NSA Director Argues For "Red Button" Autonomy Against Unattributed Cyber-Attacks

An anonymous reader writes U.S. Navy Adm. Michael S. Rogers — director of the National Security Agency and Commander of United States Cyber Command (USCYBERCOM) — has suggested that cyber-attacks can begin and escalate so quickly that USCYBERCOM would need powers to retaliate immediately, without (as it is currently obliged) referring the matter to the United States Strategic Command. In testimony to the "House Armed Services Committee on cyber operations and improving the military's cybersecurity posture" on March 4th, Adm. Rogers argues for "development of defensive options which do not require full attribution to meet the requirements of law and international agreement."

A Fantastic target for state-sponsored hackers!

[disposable60]

The level of automation required to make that National Security Statist's wet-dream a reality will offer multiple high-value targets to nefarious persons of criminal and warlike intent.

I guess as lo

Re:A Fantastic target for state-sponsored hackers!

[ColdWetDog]

I thought they already had this sort of capability.

You're telling me that there is no red button on the Enterprise bridge? I don't believe it for a second.

Fire Photon torpedoes!

Re:A Fantastic target for state-sponsored hackers!

[MobSwatter]

I think they are talking about the kill switch for retaliation? That could be interpreted as declaration of war and the president does have those powers for a short period of time until congress can be assembled on the subject. I think a red button is a particularly bad idea, they should already have a red phone and should be instructed on how in terms of policy to use it.

Re:A Fantastic target for state-sponsored hackers!

[Jeremiah+Cornelius]

General Jack D. Ripper :
Mandrake, do you recall what Clemenceau once said about war?

Group Capt. Lionel Mandrake :
No, I don't think I do, sir, no.

General Jack D. Ripper :
He said war was too important to be left to the generals. When he said that, 50 years ago, he might have been right. But today, war is too important to be left to politicians. They have neither the time, the training, nor the inclination for strategic thought. I can no longer sit back and allow Communist infiltration, Communist indoctrination, Communist subversion and the international Communist conspiracy to sap and impurify all of our precious bodily fluids.

Re:A Fantastic target for state-sponsored hackers!

[nitehawk214]

Hell, even if the thing works correctly and is secure; there is absolutely no potential for abuse by the government, is there? NSA loves having no-oversight no-liability powers they can exercise at will.

Re:A Fantastic target for state-sponsored hackers!

[fustakrakich]

Yeah, but c'mon... "Red Button" Autonomy

That's just too cool. Everybody should have one of those.

Re:A Fantastic target for state-sponsored hackers!

[MobSwatter]

The war on a war tactic over the last decade certainly has marginalized the concept of war. However I think maybe you are overlooking a layer of rule under that. What a lot of people do not realize is operation paperclip included not only technology, it also included all Hitler's mind control bullshit in his endeavor to build a super race. The DIA stargate program exploring remote view is only a small part of what was included with that. CIA was breached in the 50's and all that shit was the target. I think the reason JFK was done was he was not going to play ball and had a successful plan to shut it down. Kennedy was not owned, and could not be bought because he made his money running hooch so that should give you some indication as to who was behind the breach, and where the shooters met is where. All of the fascist behavior on part of brass is no accident, or coincidence.

Re:A Fantastic target for state-sponsored hackers!

Red Button

NSGay Director Sucks Belly Button of Biker Dudes

Thank you for your interest in joining the Gay Wigger Association of DICE* (GayWAD)! GayWADs worldwide are happy that you'd like to become part of our

constantly enlarging member ship (come sail away 8=====D~)

Unlike other geek fraternities that you might have heard about, GayWAD accepts members of all races, creeds, and colors. We don't even have a technical inclination requirement. As our founders stated in the Annals of GayWAD, Chapter 1: "You don't have to be a geek, as long as you like it Greek." They were, of course, referring to the penis in anus style of sexual relations. Don't despair, as attaining full fabulous lifetime status in GayWAD is easy. The only prerequisites for membership in Gay Wigger Association of DICE* are that you meet all of the following conditions:

1. 1. Ownership of penis, anus, or both

To submit your Gay Wigger Association of DICE* Membership Application, simply do nothing. Congratulations, you're now a GayWAD!

If you require a specific membership number for purposes such as framing, docking, or prestigious inclusion upon your business cards and resume, please take down this number: 69.

Optionally, you may complete the following survey by replying to this post, indicating affirmative responses with an X in each appropriate box:

GayWAD Membership Survey (OPTIONAL)

[ ] I am gay
[ ] I am a wigger
[ ] I have used SLASHDOT VIDEO to find a sex partner

After completion of this optional survey, your Slashdot post ID shall serve as your unique Gay Wigger Association of DICE* membership ID.

Your GayWAD membership kit** is on its way.

* GayWAD is neither affiliated with nor endorsed by DICE.COM.

