Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obama Creates a Color-Coded Cyber Threat 'Schema' After the DNC Hack (vice.com)

Posted by msmash on from the clearing-the-clutter dept.

The White House on Tuesday issued new instructions on how government agencies should respond to major cyber security attacks, in an attempt to combat perceptions that the Obama administration has been sluggish in addressing threats from sophisticated hacking adversaries, Reuters reports. The announcement comes amid reports that hackers working for Russia may have engineered the leak of emails stolen from the Democratic National Committee in an attempt to influence the outcome of the upcoming presidential election. Motherboard adds: George W. Bush's Homeland Security Advisory System -- the color-coded terrorism "threat level" indicator that became a symbol of post-9/11 fear mongering -- is getting its spiritual successor for hacking: the "Cyber Incident Severity Schema." President Obama announced a new policy directive Tuesday that will codify how the federal government will respond to hacking incidents against both the government and private American companies. [...] The Cyber Incident Severity Schema ranges from white (an "unsubstantiated or inconsequential event") to black (a hack that "poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of U.S. persons") , with green, yellow, orange, and red falling in between. Any hack or threat of a hack rated at orange or above is a "significant cyber incident" that will trigger what the Obama administration is calling a "coordinated" response from government agencies. As you might expect, there are many unanswered questions here, and the federal government has announced so many cyber programs in the last few years that it's hard to know which, if any of them, will actually make the US government or its companies any safer from hackers.

74 of 133 comments (clear)

  1. Waste of time by Anonymous Coward · · Score: 2, Insightful

    This is what the government does when they want to give the appearance of doing something when they really don't have any idea what to do. It didn't do anything after 9/11 and nobody really will pay any attention to it now, either.

    1. Re:Waste of time by chipschap · · Score: 1

      He's just mad as all get out because they got caught.

    2. Re:Waste of time by Yvan256 · · Score: 1

      https://www.youtube.com/watch?...

    3. Re:Waste of time by Gojira+Shipi-Taro · · Score: 4, Funny

      I don't see Threat Level Plaid anywhere on there...

      --
      "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
    4. Re: Waste of time by ArmoredDragon · · Score: 4, Interesting

      A lot of people misinterpret what that was for. It wasn't "fearmongering" in any sense. Such a system was already in place for decades, only in a different form. I was in the Army at the time of 9/11, and that day we went to threatcon delta. All it was for was to signal all government personnel to assume a different security posture, as per protocol.

      The public version just came off to me as being the same thing, only if any civilian entities (i.e power plants, etc) wanted to safeguard themselves based on recent events, they could reliably follow that.

      It occurs to me that this is a similar system, only for cybersecurity. If people get all panicky over it, that's their problem, and it's not intended to make people afraid of anything.

    5. Re: Waste of time by MobSwatter · · Score: 2

      Of course. It's completely meaningless. Can you imagine having an online threat, turning to your friend and asking "What's the danger color right now?"
      "Where and for what site?"
      "The US of course!"
      "My site isn't hosted in the US, and what software are you talking about?"
      "Anything the Russians might use against us!"
      "Oh boy, the Russians you say? What about everybody else?"
      "Damn it Dan, it's red, that's all I wanted!"
      "Go back to sleep George."

      The threat level has been permanently established as being the color of; 'Bananas".

    6. Re:Waste of time by WillAffleckUW · · Score: 1

      It's kind of sad. People shouldn't have written those communications in the first place.

      Stop trying to fix the leaks and start trying to fix the problem that caused people to subvert democracy.

      --
      -- Tigger warning: This post may contain tiggers! --
    7. Re:Waste of time by chispito · · Score: 3, Insightful

      This is what the government does when they want to give the appearance of doing something when they really don't have any idea what to do. It didn't do anything after 9/11 and nobody really will pay any attention to it now, either.

      Yes, it's called the Politician's Syllogism. In summary:
      1. Something must be done!
      2. Look, this is something.
      3. Therefore, we must do this!

