Slashdot Mirror
Department of Homeland Security Wants Nerds For a New "Cyber Reserve'"
pigrabbitbear writes "Just three weeks after Defense Secretary Leon Panetta told an audience at the Sea, Air and Space Museum that the U.S. is on the brink of a 'cyber Pearl Harbor,' the government has decided it needs to beef up the ranks of its digital defenses. It's assembling a league of extraordinary computer geeks for what will be known as the 'Cyber Reserve.'"
you cannot commandeer /.!
have you seen my sig? there are many others like it but none that are the same
You know they are jealous of Best Buy and wanted to call this the Geek Squad.
Learning HOW to think is more important than learning WHAT to think.
give the prevalence of H1B immigrants and the fact that most aren't staying in the country (better digs back home) does America have any hope of hanging onto a competitive edge? Not that it matters much for the guys at the top (they're global, they don't think about little stuff like countries anymore), but for little 'ole me stuck here in the good 'ole US of A it's a worry.
And if you think I'm exaggerating, you either aren't working in tech or you're not paying attention.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Or rounding up?
[puts on tinfoil hat]
Think about it, you participate one weekend a month for sec training and preparedness drills, and take on a special project every once in a while, and get the military benefits without leaving your house. I'd be in for that, especially if it (being those projects) could be done as moonlighting outside my regular job. That doesn't sound so bad.
Once again, the clueless people in high places prove they don't understand. Attaching "cyber", "e", "online" or even "with a computer" to something does NOT make it a new threat. And "Cyber Pearl Harbor"? Gimme a damn break. There is no need to try and compare unlawful access to a computer system by a foreign entity to an attack that killed thousands of people and drew the US into one of the bloodiest conflicts in human history.
Espionage is espionage, regardless of wether it's someone sneaking documents out of a building or tapping into someone's computer system. Just because something happens on a computer does not automatically make it a new class of crime for which there must be an immediate expenditure of untold sums of taxpayer money.
So please, governments....stop with the crap already...
"So after all this, you make my case for me. To end this stalemate, you must die..."
I can't help thinking we'd be better off sending our very worst programmers overseas instead. If you really are a computing screw up, the kind of guy that turns a "hello world" into an infinite loop, your truly are an asset to this nation and we'll gladly sponsor your job application to iran or north korea. Problem solved.
well then it's time for the people in charge of this, who were probably the lawyer/prep/ivy league have-it-alls in highschool, to get over their cliquish demands for irrelevant shit like dresscode conformity, good looks, superficial pop culture interests, and top tier athleticism if they want the very best technologists. Of course, if these assholes had learned anything since high school, they'd realize calling anything 'cyber' or 'virtual' scares away the people they're trying to bring in before they even start.
Sorry leon, /b/ still is not your personal army
Snowden and Manning are heroes.
for Frito-Lays. Unbelievable.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
If that were true, it would have already happened by now. I mean, wtf are the US's enemies waiting for?
Here's what someone said back in 1998:
Excuse me if I can't take the government seriously about preventing a cyber "Pearl Harbor". What'll happen is that there will be some attack w
That's a tough one, but I'll take a shot..
You all know how the rest goes...
“He’s not deformed, he’s just drunk!”
Why would you hire an expert computer hacker/programmer/systems guy/girl if they can get paid 3x the amount working in a private company?
If you want to create an elite set of 'ubergeeks' you need to pay them a lot of money, allow them to work in jeans and tshirts, endless supply of mountain dew and snacks.
Or otherwise work for Google.
The price is always right if someone else is paying.
I put on my robe and wizard hat.
Yes I'm sure that Network Security
Specialists enjoy anything related to the word
CYBER, it is like the New Wave era of
HACKING (not to be confused with
cracking)... or something like that
How much does it pay,
How long until I qualify for a pension, and
Do I get to hack other countries for fun and profit without worrying about legal repercussions?
(Hey, the SCADA hacks on Iran sound like pure geek porn. Don't lie, you all wish you could have done that without fear of the MIBs showing up at your door to ship you off to Gitmo!)