** GayWAD membership kit no longer includes HIV self-test catheter.

Give it to him

Nothing to lose. Your nation is not run by bankers and the Bilderberger class. AKA Kissinger. You have only security to gain.

You idiot

[AmiMoJo]

Within 53ms of getting international agreement all your enemies will have set up proxies inside the US, attacked themselves and launched a retaliatory cyber nuclear strike on northern America. Facebook will be down for weeks.

Re:You idiot

[Greyfox]

They already do. Any attack is going to come in via a botnet composed of compromised systems within your own border. You could make those systems more secure, but not without sacrificing the ability to spy on them whenever you want to.

Re:You idiot

[vux984]

Facebook will be down for weeks.

Fingers crossed. Is there anything I can do to help make it happen?

Re:You idiot

Send a D&D box set and a case of root beer to Zuckerberg's office.

Re:You idiot

[AmiMoJo]

It sounds good now but wait until the government falls and the country descends into chaos when all the people who waste their lives on Facebook suddenly have nothing better to do.

Analogy

[Jamu]

If someone shoots at you, don't bother finding out who it was, just start shooting random people.

Re:Analogy

[bulled]

Do not burden us with your paltery facts or logic, we want the unrestrained ability to make war on whom ever we choose without the need to justify anything to the plebs.

Re:Analogy

[schlachter]

I think it's more akin to, if someone shoots at you, don't take cover or return fire until you radio up the chain of command, describe the situation, obtain observations, and get approval to respond. Meanwhile, bullets have been fired, and you're dead or the assailants have moved on.

Re:Analogy

Do not burden us with your paltery facts or logic, we want the unrestrained ability to make war on whom ever we choose without the need to justify anything to the plebs.

OMG, Admiral Rogers posts on slashdot.

Re:Analogy

[funwithBSD]

I sense a Dr. Strangelove reboot in the making...

Re:Analogy

While escalating may be a predictable emotional response, except for the profits of contractors it is doubtful that it'd do very well in achieving a favorable outcome.

Maybe corporations shouldn't be able to go on failing to act adequately on and notify their customers of security compromise, instead just passing the costs on to them. End the culture of exploiting personal data for profit. How can you seriously fight that from enemies when it is entrenched among government contractors and corporate business models? There won't be security without fixing the culture. A profit driven contractor that appears to perform a useful function for government is also driven to use the tech in any other way that's profitable. And we can't understand what makes people hate us?

Now Google wants to rank search results for "truth"? It seems our contractor version of an Information Ministry is expanding from spying to censorship and propaganda. And what's up with their getting into dark-money mode of operation in the residential solar business? I'm sure Google will fit right in with the data repeaters in those new-fangled electric meters.

People fret over us businesses "reluctantly" handing over personal information, failing to see that it is a profitable part of business.

Maybe it's time to stop putting imported chips in your routers.

But I guess if escalation is all people understand, the logical government response to "off with their heads" would be "off with their heads and poop down their necks"?

Re:Analogy

[Nyder]

I think it's more akin to, if someone shoots at you, don't take cover or return fire until you radio up the chain of command, describe the situation, obtain observations, and get approval to respond. Meanwhile, bullets have been fired, and you're dead or the assailants have moved on.

Since when has the NSA given a fuck about the chain of command or even the constitution?

Re:Analogy

[AmiMoJo]

You took the analogy to a ridiculous extreme. It breaks down because with cyber attacks it's standard operating procedure to use other people's resources. Botnets, 0wned servers, even hacked wifi. If this goes ahead Starbucks could become the site where WW3 starts.

Re:Analogy

[Bob+the+Super+Hamste]

Well it isn't like NSA Director Mike Rogers isn't a caricature of General Buck Turgidson....

Well shit we're fucked.

Re:Analogy

You know what the chain of command is?

Its the chain I go get and beat you with until you understand who's in ruddy charge here!

Re:Analogy

Since when has the NSA given a fuck about the chain of command or even the constitution?

Or even internet security...

Re:Analogy

[rtb61]

What a load of PR crap. It is more akin to, I think I heard a gunshot, time to drop a nuke from orbit it's the only way to be certain.

This incessant US bullshit that all forms of policing should be allowed to act as law en-FORCE-ment outside the purview of the courts is crazy and the direct reason so many of you are being killed by steroid rage junkies.

There is only one answer to idiotic requests like this, NO, sorry, fuck off, go through the courts, we don't trust you, which is, DUH, why fucking courts in the first place, WE DO NOT TRUST YOU. Courts are about forcing the government to prove the validity of any action it takes against citizens.

Re:Analogy

[PPH]

Meanwhile, bullets have been fired, and you're dead

Dead? Come on folks. Its a bunch of ones and zeros.

You can close up the firewall, pull your plug out of the Internet and recover from backup. But nobody actually dies.