      It also seems to apply to IT.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    8. Re:Waste of time by Archangel+Michael · · Score: 2

      But Obama's version is way better than Bush's! So it is Better, because Obama!

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    9. Re:Waste of time by GameboyRMH · · Score: 1

      My first thought, even though this system has nothing but the use of color codes in common with the terror alert levels.

      Using colors for this was a big mistake, if it had numerical or alphabetical levels nobody would bat an eye.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    10. Re:Waste of time by Dunbal · · Score: 1

      Yup, now when the color threat level changes you'll know you have to change your password from "1234567" to something completely un-guessable and devious like password1234.

      --
      Seven puppies were harmed during the making of this post.
    11. Re: Waste of time by Hylandr · · Score: 1

      So we have one set of colors established after 911 to indicate terrorist threat levels, and now another for hacker threat levels.

      This is going to get really confusing during Christmas.

      --
      ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
    12. Re:Waste of time by Anonymous Coward · · Score: 1

      Two up from Threat Level Puce, four down from Threat Level Taupe, right next to Threat Level Paisley.

    13. Re:Waste of time by DRMShill · · Score: 1

      They could try to stay neutral during the primaries.

    14. Re: Waste of time by Anonymous Coward · · Score: 1

      ROFL! The filter error made me get rid of all the exclamation points after that, but really you gave me a good belly laugh there.

      The Terror Threat level was one of the biggest disseminators of FUD the world has EVER seen. The Homeland Security Advisory System NEVER went below Yellow during its existence (condition 3 of 5.) It went to red once and was kept there for a couple of weeks based on the 5th anniversary of 9/11, not apparently because of any specific actionable intelligence.

      Why was it finally discontinued? Oh, because it helped nobody except those who profited from the creation of fear. And there was never going to be any chance to reach "normal" while the fearmongers were in charge of it.

      The reason it was different from the threatcon system? Well, for one, the HSAS was manipulated politically and not on actionable intelligence. But more important, there was a real lack of guidance as to what to do as a civilian. Tips like, "Develop alternate routes to/from work or school and practice them. Continue to be alert for suspicious activity and report it to authorities," - the added tips of condition "Yellow" - were really meaningless in the context of being at an elevated security level.

      Anyway, the positive is that you got me to update the article on the someday-infamous-and-stupid HSAS to correct for the dead links.

    15. Re:Waste of time by aquacrayfish · · Score: 1

      To tack on to your point, it was most effective and swaying political opinion. Bush's approval rating went up when the terrorist mood ri, er, threat level went up. I understand not disclosing classified intelligence on why that level might change, but there never seemed to be any correlation to anything other than "my rating's getting low, let's pump that baby up to orange!"

    16. Re:Waste of time by Captain+Scurvy · · Score: 2

      What I find interesting is that the Obama administration has selected this particular event as a rallying point for creating some kind of response to cyberattacks. Massive government data breaches, stolen healthcare records, SCADA attacks, and IP theft just weren't quite cutting it. But an attack that exposed hypocrisy and corruption within the ranks of his own party? INTOLERABLE!

    17. Re:Waste of time by dl_sledding · · Score: 1

      Good post, for an AC! :)

  2. Black is the worst threat level...? by cayenne8 · · Score: 4, Funny
    Isn't that racist....??

    [tongue in cheek]

    I guess it isn't since Obama says it is ok....

    :)

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    1. Re:Black is the worst threat level...? by cayenne8 · · Score: 1

      Black is the new Red, this is political of-course, it doesn't have any other meaning. Colour coding means something because of the colour properties (red is the most visible colour due to its wavelength and our perception of it). I guess what Obama is saying is this: the white people are scared of the blacks so much, they must perceive black as more dangerous than any other colour...

      Maybe Obama is just using this to implicate that whites are "unsubstantiated or inconsequential "...per the description of the rating on the system?

      :P

      Remember, it is perfectly politically correct to disparage white folks, after all they have all that 'privilege' you know....