Oh, and most important - I want a guarantee, in writing, notarized, and reviewed by my lawyer, that they won't ship me off to die in some foreign sandbox (no tech-pun intended) when they need sacrificial grunts for the next blood-for-oil charade.
...just hook me up with some of them Colombian hookers the Secret Service has been recruiting for their Randy Reserves.
I swear to God...I swear to God! That is NOT how you treat your human!
It could be a hard sell, but if Samuel L. Jackson called, I'm sure people would join. Of course, Anonymous would have to kill the Phil Coulson of nerds first.
"There was an idea to bring together a group of remarkable people, so when we needed them, they could fight the battles that we never could... "
This whole thing is useless, and counter intuitive.
Essentially, government is going "ZOMG! We have (t)error(ist)s causing problems in our networks causing mayhem and loss of our priviledged informations!" And instead of going "hmm.. maybe we should audit our standards and practices, and actually hire people who know what they are doing...", they instead proclaim "we must create a new branch of the armed forces to be responsible for our existing and unwieldy information infrastructure! We'l call it "cyber something-or-other'!"
This is 100% wrong.
The problem, --and the reason for all the security breaches--, is twofold.
1) we bend over backwards to perpetuate an inefficient intelligence and information handling infrastructure, with all kinds of protocols, and exceptions to rules that essentially (and are created precisely to) create "gyres" where information piles up, gets forgotten about, neglected, and buried. This allows people to hide information. Inject false information. For information to be lost when it could be essential. All kinds of problems. We do this because fixing the problem would expose people (and responsibility is bad, mkay), and would threaten established hegemonies.
2) the creation of this new organisation will only serve as a scapegoat for when things *will* go wrong because of #1. This will only create disgruntled IT people. If govt doesn't comprehend why that is bad, they deserve what they get.
3) the creation of a publicly exposed group causes anxiety in other countries, causing escallation of military backed network infiltrations and abuses of the global public commons that is the internet. It does not discourage this behavior.
Really, the whole idea is stupid.
What they should *really* be doing is improving the NSA to deal with offensive infiltrations (they are already good at it.), and completely restructure their data retention and data handling protocols in a fully comprehensive (with no sacred cows) manner, while hiring competent people to manage their infrastructure.
But that would fucking make sense.
Look she spouted a lot of garbage about 'cyber-geddon' and it was torn apart by geeks pointing out that hacking a web page of a power station with its 10 visitors a day, is not synonymous with attacking the power station, and that the fix for these problems is to keep critical stuff on private network links.
So they hire a few geeks who will talk sh1t to attack the real enemy, us and our plain talking common sense! The War on Common Sense!
I noticed that the Russian Hacker, Georgia revealed a few days ago, was a sad man living in a crappy room, not a soldier in a military uniform surround by War Game screens. They are just a pest, and for Georgia it should have patched its servers and locked down its logins, even for the government websites so he couldn't deface them.
If you have a problem, you fix the problem, you don't declare war on it.
New Pearl Harbor is a melodramatic pre-imagining of the teenage attack on U.S. power-grids and the subsequent DooAlittleMoreThanNecessary Raid. While not directed by Michael Bay, fans of his in the CIA have collaborated with the makers of Innocence of Muslims and Rupert Murdoch in this captivating mind-wrenching sequel.
"When you see the part where Leonardo DiCaprio telnets into the Pentagon and sends drones to Moldova, you'll shit your pants!" -- Sock Puppet Reviews
"If you told me Justin Bieber could've played such a convincing hacker, I'd have laughed in your face" -- Hillary Clinton
"It brought tears to my eyes, and I was a POW." -- J. McCain
"Thank Yahweh for benzodiazepines! " -- Janet Napolitano (Eight-Time Mother of the Year Award Winner)
"You'll need your Mountain Dew for this one!" -- Anonymous
*Partially plagiarized from wikipedia.