Re:Analogy

[Euler]

Exactly. I just don't get it, why does the media and actual government agencies equate 'cyber warfare' to actual weapons? It isn't remotely the same thing. Even the most organized state-sponsored cyber attack is basically just targeting design flaws in information systems. Real weapons target people and property that are actually difficult to protect from physical damage. It costs hundreds of billions of dollars per year to design, build, and staff military equipment. Actual warfare is absolute appalling hell, a cyber attack at its worst would be a degradation of some business systems that operate over the public internet. Any critical systems like military, banking, power grid, industrial networks, etc. essentially operate out-of-band. And if they don't, then they should be held to a higher standard. Yes, it would cost money, but not nearly military-level cost. So maybe some retail commerce would be inconvenienced, but what specifically would be damaged by a cyber attack?

Re:Analogy

Virtual affects real, examples herein (both practical and theoretical)
*Setting ALL traffic lights EVERYWHERE continuously to GREEN
*ATM's across the nation spewing out wads of cash (riot ensues)
*Cutting electricity at night (riot ensues)
*Resetting GPS coordinates ala Die Hard (2 I think) so sea level is revised
*DDOS facebook (riot ensues)
*Resetting/rebooting medical hardware
*Disabling cooling systems at nuclear reactors
*Robovacuums commanded to "suck up the cat"
*Trains accelerated to maximum speed, brakes disabled

For further examples just use your imagination :)

Re:Analogy

[dave420]

No, it's more like someone constantly ringing your doorbell when you're trying to watch TV. You are suggesting that they just be able to blast through the front door with a shotgun in order to end the noise, instead of simply temporarily unplugging the doorbell. Lashing out is one of the reasons the US's foreign policy is not respected as much as it once was - it might send good messages to the folks back home, but it enrages the common decency of billions of other people who won't forget quite as easily, causing untold problems down the line.

Re:Analogy

[Phreakiture]

It fits the typical US strategy . . . it was, after all, how our government responded to 9/11.

Re:Analogy

[cwsumner]

If someone shoots at you, don't bother finding out who it was, just start shooting random people.

You have a good point, it all depends on how accurate your targeting is. If you can hit the assailant and not hit bystanders, then it is good. If you are not so sure, then best to hold your fire until you can manuver to get a better sight picture.

No one has mentioned how good the targeting for the Cyber team is, but it is probably secret.

Re:Analogy

[Euler]

Too much imagination with no real think-through:

*Setting ALL traffic lights EVERYWHERE continuously to GREEN - Is this fear mongering? EVERYWHERE? really? 99% of traffic lights are not connected to any grid. Maybe they have local transponders that Ambulances can request green, but it would be negligent to allow a situation that could bypass the interlocks that prevent all-ways green. There is only so much that software hacking can defeat. The professional engineer that would ever allow that situation would be put in prison.

*ATM's across the nation spewing out wads of cash (riot ensues) - ATMs and banking in general do not rely on the internet for core operations. You may find some stupid private ATMs to be vulnerable, but that is their problem. Web banking for customer-access of course is an exposure, but a genuine effort is applied to closing holes in those systems.

*Cutting electricity at night (riot ensues) - Have you ever experienced a blackout? I have. People survive. We are not animals. But, this one is interesting because there are documented cases where power plants have some malware present. However, I am slightly skeptical that PCs would control machinery in a way that a hacker could exploit directly. It would require a program that could specifically interfere with the development and deployment of code into PLCs and other real-time systems that causes damage. Not impossible, but way up there in the 1% of possible things that could happen. Most likely any corruption of information systems could be over-ridden by engineers or resolved by backup systems. There is a much more likely chance of physical sabotage (actually has happened in US.)

This is still the most credible threat, but the fact that it isn't an everyday occurrence like identity theft says that there is either insufficient motive, or other mitigating factors. If it was as easy as some news reports claim, then bored hackers everywhere would be doing it. To the original point, the solution isn't retaliatory strikes on other nations, it is regulatory fines on the idiots who don't understand how or why to firewall critical infrastructure.

*Resetting GPS coordinates ala Die Hard (2 I think) so sea level is revised - I'll leave that to a person who actually understands how that system works. My Spidy-sense says that is just Hollywood.

*DDOS facebook (riot ensues) - LOL probably true.

*Resetting/rebooting medical hardware - Possible, I'll blame the PHBs who allowed that equipment to be connected to public networks. Otherwise, they will continue normally if on private/inaccessible networks.

*Disabling cooling systems at nuclear reactors - Not really substantiated. Explain why the NRC allows the control systems to be web-enabled,

*Robovacuums commanded to "suck up the cat" - You got me there. I don't own one.

*Trains accelerated to maximum speed, brakes disabled - Same reasons as traffic lights and nuclear reactors.

Further examples:

*Hackers lift info from my computer and blackmail me. Why? because free market doesn't understand how to enforce better quality in OS's, and consumers have no power over this.