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    2. Re:Black is the worst threat level...? by Anonymous Coward · · Score: 2, Funny

      No, you've got it wrong. If Black is the new Red, and Orange is the new Black, then by the transitive property, Orange is the highest level threat, therefore, we must immediately protect the country and ourselves from Donald Trump.

    3. Re: Black is the worst threat level...? by jackspenn · · Score: 1

      No it is not racist. If white was on the top level and blacks, reds and tans were at lower levels, then it would be racist. This is a diverse pallet and diversity helps make us safe.

      Now, much the content in various emails written by Democrats for Democrats was racist.

      --
      Respect the Constitution
    4. Re: Black is the worst threat level...? by rubycodez · · Score: 1

      "You whites are too picky"

      "You blacks are too easy going"

      Sergeant: "This is the Army, we're all GREEN. Say it, We are green! We are green!"

      Men: We are Green!

      Men: We are Green!

      Sergeant: "Good! and you, the dark green one, clean up your desk!"

      -- Beetle Bailey, before the world went PC

  3. peg that bugger at black.... by phantomfive · · Score: 2, Insightful

    Our current level is solid black.....because programmers don't care about bugs, managers don't let them care, and our critical infrastructure is connected to the internet.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:peg that bugger at black.... by EvilSS · · Score: 1

      Our current level is solid black.....because programmers don't care about bugs, managers don't let them care, and our critical infrastructure is connected to the internet.

      Got to be agile bruh!

      --
      I browse on +1 so AC's need not respond, I won't see it.
    2. Re:peg that bugger at black.... by Tablizer · · Score: 3, Informative

      "Agile" means changing jobs quickly when bleep hits the fan due to IT fads and bad management.

      --
      Table-ized A.I.
    3. Re:peg that bugger at black.... by Hognoxious · · Score: 1

      s/means/causes/ and it's equally true.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    4. Re:peg that bugger at black.... by phantomfive · · Score: 1

      Yeah, I understood that. I worded my comment that way anyway because I figured the event has already happened: our critical systems have currently already been hacked.

      --
      "First they came for the slanderers and i said nothing."
  4. Schema? by Anonymous Coward · · Score: 1

    Yes, let's adopt the most widely-mocked concept of Rumsfeld's DOD and apply it to the most widely-obfuscated topic of national security, making the whole thing seem absolutely as trollish as possible.

    The only thing missing is an article by Gersh Kuntzman about how his amazon gift order invoices got leaked to family members and ruined his Hanukkah.

    1. Re:Schema? by Sir_Eptishous · · Score: 1

      Mod points!

      --
      We play the game with the bravery of being out of range
    2. Re:Schema? by jon3k · · Score: 1

      It was only mocked because it was invented by a conservative. It's value is the same as the doomsday clock. People just intentionally ignore the actual use of these things to mock the creator.

    3. Re:Schema? by maharvey · · Score: 1

      Does slashdot even give out mod points anymore?

    4. Re:Schema? by Anonymous Coward · · Score: 1

      It was mocked because except for New York City and airline flights (where they were perpetually Orange) it was perpetually Yellow. It was even suggested that they just get rid of Blue and Green and admit that it would never go down.

      NTAS, which replaced yellow and orange (that might as well have been painted on) with "precise, actionable" alerts is superior in nearly every way, except for not insisting everyone panic day in and day out.

  5. Obligatory Spaceballs by Anonymous Coward · · Score: 1

    I just want to hear a high-ranking government official say we gone to plaid.

  6. Whistling by the graveyard by TykeClone · · Score: 1

    Whew! Everything is ok now!

    --
    A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
  7. Color coded alerts? by Anonymous Coward · · Score: 1

    Obama didn't build that. Someone else built that system.

