at what he does, but "securing the internet" is not and will never be one of those things.
    Even DNSSEC and IPv6 do nothing for "Security", because they haven't gotten back the original security issue: computers and/or users. Adding encryption, adding anything to allow anonymity and all you do is make it easier to poke holes in security. Get rid of anonymity and all you do is make it easier for people to use fraudulent identities since it assumes that nobody can be anonymous, which is also impossible. You're at the PC, and I'm behind you telling you what to do? Guess what, I'm anonymous.

    Considering that security goes beyond the internet, shows how impossible the idea is. This is not even remotely reasonable.

  10. Re:The non-technical have lots of crazy ideas by copponex · · Score: 5, Insightful

    At some point in history, there were doctors who were convinced that the four humours were the chief actors in the body, and developed some pretty strange and barbaric rituals to regulate their levels. The finest doctors at that time went to the finest schools and received the best education in the world, as far as they were concerned. The trouble was that everything they believed was absolutely untrue. The foundation of every bit of their knowledge was built upon a lie.

    Receiving a good education does not ensure that you are right or wrong, but it means you are very highly trained in the existing hubris of your culture. So I'm sure this guy worked very hard, and filled out all the right forms and kissed ass at the appropriate times and wrote brilliant regurgitations of his professor's theories to clamor his way to the top of the bourgeois dog pile of the desperately successful. But that doesn't mean his ideas are worth a damn.

    And it also doesn't mean that they're not worth a damn. But the guy works for the government, and specifically, the part of the government that exists to protect American (corporate) interests above all else. His job is to make the internet safe for commerce, not to protect the free flow of information. He's got his hammer, and he intends to find some nails.

  11. Re:The non-technical have lots of crazy ideas by bsDaemon · · Score: 4, Insightful

    DNSSec is intended to prevent query cache poisoning. It's not a catch-all silver bullet and its not meant to be. Similarly, requiring IPSec in IPv6 solves certain problems, while leaving others untouched.

    There will likely never be 100% security, for if there were, then you would have a 100% unusable system. But that doesn't mean that the current situation can't be made better. I just get the impression that a lot of people around here equate freedom with a reasonable expectation of getting away with a crime and have greasemonkey scripts to auto-respond with the Franklin security/liberty quote.

  12. Re:Already secure by Anonymous Coward · · Score: 5, Insightful

    You're missing the point entirely. When US gov. officials use the term "secure" they mean precisely "control and oppress those in question" or often "retain power at all costs". You must learn to read these statements properly.