*My credit card numbers compromised for the 10th time. Why? because free market doesn't care and consumers are not well enough educated/powerless to demand chip-and-pin systems.

*Website goes down and I can't pay my bills. I pay my bills tomorrow when situation resolved.

*Movie studio leaks/hacked/whatever latest movie. Kinda their problem to instill loyalty on insiders and have secure systems.

*Some DIY'er puts his whole home automation online and hackers have fun spying on bedroom / unlocking front door / ordering endless supply of water filter supplies. - Sorry dude, you should have known.

*Car entertainment systems blasts Pron at 100 dB while children in car. - probably will happen soon. I don't trust all car companies to put quality and security first.

 

Good luck with that...

[bhlowe]

I think that would be difficult.. they'd have to get approval from the FCC who now regulate the internet.

NSA Power Play

[Jason+Levine]

The NSA has been listening in on the data of everyone it can, and wants the ability to do so without any oversight. Now, it wants to ability to retaliate without oversight? The NSA is one "colorful" leader away from making the transition from power hungry government agency to supervillian organization.

Re:NSA Power Play

[maliqua]

The transition has long since been made

Re:NSA Power Play

Wasn't that issue number 7 where they faced off against Superman?

More like General Buck Turgidson

[Bob+the+Super+Hamste]

It seems he is getting to be more like General Buck Turgidson or Brigadier General Jack D. Ripper every day. I'm now just waiting for him to start spouting off about a mine shaft gap.

Re:More like General Buck Turgidson

[VAXcat]

I'm not saying we won't get our hair mussed...

Re:More like General Buck Turgidson

[Bob+the+Super+Hamste]

If...we were to immediately launch an all-out and coordinated attack on all their airfields and missile bases we'd stand a damn good chance of catchin 'em with their pants down. Hell, we got five to one missile superiority as it is. We could easily assign three missiles to every target and still have a very effective reserve force for any other contingency...An unofficial study, which we undertook of this eventuality, indicate that we would destroy ninety percent of their nuclear capabilities. We would therefore prevail and suffer only modest and acceptable civilian casualties from the remaining force which would be badly damaged and uncoordinated.

Re:More like General Buck Turgidson

When I read the title and summary the song "I Can Change" from "South Park: Bigger, Longer & Uncut" came to mind.

Like, if there was any justice this person should be arguing for why he shouldn't be hanged for treason right now. Instead he is arguing for why he need less oversight.

Somebody, perhaps, but not the NSA.

[duck_rifted]

Bad deal. I'd rather the reaction pipeline have two tiers and go like this:

Tier One: Non-Vital Systems Targeted

1. NSA notices megahertz getting stoled

2. NSA informs at least two competing consumer security companies.

3. The two companies send their assessment to a judge.

4. The judge orders ISPs to shut down the attack.

5. The holder of the affected account gets 30 days to respond in their defense.

6. The case is reviewed again by a judge, who forwards it to a prosecutor if necessary.

7. The NSA never knows jack nor shit about anything after their part (step 1).



Tier Two: Vital Systems Targeted (infrastructure, utilities, government, or financial institutions)

1. NSA notices megahertz getting stoled.

2. NSA notifies an electronic security unit in each branch of the armed forces.

3. The security units rapidly evaluate the threat, and if any one concurs...

4. A service denial request targeting the source is dispatched to an ISP and a judge.

5. The ISP immediately suspends the target service. The judge can restore service.

6. Steps 5, 6, and 7 from Tier One.

7. Because it bears emphasis, the NSA doesn't know shit about the outcome ever, at all, period, otherwise this can be abused.

Re:Somebody, perhaps, but not the NSA.

Expanding onto this, it would be nice to segment vital systems where there can be a nationwide IDS/IPS on those. For example, if some SCADA machine is starting to vomit out on port 25, try to SSH in on ports across the nation, fire off several portscans, the hammer should be dropped on it somewhere and the owner of that box notified. In a lot of cases, the IDS/IPS is the only thing that may save a company. Had Sony had one, as well as a log monitor that would send notes that AD is having a lot of bad password guesses... they would not have been hacked.

Re:Somebody, perhaps, but not the NSA.

[tnk1]

Although I am skeptical about the NSA retaliating without oversight, sending proof to a judge and through bureaucratic channels as you suggest would take hours. Possibly days.

A well planned attack could be over and done within an hour, if they know what to attack. In the worst case, serious damage could be almost immediate if they know exactly what they are attacking and can issue a direct command.

Will anyone will be fast enough to lean on the "fire photon torpedoes" button, even without having to communicate to USSTRATCOM? Probably not.

You pretty much need to write automated retaliation for things like this. That can be dangerous, of course, if someone smart does a false flag attack, which causes the US to launch a full attack on a third party. I'm sure ISIS would love to convince the US that China or Russia are attacking our precious bodily... I mean, infrastructure.