  8. Show of hands by nehumanuscrede · · Score: 5, Interesting

    Who here keeps up with what the current color is for our " Terrorism Threat Level " ?
    * crickets *

    ( Who here remembers we even have one ? )

    Exactly. No one cares. Even fewer are going to give a sh*t about some other lame ass color coded scheme.
    ( LoudSpeaker: Today's cyber-threat level is Muave with just a hint of Magenta ) :|

    Don't want your networks hacked ? Maybe you should keep a competent IT staff on hand. ( and treat them like you want them to stick around )
    Not the contractors from India you're using because it's cheaper.

    1. Re:Show of hands by phantomfive · · Score: 4, Informative

      ( Who here remembers we even have one ? )

      We don't have one anymore, actually.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Show of hands by Talderas · · Score: 2

      Exactly. No one cares. Even fewer are going to give a sh*t about some other lame ass color coded scheme.

      Your comment is the exact reason why they shouldn't have brought up the Homeland Security Advisory System. While the colors are the same the systems themselves are completely different. This system is an incident response system. It's like the International Nuclear Event Scale. It's a post-event system. There would never, and should never, be an ambient "color level" for this system.

      The HSAS is not a post-event system. It's a system that is intended to convey the ambient risk and possibility of a terrorist event occurring. It's like the DEFCON system except with a different scope of antagonists to keep tabs on. It's dumb that HSAS uses colors but it does serve its usefulness to convey a basic understanding to groups of individuals that would be responsible to taking proactive steps to protect against or mitigate the risk of a potential terror attack. The general population does not need to be aware of it.

      --
      "Lack of speed can be overcome. In the worst case by patience." --Znork
    3. Re:Show of hands by Bob+the+Super+Hamste · · Score: 1

      Hey I like my rainbows of death.

      --
      Time to offend someone
    4. Re:Show of hands by Fire_Wraith · · Score: 1

      The biggest problem with the Terrorism threat level was that it didn't convey any useful information. It was a vague, seemingly arbitrary distraction that didn't tell you anything other than maybe how scared the government wanted you to be (really scared or super mega scared) - and even that just faded into the background. Contrast it with the U.S. Military's force protection levels, each of which had very specific and meaningful implications, and which had very high levels that weren't intended to be maintained, only used in very specific instances when the warnings dictated. Alternately, consider the Hurricane scale, which tells you roughly how destructive a storm to expect - useful information based on clear criteria, of which the Terrorism threat level had neither.

      This at least seems to be something more on the lines of a post-incident category to tell you how 'bad' it was, and probably has more in common with something like the "cyber kill chain" ( http://cyber.lockheedmartin.co... ) rather than the Terrorism Color Code. Now, this doesn't mean it couldn't be used to overhype (or downplay) a hacking incident, but it at least does seem to be trying to pass along information of some sort.

    5. Re:Show of hands by irrational_design · · Score: 1

      The only time I have ever actually seen the threat level posted in public was on the front window of a gas station just off the I-84 in Eastern Oregon. I thought it was amusing.

    6. Re:Show of hands by Sir+Holo · · Score: 1

      Who here keeps up with what the current color is for our " Terrorism Threat Level " ?
      * crickets *

      ( Who here remembers we even have one ? )

      That color-coded 'terrorist' threat level was colored in an obtuse way. It was ROY B GIV. The DHS had its cluelessness on clear display in releasing that color chart (of how 'scared' you should be). The color order was wrong.

      The usual standard for a color-scale is to follow the well-memorized rainbow color-order: ROY G BIV. That is, Red, Orange, Yellow, Green Blue, Indigo, and Violet.

      And now Napolitano (former DHS chief) is heading-up the huge University of California System. Oy veh!

  9. Will they use it on their own TLAs? by PeeAitchPee · · Score: 4, Insightful

    So, when can we expect this system to be applied to rate the mass surveillance activities of the NSA, CIA, FBI, and others against law-abiding US citizens? Sounds like a good way for the EFF to rank the severity of abuses.

  10. So, partisan politics again? by Jester998 · · Score: 1

    OPM gets hacked... 'bama doesn't care.

    His party gets hacked... well, now we need new laws and regulations and procedures!

