Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations

Posted by Soulskill on from the i-don't-think-the-mr-magoo-routine-is-going-to-work dept.

Trailrunner7 writes: In a keynote speech at a security conference in Washington on Tuesday, new NSA Director Mike Rogers emphasized a need to establish behavioral norms for cyber war. "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers. "If this was easy, we would have figured it out years ago. We have a broad consensus about what constitutes an act of war, what's an act of defense." Rogers went on to explain that we need to better establish standardized terminology and standardized norms like those that exist in the realm of nuclear deterrence. Unfortunately, unlike in traditional national defense, we can not assume that the government will be able to completely protect us against cyber-threats because the threat ecosystem is just too broad.

19 of 103 comments (clear)

  1. Protect us against cyber-threats? by Anonymous Coward · · Score: 5, Insightful

    YOU ARE THE CYBER-THREATS.

    1. Re:Protect us against cyber-threats? by Jeremiah+Cornelius · · Score: 3, Insightful

      You're a racist cunt. People are people, and want/need basically the same things - if you don't push them into corners and poke at them with sticks.

      The thugs? Products of our selective, post-colonial domination. Nobody rallies round a bully, when they have nothing much to fear.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
  2. Maybe they shouldn't try to! by Anonymous Coward · · Score: 3, Insightful

    Maybe they should just get off their lazy fucking asses and start pulling all those exploitable 'cyberweapons' off the fucking public network and start having them running on a private network akin to MILNET. There's no excuse for the power grid, medical records, social security, police records, etc being accessable over the public internet, except as a threat window to use in the quest for more security theater. Eliminate access to the resources and you eliminate the majority of non-military threats. On the off chance such information *IS* needed via the internet (see: online banking), make it run through isolated systems with limited end-user data available on the 'public' side, and a batch processing system in-between the public and private networks. While it wouldn't stop exploitation of the end-user, it could stop the majority of actual banking system hacking by eliminating direct access to the computing resources. While this is probably already done to some degree the level of isolation is obviously insufficient.

    Militarizing turf wars over the internet however is bad for everyone.

    1. Re:Maybe they shouldn't try to! by EETech1 · · Score: 2

      I really can't believe one of the Telcos wouldn't rather reuse their copper network (that touches nearly every building in every town) to form a secure isolated system for processing payment data, separate from the internet, instead of just letting it rot.

      They just wire in and reuse old phone stuff to make a private network with connections and a firewall they manage, to guarantee (for a slice of security pie) that only specific data can go to specific places on direct routes, and no one can access the network without alarm bells and cops following the wire to the end.

      And old fashioned wiretapping laws would already be in place to prevent unauthorized access to the wires.

      Might be real popular real soon with all the card data being stolen.

      Hopefully cheaper than a T1 too.

  3. Well, that was interesting... by MindPrison · · Score: 3, Interesting

    ...definitively the most honest thing I've ever heard to come publicly from NSA, ever.

    Personally I translate that to "It's important that we don't see ghosts everywhere here!".

    And yes, very! Even the NSA know they've gone out of hands here, they also have humans working for them - and nothing they ever do will ever stay 100% a secret everywhere, so it's a better strategy to play with open cards (which they have *NOW* learned the hard way) in the long run. Besides, you can't possibly store all the 1 terabyte personal computer harddisks in the world in even googles vast server-lands anyway. It's all about spotlight. If you're in their spotlight, you'll be spied on, your data will get collected no matter where it is. Going trough vast amounts of byte garbage will yield certain finds - but mostly it's just noise, people who use words that could be similar to what you're looking for, but ultimately...just noise.

    --
    What this world is coming to - is for you and me to decide.
    1. Re:Well, that was interesting... by aliquis · · Score: 2

      Just put up /. beta before any US gov pages.

      The attackers will be confused and wonder where they have arrived, if it's some blog of sort, and most likely just leave it alone / leave as quickly as possible.

  4. They are pretending that they do not know by Taco+Cowboy · · Score: 2

    "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers

    NSA supposed to be a government agency filled with very intelligent folks, and they are telling us that they can't differentiate between common hacking (whether it be criminal or otherwise) and an _Act of War_ ?