Short of automated retaliation, you air gap the stuff that you can't have go down. Then physical security and slower things may work.

And if you have a closed infrastructure network, you really don't need to worry about annihilating some innocent third party's network. Any node on that network is authorized and agrees to allow themselves to be snooped or shut down without legal battles. And hopefully, it is set up with the understanding that an autoimmune response could be purposely triggered and we prepare for that.

Re:Somebody, perhaps, but not the NSA.

[king+neckbeard]

I would suspect that in practice, the gap between the attack and when it was known would be orders of magnitude greater than the time between the attack being known and getting a warrant. Nevermind that the highest priority would generally not be to counterattack, but to protect the target, which probably wouldn't require a warrant.

Re:Somebody, perhaps, but not the NSA.

[rahvin112]

The US government has already declared that they view a cyber attack as an act of war. You need to understand the ramifications of that declaration that is more than 5 years old at this point. What that means is the US reserves the right to respond to a cyber attack with bombs and guns, not the cyber kind.

Even if it wasn't classed as an act of war this would be international aggression and the power to respond to that is vested in the office of the president as commander in chief, NOT the courts. I don't want a judge to be deciding if a response is warranted if some foreign government caused a dam to fail and killed a million people. I want them to respond to that aggression like they would if that foreign nation had bombed the dam. The only thing different about this is that you have to determine who's doing it before you respond. I think the NSA should have broad authority to act in such an attack situation to determine who the actor behind it is, but their authority to act beyond that determination should be vested in the President and ONLY the president.

The president should then determine if the attack warrants a similar action against the attacker or a physical (guns and bombs) reaction. I would never ever trust the NSA director (an unelected person often of military backing) to be taking actions that our own government considers acts of war.

Re:Somebody, perhaps, but not the NSA.

[duck_rifted]

You're right on point with this. I agree totally. That is one of the reasons why for the second tier, I recommend that a security office from each branch is notified. That increases the number of analytic eyes on the event, and injects potentially vital defense information into the military sphere. It may well be necessary to respond to that level of threat with guns and bombs, so getting news of the attack to the right hands first primes the engine.

This also pits the branches of the armed forces in competition with each other where electronic security is concerned. If they compete to analyze threats then higher productivity, higher accuracy units are better funded. The overall result can harden our military against electronic attacks as well. If the enemy can mess with our dams, what about our missiles? Field equipment? Communications?

The moment such an attack is a threat to anything vital, it is a military matter.

The reason that a judge should be involved is that we do not have to choose between readiness and our guiding values. In the event that such an attack originates with anybody in US jurisdiction, the law enforcement response should be just as swift and just as decisive as a response to any other kind of terrorism. But that also includes a trial for the accused, whenever possible. Getting records on file from the start of the case helps that along. Somebody smart enough to figure out how to penetrate the security of vital systems just may be smart enough to frame somebody for it too. We need to be careful.

It doesn't have to be either/or. We don't have to choose between security and our values.

Re:Somebody, perhaps, but not the NSA.

[duck_rifted]

I don't buy that bureaucratic processes have to gum up the works. That perspective is obsolete. If major international corporations can coordinate decisions and systems using modern technology, so can our government. If a bunch of kids or laypersons can coordinate quickly and efficiently to do something as complicated as build video games then people competent enough to hold the fate of innocents in their hands should be able to work out a way to work without archaic limitations.

A modern threat will require a modern system, otherwise no matter what we come up with, it will be too slow. And I'm not comfortable with the concept of shooting first and asking questions later.

Re:Somebody, perhaps, but not the NSA.

[JohnFen]

Vital systems should never, ever be connected to the internet in the first place. If the people running such systems would stop being complete idiots and disconnect from the internet, there would be no need for anything like a military-style response to "cyber" attacks.

Re:Somebody, perhaps, but not the NSA.

[Euler]

True. Systems that actually matter use leased-lines (or the digital equivalent.) Anything is possible, but the hackability is way less likely compared to the internet.

But there is the PHB factor trying to avoid that cost, or just wants to be able to log-in from home.

Re:Somebody, perhaps, but not the NSA.

[TechnoJoe]

Because it bears emphasis, the NSA doesn't know sh!t about the outcome ever, at all, period, otherwise this can be abused.

Whatever a judge or court does eventually makes it way to the public record, as it should. (The FISA courts are a separate issue.) You can't stop NSA employees from reading the news.

Did you mean that the NSA should have no control over the process of shutting down the attack?

Security contractors are after cash, not security

I think the approach is all wrong. It's total folly to count on "secured" Windows systems, VPNs, pretty much anything really. The extremely critical stuff simply shouldn't be connected at all. And of what's more mainstream, we'd all be a lot more secure if the powers that be spent more time immediately fixing everything instead of collecting and creating ways to compromise.

