NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations

Trailrunner7 writes: In a keynote speech at a security conference in Washington on Tuesday, new NSA Director Mike Rogers emphasized a need to establish behavioral norms for cyber war. "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers. "If this was easy, we would have figured it out years ago. We have a broad consensus about what constitutes an act of war, what's an act of defense." Rogers went on to explain that we need to better establish standardized terminology and standardized norms like those that exist in the realm of nuclear deterrence. Unfortunately, unlike in traditional national defense, we can not assume that the government will be able to completely protect us against cyber-threats because the threat ecosystem is just too broad.

Protect us against cyber-threats?

YOU ARE THE CYBER-THREATS.

Re:Protect us against cyber-threats?

[Jeremiah+Cornelius]

You're a racist cunt. People are people, and want/need basically the same things - if you don't push them into corners and poke at them with sticks.

The thugs? Products of our selective, post-colonial domination. Nobody rallies round a bully, when they have nothing much to fear.

Maybe they shouldn't try to!

Maybe they should just get off their lazy fucking asses and start pulling all those exploitable 'cyberweapons' off the fucking public network and start having them running on a private network akin to MILNET. There's no excuse for the power grid, medical records, social security, police records, etc being accessable over the public internet, except as a threat window to use in the quest for more security theater. Eliminate access to the resources and you eliminate the majority of non-military threats. On the off chance such information *IS* needed via the internet (see: online banking), make it run through isolated systems with limited end-user data available on the 'public' side, and a batch processing system in-between the public and private networks. While it wouldn't stop exploitation of the end-user, it could stop the majority of actual banking system hacking by eliminating direct access to the computing resources. While this is probably already done to some degree the level of isolation is obviously insufficient.

Militarizing turf wars over the internet however is bad for everyone.

Cut The Cable

[rtb61]

Pretty bloody easy to define the difference between hacking and act of war. Any hacking attack you can simply divert by cutting the connection is not an act of war. A major electro magnetic pulse generated by a thermonuclear war head is an act of war.

For the idiots at the NSA, permanent damage versus repaired disruption. They just need to ask the buddies at the CIA when it comes to their idea of torture, permanent harm equals torture non permanent harm according to them, based upon them being a bunch of sick psychopath sadists, does not equal torture.

So if you ain't using explosives on digital infrastructure it ain't war. No matter how badly behaved the NSA has been, their acts have not quite crossed the bounds of an act of war. Somehow I guess this will be another example of American exceptionalism and when the US does it, it is not an act of war and when any other country does it, it is an act of war and the US must spend another billion dollars on the US military industrial complex per incident or so the lobbyists say.

Re:Cut The Cable

[Livius]

No, no, if it comes from somewhere with oil in need of liberating, then it's an act of war.

Re:They are pretending that they do not know

[amiga3D]

I find it easy to believe. He's typical of the fucking morons that run the bureaucracy of this nation. War is what happens between nations and criminal activity is what happens when individuals or gangs break the law. This whole thing of calling these thugs terrorists tends to legitimatize them and makes them more effective. Just catch them, throw them in a hole and toss the key away. Enough of all the drama already. Now they've twisted things so that minor criminals serve time like they were mass murderers or something. It's like the terrorists won, they destroyed the entire culture so that you can't even fly from Atlanta to New York without feeling like you're in the old Soviet Union. It feels like you're trying to sneak out plans for a new Red Navy submarine.

Re:They are pretending that they do not know

I find it easy to believe. He's typical of the fucking morons that run the bureaucracy of this nation.

Well, that's probably overstating it. Let's read TFA, shall we?

"We always follow the rule of law," he said. "You can debate whether we should have these laws. Are existing laws constitutional? I try to remind people that the all judgement to date find that the NSA has abided by the law. We have not been found to attempt to undermine the law. And we have protected the information we collect."

Well, fuck.

Admiral Rogers, I know this is harder for you than it is for a civilian, but you've really gotta stop conflating "legal" with "ethical." And if you can't do that, I can sympathize, but could you at least stop conflating "legal" with "in the interests of the United States?"

It took you a generation to gain the trust of Generation X hackers who were suspicious about the S-boxes and DES, but we were eventually willing to overlook the short key length because you secured the algorithm against differential cryptanalysis.

Some 20-odd years, later, your predecessors blew it the instant they started attacking US corporations and compromising the networks of Western-allied governments. They screwed up long before Snowden leaked. If he hadn't leaked the truth to his fellow Americans, someone else would have leaked to the Chinese or the Russians and the US tech sector would really be up shit creek. (Like Operation Aurora, but worse.)

But I digress. Admiral, your predecessors have made mistakes that will take generations to clean up. You're right - "âoeThis is not a small problem. Itâ(TM)s not going away. Technology will not catch up. This is foundational to the future.", but if you really "need [our] help", if you really want to regain the trust of the technical community, if you really want to "âoeput the public eye on technological capacity in support of others,â if you really mean it when you say "put the public eye on technological capacity in support of others", then you could start by not attacking the communications infrastructure that is build, funded, and hosted by American buisnesses.

You could follow that up by not compromising American-originated hardware and making it possible for me to trust a Cisco router more than I trust Huawei junk. As it stands, I have to treat both as compromised, but the PLA is an ocean away, and for all I know you're tracking how many times I've broken Hasbro's copyright by watching "My Little Pony" on YouTube, and I see your agency as likely to use parallel construction against copyright infringers as they are against drug runners. Let me re-quote youa gain.

"We always follow the rule of law," he said. "You can debate whether we should have these laws. Are existing laws constitutional? I try to remind people that the all judgement to date find that the NSA has abided by the law. We have not been found to attempt to undermine the law. And we have protected the information we collect."

If you don't give a shit whether it's constitutional or not, only that for now, it's legal, then I don't see why I should trust you not to go after copyright infringers (or people who like to drive more than 10mph over the posted speed limit, which you can verify by triangulating my phone's location when I go for a drive) with the same zeal with which you curretnly target drug traffickers. It's all crime. We're all felons. Monitor us all, right? That's what your parents' generation fought the Cold War against the fucking KGB for, isn't it? (If they're still alive, and you're too gutless to ask them, just check their records. Oh wait, you can't, because your agency doesn't have a record of everything your parents ever said to each other back in the 80s, because they didn't live in a fucking surveillance state!)

But I digress again.

Admiral