    I dunno about you, but I find it very hard to believe!

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:They are pretending that they do not know by amiga3D · · Score: 4, Insightful

      I find it easy to believe. He's typical of the fucking morons that run the bureaucracy of this nation. War is what happens between nations and criminal activity is what happens when individuals or gangs break the law. This whole thing of calling these thugs terrorists tends to legitimatize them and makes them more effective. Just catch them, throw them in a hole and toss the key away. Enough of all the drama already. Now they've twisted things so that minor criminals serve time like they were mass murderers or something. It's like the terrorists won, they destroyed the entire culture so that you can't even fly from Atlanta to New York without feeling like you're in the old Soviet Union. It feels like you're trying to sneak out plans for a new Red Navy submarine.

    2. Re:They are pretending that they do not know by davester666 · · Score: 2

      They don't have access to lawyers. Intentionally.

      It falls under plausible deniability. "I didn't know that was illegal". Sure, it doesn't work for you and I, but it does for the gov't. Particularly with the FISA court.

      --
      Sleep your way to a whiter smile...date a dentist!
    3. Re:They are pretending that they do not know by Anonymous Coward · · Score: 3, Insightful

      I find it easy to believe. He's typical of the fucking morons that run the bureaucracy of this nation.

      Well, that's probably overstating it. Let's read TFA, shall we?

      "We always follow the rule of law," he said. "You can debate whether we should have these laws. Are existing laws constitutional? I try to remind people that the all judgement to date find that the NSA has abided by the law. We have not been found to attempt to undermine the law. And we have protected the information we collect."

      Well, fuck.

      Admiral Rogers, I know this is harder for you than it is for a civilian, but you've really gotta stop conflating "legal" with "ethical." And if you can't do that, I can sympathize, but could you at least stop conflating "legal" with "in the interests of the United States?"

      It took you a generation to gain the trust of Generation X hackers who were suspicious about the S-boxes and DES, but we were eventually willing to overlook the short key length because you secured the algorithm against differential cryptanalysis.

      Some 20-odd years, later, your predecessors blew it the instant they started attacking US corporations and compromising the networks of Western-allied governments. They screwed up long before Snowden leaked. If he hadn't leaked the truth to his fellow Americans, someone else would have leaked to the Chinese or the Russians and the US tech sector would really be up shit creek. (Like Operation Aurora, but worse.)

      But I digress. Admiral, your predecessors have made mistakes that will take generations to clean up. You're right - "âoeThis is not a small problem. Itâ(TM)s not going away. Technology will not catch up. This is foundational to the future.", but if you really "need [our] help", if you really want to regain the trust of the technical community, if you really want to "âoeput the public eye on technological capacity in support of others,â if you really mean it when you say "put the public eye on technological capacity in support of others", then you could start by not attacking the communications infrastructure that is build, funded, and hosted by American buisnesses.

      You could follow that up by not compromising American-originated hardware and making it possible for me to trust a Cisco router more than I trust Huawei junk. As it stands, I have to treat both as compromised, but the PLA is an ocean away, and for all I know you're tracking how many times I've broken Hasbro's copyright by watching "My Little Pony" on YouTube, and I see your agency as likely to use parallel construction against copyright infringers as they are against drug runners. Let me re-quote youa gain.

      "We always follow the rule of law," he said. "You can debate whether we should have these laws. Are existing laws constitutional? I try to remind people that the all judgement to date find that the NSA has abided by the law. We have not been found to attempt to undermine the law. And we have protected the information we collect."

      If you don't give a shit whether it's constitutional or not, only that for now, it's legal, then I don't see why I should trust you not to go after copyright infringers (or people who like to drive more than 10mph over the posted speed limit, which you can verify by triangulating my phone's location when I go for a drive) with the same zeal with which you curretnly target drug traffickers. It's all crime. We're all felons. Monitor us all, right? That's what your parents' generation fought the Cold War against the fucking KGB for, isn't it? (If they're still alive, and you're too gutless to ask them, just check their records. Oh wait, you can't, because your agency doesn't have a record of everything your parents ever said to each other back in the 80s, because they didn't live in a fucking surveillance state!)