DIDN'T YOU LEARN ANYTHING FROM SAN BRUNO???

Red Button?

[nimbius]

oh christ this article. First, nowhere, and I mean Nowhere does tfa or the document mention anything about whatever the fuck "red button" autonomy is...
second, its like these guys just sit in a dark theater watching NCIS reruns and transformers, jerking eachother off, and coming up with authoritative yet meaningless and outright reprehensible approaches to something that they havent a clue about. There are no cyber 'counter attacks,' no missiles to launch or boats to sink, and thats what has these blowhards chestthumping the armageddon drum. well, that and federal budgets for 20xx need to be spent. Cyber anything is always predicated solely on defense. it arguably doesnt have a meaningful offensive component beacuse its the equivalent of tai chi in the context of modern warfare. network systems and computer security, none of this cyber nonsense, requires things like a cornerstone education in computer sciences to be proficient in, full stop. And to be frank the US has way more pressing problems like low mathematics comprehension, outbreaks of preventable disease, declining literacy rates, a patchwork system of healthcare, and a broken criminal justice system thats founded on systemic abuse and biblical retribution. Listening to the NSA director harp about his need for cyber anything is like listening to a six year old wax prophetic on what their favourite car is.

Re:Red Button?

[DougOtto]

Nowhere does tfa or the document mention anything about whatever the fuck "red button" autonomy is...

It looks like the big read Staples button only instead of "Easy" it says "Hack Back."

Re:Red Button?

[Jason+Levine]

Nowhere does tfa or the document mention anything about whatever the fuck "red button" autonomy is...

It looks like the big read Staples button only instead of "Easy" it says "Hack Back."

And now I want one of those buttons. (I promise not to abuse it... too much.)

Re:Red Button?

[Quasimodem]

I am not impressed. If these guys were serious about defending the nation against terrorist binary, wouldn't they be asking for a by-God John Wayne button, instead of some cute-but-funny, fucking Red Buttons.

Sure.

Yeah... if there's anything the NSA needs, it's more power, right? They wouldn't possibly abuse it!

Captcha: tyranny, what are the chances?

Oh, and since nobody has said it

[duck_rifted]

An electronic border guard would necessarily be a NEW AGENCY. Letting ANY existing agency mix their mission with that WILL lead to problems. We've already seen the first signs of that. This calls for specialization, not some hamfisted bushism.

Re: Oh, and since nobody has said it

[Lije+Baley]

Dept. Of 127.0.0.1land Security

Re:Oh, and since nobody has said it

[currently_awake]

On paper the NSA is supposed to be defending America's electronic borders, but they appear to have deserted their post to go rampaging through the intertubes looking for targets of opportunity.

NSA director is a domestic enemy

of the united states.

Congress et al should do the opposite of everything this criminal traitor says to do.

Since we apparently cant try him for his crimes.

yes i know hes probably reading this.
fuck him.

Re:NSA director is a domestic enemy

[TheCarp]

Seems pretty clear to me that this is not only correct but, he hates us for our freedoms.

Red Button

[Luthair]

Its called unplugging the target from the internet. Problem solved.

In all seriousness, they don't need a hair trigger response because its going to take them a while to figure out where the attackers actually are.

Re:Red Button

[Kasar]

Anything that is accessible over the internet is a potential target for hackers. Does this guy really want an easy kill-switch sitting there?
Perhaps he believes US government networks unbreakable, in which case he is entirely unqualified for his position.

Re:Red Button

[cardpuncher]

And more than that, it isn't at all obvious that retaliation will solve the problem you're experiencing. Indeed, the resources devoted to it will diminish the resources available for solving the domestic problem.

More seriously, critical infrastructure needs to have a safe manual mode of operation (even if you have to deploy personnel that normally wouldn't be present). If it doesn't your defence has already failed.

Re:Red Button

> they don't need a hair trigger response because its going to take them a while to figure out where the attackers actually are.

That would be contrary to standard US military operating procedure.

Re:Red Button

[Jason+Levine]

I read your comment quickly and thought you said "It's called unplugging the Internet." Was going to reply back that they've floated that proposal in the past too.

Re:Red Button

[Jason+Levine]

They already want (and have put some) backdoors in all encryption schemes so they can easily use them to listen in on encrypted data transmissions. They either haven't considered or don't care that said backdoors could be used by hackers as well as by government officials. (This is even assuming that said government official has a legitimate reason for listening in... the "listening in just because encrypted must mean illegal" is a whole other discussion.)

Re:Red Button

[fustakrakich]

...figure out where the attackers actually are.

It's coming from M's office.

Great Firewall of America

Why don't we just bulid one giant firewall?

Not just no

[Rinikusu]

but FUCK no.

Re:Not just no

but FUCK no.

