Slashdot Mirror
NSA Director Argues For "Red Button" Autonomy Against Unattributed Cyber-Attacks
An anonymous reader writes U.S. Navy Adm. Michael S. Rogers — director of the National Security Agency and Commander of United States Cyber Command (USCYBERCOM) — has suggested that cyber-attacks can begin and escalate so quickly that USCYBERCOM would need powers to retaliate immediately, without (as it is currently obliged) referring the matter to the United States Strategic Command. In testimony to the "House Armed Services Committee on cyber operations and improving the military's cybersecurity posture" on March 4th, Adm. Rogers argues for "development of defensive options which do not require full attribution to meet the requirements of law and international agreement."
The level of automation required to make that National Security Statist's wet-dream a reality will offer multiple high-value targets to nefarious persons of criminal and warlike intent.
I guess as lo
You're looking for quotes? See my journal.
Within 53ms of getting international agreement all your enemies will have set up proxies inside the US, attacked themselves and launched a retaliatory cyber nuclear strike on northern America. Facebook will be down for weeks.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
If someone shoots at you, don't bother finding out who it was, just start shooting random people.
Who ordered that?
I think that would be difficult.. they'd have to get approval from the FCC who now regulate the internet.
The NSA has been listening in on the data of everyone it can, and wants the ability to do so without any oversight. Now, it wants to ability to retaliate without oversight? The NSA is one "colorful" leader away from making the transition from power hungry government agency to supervillian organization.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
It seems he is getting to be more like General Buck Turgidson or Brigadier General Jack D. Ripper every day. I'm now just waiting for him to start spouting off about a mine shaft gap.
Time to offend someone
Bad deal. I'd rather the reaction pipeline have two tiers and go like this:
Tier One: Non-Vital Systems Targeted
1. NSA notices megahertz getting stoled
2. NSA informs at least two competing consumer security companies.
3. The two companies send their assessment to a judge.
4. The judge orders ISPs to shut down the attack.
5. The holder of the affected account gets 30 days to respond in their defense.
6. The case is reviewed again by a judge, who forwards it to a prosecutor if necessary.
7. The NSA never knows jack nor shit about anything after their part (step 1).
Tier Two: Vital Systems Targeted (infrastructure, utilities, government, or financial institutions)
1. NSA notices megahertz getting stoled.
2. NSA notifies an electronic security unit in each branch of the armed forces.
3. The security units rapidly evaluate the threat, and if any one concurs...
4. A service denial request targeting the source is dispatched to an ISP and a judge.
5. The ISP immediately suspends the target service. The judge can restore service.
6. Steps 5, 6, and 7 from Tier One.
7. Because it bears emphasis, the NSA doesn't know shit about the outcome ever, at all, period, otherwise this can be abused.
I think the approach is all wrong. It's total folly to count on "secured" Windows systems, VPNs, pretty much anything really. The extremely critical stuff simply shouldn't be connected at all. And of what's more mainstream, we'd all be a lot more secure if the powers that be spent more time immediately fixing everything instead of collecting and creating ways to compromise.
DIDN'T YOU LEARN ANYTHING FROM SAN BRUNO???
oh christ this article. First, nowhere, and I mean Nowhere does tfa or the document mention anything about whatever the fuck "red button" autonomy is...
second, its like these guys just sit in a dark theater watching NCIS reruns and transformers, jerking eachother off, and coming up with authoritative yet meaningless and outright reprehensible approaches to something that they havent a clue about. There are no cyber 'counter attacks,' no missiles to launch or boats to sink, and thats what has these blowhards chestthumping the armageddon drum. well, that and federal budgets for 20xx need to be spent. Cyber anything is always predicated solely on defense. it arguably doesnt have a meaningful offensive component beacuse its the equivalent of tai chi in the context of modern warfare. network systems and computer security, none of this cyber nonsense, requires things like a cornerstone education in computer sciences to be proficient in, full stop. And to be frank the US has way more pressing problems like low mathematics comprehension, outbreaks of preventable disease, declining literacy rates, a patchwork system of healthcare, and a broken criminal justice system thats founded on systemic abuse and biblical retribution. Listening to the NSA director harp about his need for cyber anything is like listening to a six year old wax prophetic on what their favourite car is.