      But I digress again.

      Admiral

    4. Re:They are pretending that they do not know by MobSwatter · · Score: 2

      The chicken or the egg argument applies, but since when is it the NSA's responsibility over law makers to make this distinction?

    5. Re:They are pretending that they do not know by IndustrialComplex · · Score: 2

      What happens when those "criminal gangs" are just fronts for government espionage and/or attacks to slowly undermine your own country's industry?

      That's the problem they are faced with right now, the same way some corporations get away with abuses through 'shell companies', governments are using these 'shell criminal gangs' as a means to unofficially sanction behavior which the government uses to maintain plausible deniability. The challenge is deciding on a point where overlooking 'criminal' activity reaches 'warfare' levels.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
  5. Cut The Cable by rtb61 · · Score: 2, Insightful

    Pretty bloody easy to define the difference between hacking and act of war. Any hacking attack you can simply divert by cutting the connection is not an act of war. A major electro magnetic pulse generated by a thermonuclear war head is an act of war.

    For the idiots at the NSA, permanent damage versus repaired disruption. They just need to ask the buddies at the CIA when it comes to their idea of torture, permanent harm equals torture non permanent harm according to them, based upon them being a bunch of sick psychopath sadists, does not equal torture.

    So if you ain't using explosives on digital infrastructure it ain't war. No matter how badly behaved the NSA has been, their acts have not quite crossed the bounds of an act of war. Somehow I guess this will be another example of American exceptionalism and when the US does it, it is not an act of war and when any other country does it, it is an act of war and the US must spend another billion dollars on the US military industrial complex per incident or so the lobbyists say.

    --
    Chaos - everything, everywhere, everywhen
    1. Re:Cut The Cable by Livius · · Score: 3, Insightful

      No, no, if it comes from somewhere with oil in need of liberating, then it's an act of war.

    2. Re:Cut The Cable by s.petry · · Score: 2

      What happens when cooling systems at a nuclear power plant are taken offline by an aggressor?

      Then I would say that the management of the facility has been negligent in their duties and should all face criminal prosecution. The same would go for water treatment plants where someone could access a computer over the internet, or any other utility.

      How about a major stock exchange being crippled?

      I think this depends on the damages. At best, I would say that civil liability would exist and the owners of the stock exchange should be liable to reimburse losses. If there are non recoverable damages, then we have a criminal case as well.

      Why does it matter if it was done by a hacker or by a warhead? No amount of repairs will undo the direct effects of these events.

      Why don't you hold people accountable for their actions instead of allowing them pass blame as they see fit? Anyone in any business that does not realize that the Internet is not a safe playground is an absolute idiot that has no right to work in an environment that touches the Internet.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  6. Clue #1: Nobody calls it Cyber except Doctor Who by gavron · · Score: 2

    While you're looking for "the cyber threats" you might as well just buy a modern dictionary. Nobody calls anything "cyber" anymore and the number two threat is malware... right behind the number on threat... the NSA.

    Cyber-think your way out of that one, NSAmen. Time is short. The cybermen are coming.

  7. Just attack your own citizens! by bipbop · · Score: 2

    The solution is simple. The NSA should continue to spend the lion's share of its effort on attacking the United States' own citizens. It's not an act of war if you're attacking yourself!

  8. The same applies to New York, right? Ok to attack? by raymorris · · Score: 2

    The internet isn't safe, so it's all the victim's fault, and we should ignore the attackers. Hmmm.
    "Anyone in any business who doesn't realize that the internet^H^H^H^H^H^H New York isn't a safe playground. .."

    That's your theory, right? Because the internet / New York / the ocean isn't a safe place, anyone attacked on the internet or in New York had it coming. The government of China is attacking our internet infrastructure, but theyget a pass because the internet isn't perfectly safe, right? The high seas also are not perfectly safe, so it would be okay for China to attack our shios at sea?

  9. Politics by sociocapitalist · · Score: 2

    Of course the NSA knows what an act of war is, in cyber terms. They just don't want it defined as such because they themselves are no doubt performing those very acts on perceived threats and allies alike and yes, on American citizens as well.

    --
    blindly antisocialist = antisocial