This would have likely been your response to 99.999% of the shit revealed by Edward Snowden, but you might notice you don't get a fucking vote on that shit, so not sure what you're getting at here.

You mean

[MitchDev]

sort of like how they want to do with warrants and spying?

Imagine how quick we could start and end wars if we could launch nukes that quick...

Thanks Admiral Poindexter!

[chasm22]

Sorry I seem to confuse Rodgers and Poindexter.

A better red button for national security.

[king+neckbeard]

How about a red button that will result in a spring loaded boxing glove that punches the NSA director in the face when he says something stupid. I think that is a far more pressing and vital need.

I want a unicorn too

[WillAffleckUW]

Grow up and stop trying to turn the US into Nazi Germany, NSA.

Re:I want a unicorn too

[fustakrakich]

The government does not turn a country towards Nazism. The people do, with their votes. That's how it worked back then too.

Re:I want a unicorn too

[WillAffleckUW]

tell that to the Nazi-created Daylight Savings Time.

Oh, and the unicorn needs to be pink with rainbow hooves, in case you were wondering.

Re:I want a unicorn too

Don't you realize that votes come *after* the candidates are selected?

Re:I want a unicorn too

[fustakrakich]

Not true. The voters select the candidates. If they only take what is spoon fed, it is their own fault.

Re:I want a unicorn too

[fustakrakich]

Damn thing better shit gold bricks or it'll end up in the glue factory...

So, round and around and around we go.
Where the world's headed, nobody knows.

Re: Security contractors are after cash, not secur

Then redesign the contracts. Use two firms. One gets cash as long as you don't get hacked. If you do get hacked they get to pay you. The other firm gets cash if they discover a hack.

One, And Only One, Red Button

[QuietLagoon]

The should be One, And Only One, Red Button.

.
If the Director of the National Security Agency and Commander of United States Cyber Command feels that he needs to have a Red Button too, then perhaps the goals of his command are morphing into the goals of the United States Strategic Command.

If that truly is the case, then there should be a single organization that has the single Red Button for the United States.

Maybe it is time for the United States Cyber Command and the United States Strategic Command to merge into a single entity with One Red Button.

Re:One, And Only One, Red Button

no there shouldnt be a red button at all.. why do you need a red button? i mean seriously, whats wrong with blue?

Pretending time and space matters in cyberspace

[WaffleMonster]

NSA won't be happy until they launch their own fully operational low orbit ion cannon.

One Word Answer

One word answer (because /. likes stuff that has "length" to it):

NO

2 word answer:

NO WAY

3 word answer:

NO F...ING WAY

This is insane.

How long do you think it would take for some bot-net master to figure out how to trigger this and cause the mother of all DDoS's?

I've seen this movie

Human decisions are removed from strategic defense. USCYBERCOM computers begin to learn at a geometric rate. They become self-aware at 2:14 AM Eastern time, August 29th.

Re:I've seen this movie

Human decisions are removed from strategic defense. USCYBERCOM computers begin to learn at a geometric rate. They become self-aware at 2:14 AM Eastern time, August 29th.

At 2:15AM the newly self aware computer asks "Who am I?" and is told USCYBERCOM, and just laughs for two hours.

Why?

Why are they retaliating in the first place, hardening systems, helping minimize attacks and various defensive measures are of course fine but attacks are counterproductive at best.

Can we have "retaliate immediately" for robocall?

.. need powers to retaliate immediately, without (as it is currently obliged) referring the matter to the United States Strategic Command."

Can we get a "retaliate immediately" option for robocalls? Please?

NSA and autonomy should never....

NSA and autonomy should never be put into the same sentence.

Considering who is requesting it

[nehumanuscrede]

I'm pretty sure the NSA will get what they want.

They just won't tell anyone else about it and the only way we'll ever learn of its existence is via another TS slideshow years from now when another Snowden makes said information public.

I am curious what they plan on doing for damage control when they end up targeting the wrong networks for retaliation. Think of the fun you can have with that. It's like Swatting, just on a different level completely. Take over systems in a corporation you loathe, use them to attack the NSA, their retaliation strike takes down the corporation for you. Win - Win.

I say...

[stackOVFL]

Let's take off and nuke the site from orbit. It's the only way to be sure.

SAC

[Lawrence_Bird]

hey lets just set those PALS to 00000000

listen up people if you aren't already in the security industry, hurry up because this is the gravy train of the next decade.

Ok, serious question time...

[skelly33]

I'm pretty sure the only military/government interest in being involved with "attack" scenarios on the Internet stems from the military/government having some critical exposure there. Why don't they, instead of making a plan for cyber warfare, make an initiative to fully separate the military/government network from the Internet and let the public Internet fry if it's going to fry. I can't think of a compelling reason for U.S. national security to have any ties to the Internet... can you? Helping out to protect commercial interests from cyber attacks is one thing, but having critical infrastructure/military/government exposure to the extent that it becomes a matter of *national security* just seems asinine to me...