  11. Finally by Anonymous Coward · · Score: 1

    All the times U.S. agencies and depts got hacked, nothing. But shit got real when it was only political.

  12. RNC? by neghvar1 · · Score: 1

    Would Obama do the same thing if it was the Republican National Convention?

    1. Re:RNC? by Terwin · · Score: 1

      Would Obama do the same thing if it was the Republican National Convention?

      They probably did, but having proof that the RNC colluded to try and stop Trump would be such a non-event that it might even increase political stability.

      Presumably the goal here is to cause instability by undermining the candidate that is being proclaimed as the likely next president by the major media outlets.
      And if those claims turn out to be more wish than fact, it still servers to make politicians nervous.

    2. Re:RNC? by LWATCDR · · Score: 1

      Isn't more interesting that the actual contents of the email leak is not getting much attention on Slashdot? For example the email where they call outreach to hispanic voters Taco bowl engagement. Or the meeting between the DNC and MSNBC or the fact that a Poltico blogger sent a story to the DNC to get feedback before publishing it.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  13. Wouldn't numbers be easier? by TheCastro1689 · · Score: 1

    0 means non-event, 5 means kiss your ass goodbye.

    1. Re:Wouldn't numbers be easier? by kencurry · · Score: 1

      a number of years ago, our kids' elementary introduced a novel grading system. We had to have a sit down with the principal to walk us through it. She told us how the new system would be 1-2-3-4-5 etc as opposed to traditional A-B-C-D - F. This would take time and cause obvious confusion with parents, but the administration felt it was for the benefit of the children so it was worth all the hassle. Swear to god.

      --
      sigs are for losers (except to point out that sigs are for losers)
  14. Feelin' blue by Tablizer · · Score: 1

    What's the blue screen mean? Windows is giving me one now.

    --
    Table-ized A.I.
    1. Re:Feelin' blue by CanadianMacFan · · Score: 1

      Everything normal.

    2. Re: Feelin' blue by Tablizer · · Score: 1

      That just means it doesn't work. Fully secure sir!

      That's McAfee for ya: it "works" only because the hacker gets too bored waiting for slow McAfee-infested machines to respond.

      They'd rather hack drying paint.

      --
      Table-ized A.I.
  15. This will work as well as Bush Clinton Reagan by WillAffleckUW · · Score: 1

    None of the previous security protocols worked either.

    Information just wants to be free, especially when it can be socially engineered and exists in multiple locations at various times.

    --
    -- Tigger warning: This post may contain tiggers! --
  16. Re: Why hasn't Trump's campaign been hacked? by Ralgha · · Score: 2

    Because he's actually running an ingenious campaign. Hillary is reactionary and making only safe moves. Trump is out in front taking chances and getting attention. Hillary's tag line even has Trump's name in it! What moron does that? Trump is going to trounce her.

  17. now it is about color by frovingslosh · · Score: 1

    So Obama pretends to be everyone's President, but when it comes down to threats to the Democrat Election Fraud machinery, it suddenly becomes an issue of color.

    --
    I'm an American. I love this country and the freedoms that we used to have.
  18. Instead of showing leadership by melted · · Score: 1

    Instead of showing leadership by going medieval on the DNC bigwigs, we get some stupid color coding scheme. Obama administration in a nutshell.

    1. Re:Instead of showing leadership by bigfinger76 · · Score: 1

      This particular troll gets a chuckle out of me every time. I'm never expecting the repeat.

  19. Somewhat obviously political by Anonymous Coward · · Score: 1

    So, the government gets hacked and no overall action is taken, pentagon hacked, no particularly overarching initiatives. But the private organization, the DNC, they get hacked and Obama springs into action and creates an overarching initiative, because, well, political strategy is more important than Chinese military hacking, Russians hacking defense organizations and industry, etc. But threaten the liberal agenda by disclosing the truth, sure. Hacking the DNC warrants a more active response than Snowden whistleblowing or Hillary Clinton's threat to national security repeated breeches and theft of above top secret data through her private servers being hacked.