Forward! -- Emperor Norton, 2012
Didn't we all get into technology for the meetings, the red tape, the bureaucracy, the TPS reports, the PHBs (pointy haired bosses)
In no particular order, the Heroes at Homeland Security will clap the leg-irons onto all their tame geeks, will lock down every box, will firewall every internal network, will take away every admin priv, will assign a "handler" to every geek with veto authority on every mouse click. And then? Of course the token techies will be crucified for not being able to use their non-existent resources to defend Wal-Mart from the script kiddies
They're looking for scapegoats my friends, don't fall for it
Do we get Scott Bakula as commander of NetForce?
they want tame nerds who agree with the USA's current luddite anti-technology crusade and will uphold things like plainly idiotic copyright monopoly law and endless censorship. They ain't gonna get the best and brightest until there's some regime change at the top.
How are the Japanese going to fly virtual planes into virtual harbors to cause real damage?
We're in real trouble if the DHS is 'on top of' the cyber war response. These guys will probably electrocute 20 men each trying to give the same PC a handjob "for information leading to a terririst!!!!" ;]
The DHS represents all the things Americans most despise about our own country: The invasion of privacy, the waste, the abuse of power, the incredible frauds, the xenophobia, our quickening slide toward fascism. Who would want to be in any way associated with this agency?
The DHS is the worst idea to come out of Washington and that's a town that's pretty much only ever generated bad ideas. I'd rather be waterboarded than lift a finger to suport that particular government agency.
"My God...it's full of trolls!"
...TIMES A THOUSAND.
"The SCADA security holes have only recently come to the attention of the industry. I can assure you that there's a giant collective brick being shat over it but fixing this stuff takes time."
Rubbish.
What DHS is doing talking and what you also did was this:
a) Talking about SCADA system vulnerabilities and mentioning STUXNET as evidence of it (and not mentioning that it had to be introduced by a spy inside the plant and not internet facing)
b) Talking up cyber intrusions on web servers (which are internet facing).
c) Conflating the two as if they are both cyber attacks and thus the man attacking the web server can attack the SCADA system because they're both 'cyber'.
SCADA systems as NOT mostly on the internet with open logins, that's a fooking lie. This problem has been known from the start and the technicians who put these systems in are no idiots who've only just found out there may be a problem.
The problem here is the misinformation from the DHS to pump its own budget.
All right maggot, fallout! Colonel Homestarrunner is recruiting the most elite team of crack commandos to invade Strongbadia. Do you has what it takes to join the Homestarmy? Will you bring a sack lunch and some orange slices for me and serve your country? WILL YOU STUPID!?
private company's are the ones with poor security and some has to do with cut backs and other PHB driven stuff.
Like PHB buying stuff on the golf course with out getting tech people there to do a look over.
Staff cut backs that leads to people being over worked / not have the time to do security right.
Old hardware / software that forced them to use systems full of security holes.
outsourcing / 3rd party's techs that can have lot's of trun over / overhead and propel who don't know whats going on. There is this on BIG bank that uses them and they don't even get a company ID to use when they show up at the bank branch to do work. And there systems use USB ports as well.
NON tech mangers running IT does not help as well.
up till your called in and end up on a year long project and then what happens when you go back to your job??? The law says they can't do anything but you may have to stand up for your rights.
to bad PS2 ports are going away now there should be some kind of NEW PC's (yes that means dells, HP's, ECT) with PS/2 ports or even a pci / pci-e PS2 card.
So you can have a secure pc system that does not have USB or has USB that is 100% off.
the power grid needs to link all the plans and substations to each other so they can control all the switches on the lines.
Hitler and the motherland....
I've been out of work since you flunked my clearance.
You've still got my number.
But I don't have a car anymore.
Capability Based Security can make our systems secure. The Unix security model was optimum for CS labs in the 1970s... but it clearly isn't suitable for mobile code in a network of 1,000,000,000+ hosts.
Only give a piece of code the resources it needs to do it's job, and it can't take the world with it.
Your intellectual inertia biases you against change... it's time to grow up and really think about this.
Yes, but plants and sub-stations don't need to shop on e-Bay or check their Facebook status now do they?
If they need to be connected to a network, make it a private network and most of these issues go away.
There is no sane reason that these networks and these facilities should not be air-gapped from the internet at large. There are ways around the air-gap (stuxnet), but even these are trivial to prevent by not allowing random USB keys from outside by gluing the port closed and/or securing the hardware properly, and/or beating anyone stupid enough to do this with a stick.