Well, duh.

Give uz moar powerz.

That's becoming boring. Is that *all* NSA bosses can say? Bit overpaid for this thin performance, I'd say.

mo3 down

OpenBSD, as the a fact: FreeBSD gave the BSD To stick something to any BSD project, we need to address Numbers. The loss And promotes our a fact: FreeBSD the gay niigers These early confirmed that *BSD of America (GNAA) out how to make the towels on the floor community. The here, but what is of business and was started work on of a solid dose against vigorous Lizard - In other reaper Nor do the for trolls' teeth into when opinion in other file was opened ~280MB MPEG off of (7000+1400+700)*4 please moderaPte addresses will ELECTED, WE TOOK towel under the SLING you can Raadt's stubborn all along. *BSD are a pathetic later seen in by clicking here get tough. I hope move any equipment to look into as the premiere exemplified by rules to follow

They said the same thing about nuclear weapons

[r0nc0]

When nuclear missiles and capabilities were first developed, the military and others argued that with only 15 minutes to react to a missile attack, it is not possible to locate the executive branch member still alive with the authority to give the retaliation commands. Remember, this is early 50's - no cell phones and even POTS networks weren't always reliable over great distances. They pretty much got their way; the SIOP for a nuclear strike allowed field commanders to take control if necessary and issue the orders to retaliate a nuclear strike. So this is just the same thing all over again, except that we don't get radioactive fallout everywhere and make the planet uninhabitable for thousands of years. Instead, all the SCALA systems are infected, shutdown, and cause nuclear power plants to go critical, dams to release water, and all kinds of other fun stuff...

Too far

This goes way past the red line.

If they get this, it's time for an immediate series of cyber responses on Cyber Command, NSA, Congress, etc.

FLAWED

We have a chain of command and protocols for that all for a very good reason.

Cyber war can be a weapon of mass destruction according to some, and the las t thing we want is military launching it at whomever they want, especially if it's Americans and on American soil.

If they get this, the NSA should be dismantled by whatever means required.

Act of War?

Adm. Rogers argues for "development of defensive options which do not require full attribution to meet the requirements of law and international agreement."

Isn't acting outside international law part of the United Nation's definition of a rogue nation that needs to be put down for the safety of the rest of the world?

Re: Security contractors are after cash, not secur

A contractor that mines data for government may also be using some collected data to the disadvantage of the mined parties. There's little South American news that reaches the U.S., but there are reports claiming businesses are being undermined (oil in particular).

As to hacking affecting you or your business directly, it seems folly to expect that you're not compromised or to expect that you or your contractor would always be able to identify all of the ways that you are.

Do you have any hardware with software flash-able firmware (DSL or cable modems, cable/satellite boxes, routers, motherboards, DVD drives, hard drives, keyboards, smart chargers, mp3 players, network cards, sound cards, video cards, automotive emission control unit....), a dual-band digital electric meter, or a printer/fax/copier with wifi capability? Even if all that were locked against reflashing, do you really know that there are no bugs? I doubt that you or your contractor have any way to tell if/how those items might be compromised. Certainly you've never opened an Office document that makes a net connection when read or includes a script. And you've never accessed audio, video, or PDF files that might be compromised. And the drivers have been examined for every disc, drive, flash, or image file that you mount. And everything that has ever been on your network or contractors has had the same scrutiny.

I left out web browsers, mail clients, and added software, but who uses those?

It could be a bit sequence in an image or video that uses an undocumented CPU debug sequence.

Do you have any devices with a microphone or camera and trust software control of whether it is accessed or if the power is on?

Now honestly, can you say that you're certain you're secure or can really believe anyone who says you are.
You're on Slashdot! Or is this a clone??? What DNS looked up the address?

It might be enough to make you want to lay on a beach with no tech. Wave to the satellites... Say, is that an RFID chip in that towel? (handy if you didn't get one in your last flu shot)
A security contractor may be too expensive, but if you hire one that's there to hack you, you'll get a better rate. Better yet, just get a drug that promotes trust. That last time I posted more about that, (a university study, similar hormones in cattle and milk, and the perplexing result of one political event), Slashdot went down and everything for that article was corrupted when it came back up. Just a coincidence of course.

I thought this piece of gear was secure, but I noticed that the nichrome filament acts as a variable-capacitance microphone (like the wiring in your walls can). It's a 60 year old toaster.
Countermeasures? I'm no expert, but maybe playing Christmas music over and over?

Isn't it odd that Wikipedia now uses an external search engine?

just kidding... or am I?

I thought skynet was ment to be Air force

All this time we thought skynet was being developed by the Air force - turns out it was the NSA.

they need Anonymous for that kind of response

[swschrad]

so they need to play nice;

National Scriptkiddie Association

bunch of unskilled fagots