    1. Re:Somewhat obviously political by fedos · · Score: 1

      Obama has consistently acted as if hacking a private company is worse than hacking the government. This attitude predates him.

      Hacked the pentagon and stole technical data on a top secret weapon system? Meh, that's just what governments do. Hacked into Apple and leaked the release date for the next iPhone? Cyberterrorism!

  20. Awesome by asalazar · · Score: 1

    One more perpetually orange indicator.

    --
    Slashdot: Where the sig outsmarts the comment
  21. Go to Blue Alert! by JesseEnjaian · · Score: 1

    "Go to Blue Alert!"
    "Sir, are you absolutely sure? That does mean changing the bulb."

    Red Dwarf: https://www.youtube.com/watch?v=Qa_gZ_7sdZg

  22. Impact to citizens by SeaFox · · Score: 1

    The chart specifically mentions "civil liberties" being impacted. Does that mean we can get the Patriot Act classified as a terrorist document?

  23. Re:Why hasn't Trump's campaign been hacked? by Anonymous Coward · · Score: 1

    Why hasn't Trump's campaign been hacked?

    Because the apparatchik going around hacking presidential campaigns wants Trump to win.

  24. Oh goody by AndyKron · · Score: 1

    Oh goody, more color coding bullshit. I'll throw it in the trash along with the other color codes, and the food pyramid.

  25. All RED, All the time. by Jeremiah+Cornelius · · Score: 2

    C'mon. There are a million attackers 24 hours a day, for a network and data center architecture that treats security as an afterthought, and applications that are built as well as the industry standard. (smirk)

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  26. DNC email more precious than classified US info by mschaffer · · Score: 1

    So, when the DNC's email servers have been compromised, the White House scrambles to come up with some cockamamie Directive on United States Cyber Incident Coordination. However, if the Secretary of State uses her own, unsecured server, the POTUS just states that "it was just a mistake" and doesn't endanger national security and the AG doesn't even try to slap a wrist.
    What a bunch of inconsistent idiots.

  27. What? by erp_consultant · · Score: 1

    No threat level pink? This is an insult to all women...and people that are sympathetic to women...and people that are men that really want to be women.

    And no threat level rainbow? Oh the humanity!!! Once again we have left our LGBT brothers and sisters in the lurch.

    And code black is an imminent threat? Sounds vaguely racist.

    No...this just won't do. Back to the drawing board Barack.

  28. Wrong response by The_Revelation · · Score: 1

    This is a fairly pathetic response from the Obama administration. Rather that focusing on DNC corruption, the President is working to create better infrastructure to assist them in keeping their corrupt secrets. I don't want to call out the US government as being entirely corrupt, but here we are. Maybe, instead of this, the Obama administration would be better of using the money as a reward, to Guccifer 2.0, for his assistance for doing their job.

  29. Do NOT let the russians win! by rodia · · Score: 1

    Citizen, understand that the DNC breaking its own rules by working for one particular campaign in the primaries is NOT NEWS! If you talk about this, the evil russians win!!!! Accept that the rules are only for you, not for those in office! Stop thinking so much and learn to love exclamation marks!!!!

    Regards, The Chosen Few Who Truly Understand

  30. It's Chartreuse, run! by Tablizer · · Score: 1

    Years ago I remember a pundit joking that Obama would change the terror threat level colors (from the W era) into "chick colors", implying that Obama was effeminate, gay, and/or p-whipped.

    It had colors like chartreuse, coral, fuchsia, periwinkle, peach, etc.

    --
    Table-ized A.I.
  31. Purple Alert by pinkushun · · Score: 1

    https://youtu.be/rENdZ4dk6BI

  32. Dog Wagging by fedos · · Score: 1

    The DNC has been working hard to change the story from one about how they rigged the primary in collusion with the Clinton campaign and the media to one about Scary Russian Hackers. Unfortunately they've been rather successful.