Good people go to bed earlier.
Yeah... if there's anything the NSA needs, it's more power, right? They wouldn't possibly abuse it!
Captcha: tyranny, what are the chances?
An electronic border guard would necessarily be a NEW AGENCY. Letting ANY existing agency mix their mission with that WILL lead to problems. We've already seen the first signs of that. This calls for specialization, not some hamfisted bushism.
of the united states.
Congress et al should do the opposite of everything this criminal traitor says to do.
Since we apparently cant try him for his crimes.
yes i know hes probably reading this.
fuck him.
Its called unplugging the target from the internet. Problem solved.
In all seriousness, they don't need a hair trigger response because its going to take them a while to figure out where the attackers actually are.
Why don't we just bulid one giant firewall?
but FUCK no.
If you were me, you'd be good lookin'. - six string samurai
sort of like how they want to do with warrants and spying?
Imagine how quick we could start and end wars if we could launch nukes that quick...
Sorry I seem to confuse Rodgers and Poindexter.
How about a red button that will result in a spring loaded boxing glove that punches the NSA director in the face when he says something stupid. I think that is a far more pressing and vital need.
This is my signature. There are many like it, but this one is mine.
Grow up and stop trying to turn the US into Nazi Germany, NSA.
-- Tigger warning: This post may contain tiggers! --
Then redesign the contracts. Use two firms. One gets cash as long as you don't get hacked. If you do get hacked they get to pay you. The other firm gets cash if they discover a hack.
.
If the Director of the National Security Agency and Commander of United States Cyber Command feels that he needs to have a Red Button too, then perhaps the goals of his command are morphing into the goals of the United States Strategic Command.
If that truly is the case, then there should be a single organization that has the single Red Button for the United States.
Maybe it is time for the United States Cyber Command and the United States Strategic Command to merge into a single entity with One Red Button.
NSA won't be happy until they launch their own fully operational low orbit ion cannon.
One word answer (because /. likes stuff that has "length" to it):
NO
2 word answer:
NO WAY
3 word answer:
NO F...ING WAY
How long do you think it would take for some bot-net master to figure out how to trigger this and cause the mother of all DDoS's?
Human decisions are removed from strategic defense. USCYBERCOM computers begin to learn at a geometric rate. They become self-aware at 2:14 AM Eastern time, August 29th.
Why are they retaliating in the first place, hardening systems, helping minimize attacks and various defensive measures are of course fine but attacks are counterproductive at best.
.. need powers to retaliate immediately, without (as it is currently obliged) referring the matter to the United States Strategic Command."
Can we get a "retaliate immediately" option for robocalls? Please?
NSA and autonomy should never be put into the same sentence.
I'm pretty sure the NSA will get what they want.
They just won't tell anyone else about it and the only way we'll ever learn of its existence is via another TS slideshow years from now when another Snowden makes said information public.
I am curious what they plan on doing for damage control when they end up targeting the wrong networks for retaliation. Think of the fun you can have with that. It's like Swatting, just on a different level completely. Take over systems in a corporation you loathe, use them to attack the NSA, their retaliation strike takes down the corporation for you. Win - Win.
Let's take off and nuke the site from orbit. It's the only way to be sure.
hey lets just set those PALS to 00000000
listen up people if you aren't already in the security industry, hurry up because this is the gravy train of the next decade.
I'm pretty sure the only military/government interest in being involved with "attack" scenarios on the Internet stems from the military/government having some critical exposure there. Why don't they, instead of making a plan for cyber warfare, make an initiative to fully separate the military/government network from the Internet and let the public Internet fry if it's going to fry. I can't think of a compelling reason for U.S. national security to have any ties to the Internet... can you? Helping out to protect commercial interests from cyber attacks is one thing, but having critical infrastructure/military/government exposure to the extent that it becomes a matter of *national security* just seems asinine to me...