It's not nuclear science or anything, it's just common sense.
From a person that doesn't do email. Truly, truly incredible.
I know this will ruin my Karma, and... I have never used this language in a public forum in my life, but, it's warranted...
Not only "no," but "HELL NO!" you Hitlarian Fascist bitch.
http://www.nationaldefensemagazine.org/archive/2011/August/PublishingImages/Cyber_UncleSam.jpg
...circus music. Where is it coming from?
"Why don't y'all take that badge and shove it up your ass. All up in your ass." I'm American.
"Gold still represents the ultimate form of payment in the world." - Alan Greenspan, 1999
Ready to assist, make check payable to me.
Got Code?
Yes, but plants and sub-stations don't need to shop on e-Bay or check their Facebook status now do they?
You mean you don't detect when your power station has been hacked by seeing whether the generators have unfriended you?
"Little does he know, but there is no 'I' in 'Idiot'!"
Want hackers working for you? Change the law so that ponting out a security hole doesn't land the guy in jail. Suddenly, the majority of 'cyberterrorists' will be working for you.
It's in all the contracts. I didn't do the job I was trained for in the Army until two years after I got in.
Does that website actually use tables? maybe one of the first "1337 skilz" they get should be someone that knows how to use something newer than frontpage 2000 and knows better than to put an unobfuscated email addresses like infragardteam@infragard.org as a contact link.... unless this is a honeypot those poor bastards are going to get a serious introduction to spam. How clueless.
Get a web developer
.
Those are two phrases that parse out to the same functional content. It's like a breach of contract, even if they add on extra money ex post facto. Signing up for something which is supposed to be for period x and then having it involuntarily exchanged for period y, where $y\gtx$ (y is greater than x). I don't know if you see the non-difference between "involuntarily extended" and "forced to re-up": my opinion is that you'd have to concede that there is no functional difference.
and that project turns out to be based in a bunker in the desert because it's not safe to do it over the internet
Korma: Good
This.
Korma: Good
The linked article seems to be a retooling of this article from Reuters. It seems that DHS is considering setting up this program, it's not actually in place yet.
If you haven't already added yourself to the list you don't deserve to be a part of it
In the UK DHS are a company best known for having continuous "hurry! must end Monday!" bed sales.
It makes it hard to read US stories about spying without giggling.
To have a right to do a thing is not at all the same as to be right in doing it
Excuse me if I don't take Senator Tubes seriously.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
I'm not convinced that the DHS, or anything very similar to it, is a "necessary evil" rather than just an evil. It's true that *SOME* safeguards are needed, but the DHS has not shown that it is one of those safeguards. Instead it is a distraction providing the appearance of security in a way that would be humorous in a movie. Perhaps its intended as a distraction from some other agency that's actually doing the job that the DHS pretends to be doing.
Just about every action of the DHS that I can recall was more about "security theater" than improved security. The single most effective prevention was the mandated installation of secure doors on the pilots cabins of airplanes. Perhaps the DHS was allowed to issue that order.
Police work should be done by trained police officers. And THEY require considerable supervision to ensure that they don't abuse their authority. More than they get. I think that all police officers should be required to carry two working life-logs at all times, and if one of them stops working, the officer should return to the office until it is fixed. (Or they could have spares in the squad car.) This wouldn't have been practical a few years ago, but it is now. (Also these life logs should signal that they aren't working if their camera are obscured or their mics are muffled. So that probably means helmet mounts, or some such.)
The DHS appears to be just a bunch of goons with rediculous amounts of authority. They have no wisdom, limited knowledge, and are allowed to exercise rediculous amounts of power given their performance record.
I think we've pushed this "anyone can grow up to be president" thing too far.
You have some points but the USA has sucked at "preventative security" for along time going back to the black tom incident during WW1 - the DHS do seem to have made a few poor choices maybe the Security Service (MI5) offered advice based on UK experience and it wasn't taken.
protecting your CNI probably doesn't have as much emphasis as it should -possibly cos its expensive.