Give uz moar powerz.
That's becoming boring. Is that *all* NSA bosses can say? Bit overpaid for this thin performance, I'd say.
When nuclear missiles and capabilities were first developed, the military and others argued that with only 15 minutes to react to a missile attack, it is not possible to locate the executive branch member still alive with the authority to give the retaliation commands. Remember, this is early 50's - no cell phones and even POTS networks weren't always reliable over great distances. They pretty much got their way; the SIOP for a nuclear strike allowed field commanders to take control if necessary and issue the orders to retaliate a nuclear strike. So this is just the same thing all over again, except that we don't get radioactive fallout everywhere and make the planet uninhabitable for thousands of years. Instead, all the SCALA systems are infected, shutdown, and cause nuclear power plants to go critical, dams to release water, and all kinds of other fun stuff...
This goes way past the red line.
If they get this, it's time for an immediate series of cyber responses on Cyber Command, NSA, Congress, etc.
We have a chain of command and protocols for that all for a very good reason.
Cyber war can be a weapon of mass destruction according to some, and the las t thing we want is military launching it at whomever they want, especially if it's Americans and on American soil.
If they get this, the NSA should be dismantled by whatever means required.
Adm. Rogers argues for "development of defensive options which do not require full attribution to meet the requirements of law and international agreement."
Isn't acting outside international law part of the United Nation's definition of a rogue nation that needs to be put down for the safety of the rest of the world?
A contractor that mines data for government may also be using some collected data to the disadvantage of the mined parties. There's little South American news that reaches the U.S., but there are reports claiming businesses are being undermined (oil in particular).
As to hacking affecting you or your business directly, it seems folly to expect that you're not compromised or to expect that you or your contractor would always be able to identify all of the ways that you are.
Do you have any hardware with software flash-able firmware (DSL or cable modems, cable/satellite boxes, routers, motherboards, DVD drives, hard drives, keyboards, smart chargers, mp3 players, network cards, sound cards, video cards, automotive emission control unit....), a dual-band digital electric meter, or a printer/fax/copier with wifi capability? Even if all that were locked against reflashing, do you really know that there are no bugs? I doubt that you or your contractor have any way to tell if/how those items might be compromised. Certainly you've never opened an Office document that makes a net connection when read or includes a script. And you've never accessed audio, video, or PDF files that might be compromised. And the drivers have been examined for every disc, drive, flash, or image file that you mount. And everything that has ever been on your network or contractors has had the same scrutiny.
I left out web browsers, mail clients, and added software, but who uses those?
It could be a bit sequence in an image or video that uses an undocumented CPU debug sequence.
Do you have any devices with a microphone or camera and trust software control of whether it is accessed or if the power is on?
Now honestly, can you say that you're certain you're secure or can really believe anyone who says you are.
You're on Slashdot! Or is this a clone??? What DNS looked up the address?
It might be enough to make you want to lay on a beach with no tech. Wave to the satellites... Say, is that an RFID chip in that towel? (handy if you didn't get one in your last flu shot)
A security contractor may be too expensive, but if you hire one that's there to hack you, you'll get a better rate. Better yet, just get a drug that promotes trust. That last time I posted more about that, (a university study, similar hormones in cattle and milk, and the perplexing result of one political event), Slashdot went down and everything for that article was corrupted when it came back up. Just a coincidence of course.
I thought this piece of gear was secure, but I noticed that the nichrome filament acts as a variable-capacitance microphone (like the wiring in your walls can). It's a 60 year old toaster.
Countermeasures? I'm no expert, but maybe playing Christmas music over and over?
Isn't it odd that Wikipedia now uses an external search engine?
just kidding... or am I?
All this time we thought skynet was being developed by the Air force - turns out it was the NSA.
so they need to play nice;
if this is supposed to be a new economy, how come they still want my old fashioned money?
bunch of unskilled fagots