Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obama Creates a Color-Coded Cyber Threat 'Schema' After the DNC Hack (vice.com)

Posted by msmash on from the clearing-the-clutter dept.

The White House on Tuesday issued new instructions on how government agencies should respond to major cyber security attacks, in an attempt to combat perceptions that the Obama administration has been sluggish in addressing threats from sophisticated hacking adversaries, Reuters reports. The announcement comes amid reports that hackers working for Russia may have engineered the leak of emails stolen from the Democratic National Committee in an attempt to influence the outcome of the upcoming presidential election. Motherboard adds: George W. Bush's Homeland Security Advisory System -- the color-coded terrorism "threat level" indicator that became a symbol of post-9/11 fear mongering -- is getting its spiritual successor for hacking: the "Cyber Incident Severity Schema." President Obama announced a new policy directive Tuesday that will codify how the federal government will respond to hacking incidents against both the government and private American companies. [...] The Cyber Incident Severity Schema ranges from white (an "unsubstantiated or inconsequential event") to black (a hack that "poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of U.S. persons") , with green, yellow, orange, and red falling in between. Any hack or threat of a hack rated at orange or above is a "significant cyber incident" that will trigger what the Obama administration is calling a "coordinated" response from government agencies. As you might expect, there are many unanswered questions here, and the federal government has announced so many cyber programs in the last few years that it's hard to know which, if any of them, will actually make the US government or its companies any safer from hackers.

17 of 133 comments (clear)

  1. Waste of time by Anonymous Coward · · Score: 2, Insightful

    This is what the government does when they want to give the appearance of doing something when they really don't have any idea what to do. It didn't do anything after 9/11 and nobody really will pay any attention to it now, either.

    1. Re:Waste of time by Gojira+Shipi-Taro · · Score: 4, Funny

      I don't see Threat Level Plaid anywhere on there...

      --
      "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
    2. Re: Waste of time by ArmoredDragon · · Score: 4, Interesting

      A lot of people misinterpret what that was for. It wasn't "fearmongering" in any sense. Such a system was already in place for decades, only in a different form. I was in the Army at the time of 9/11, and that day we went to threatcon delta. All it was for was to signal all government personnel to assume a different security posture, as per protocol.

      The public version just came off to me as being the same thing, only if any civilian entities (i.e power plants, etc) wanted to safeguard themselves based on recent events, they could reliably follow that.

      It occurs to me that this is a similar system, only for cybersecurity. If people get all panicky over it, that's their problem, and it's not intended to make people afraid of anything.

    3. Re: Waste of time by MobSwatter · · Score: 2

      Of course. It's completely meaningless. Can you imagine having an online threat, turning to your friend and asking "What's the danger color right now?"
      "Where and for what site?"
      "The US of course!"
      "My site isn't hosted in the US, and what software are you talking about?"
      "Anything the Russians might use against us!"
      "Oh boy, the Russians you say? What about everybody else?"
      "Damn it Dan, it's red, that's all I wanted!"
      "Go back to sleep George."

      The threat level has been permanently established as being the color of; 'Bananas".

    4. Re:Waste of time by chispito · · Score: 3, Insightful

      This is what the government does when they want to give the appearance of doing something when they really don't have any idea what to do. It didn't do anything after 9/11 and nobody really will pay any attention to it now, either.

      Yes, it's called the Politician's Syllogism. In summary:
      1. Something must be done!
      2. Look, this is something.
      3. Therefore, we must do this!

      It also seems to apply to IT.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    5. Re:Waste of time by Archangel+Michael · · Score: 2

      But Obama's version is way better than Bush's! So it is Better, because Obama!

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    6. Re:Waste of time by Captain+Scurvy · · Score: 2

      What I find interesting is that the Obama administration has selected this particular event as a rallying point for creating some kind of response to cyberattacks. Massive government data breaches, stolen healthcare records, SCADA attacks, and IP theft just weren't quite cutting it. But an attack that exposed hypocrisy and corruption within the ranks of his own party? INTOLERABLE!

  2. Black is the worst threat level...? by cayenne8 · · Score: 4, Funny
    Isn't that racist....??

    [tongue in cheek]

    I guess it isn't since Obama says it is ok....

    :)

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    1. Re:Black is the worst threat level...? by Anonymous Coward · · Score: 2, Funny

      No, you've got it wrong. If Black is the new Red, and Orange is the new Black, then by the transitive property, Orange is the highest level threat, therefore, we must immediately protect the country and ourselves from Donald Trump.

  3. peg that bugger at black.... by phantomfive · · Score: 2, Insightful

    Our current level is solid black.....because programmers don't care about bugs, managers don't let them care, and our critical infrastructure is connected to the internet.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:peg that bugger at black.... by Tablizer · · Score: 3, Informative

      "Agile" means changing jobs quickly when bleep hits the fan due to IT fads and bad management.

      --
      Table-ized A.I.
  4. Show of hands by nehumanuscrede · · Score: 5, Interesting

    Who here keeps up with what the current color is for our " Terrorism Threat Level " ?
    * crickets *

    ( Who here remembers we even have one ? )

    Exactly. No one cares. Even fewer are going to give a sh*t about some other lame ass color coded scheme.
    ( LoudSpeaker: Today's cyber-threat level is Muave with just a hint of Magenta ) :|

    Don't want your networks hacked ? Maybe you should keep a competent IT staff on hand. ( and treat them like you want them to stick around )
    Not the contractors from India you're using because it's cheaper.

    1. Re:Show of hands by phantomfive · · Score: 4, Informative

      ( Who here remembers we even have one ? )

      We don't have one anymore, actually.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Show of hands by Talderas · · Score: 2

      Exactly. No one cares. Even fewer are going to give a sh*t about some other lame ass color coded scheme.

      Your comment is the exact reason why they shouldn't have brought up the Homeland Security Advisory System. While the colors are the same the systems themselves are completely different. This system is an incident response system. It's like the International Nuclear Event Scale. It's a post-event system. There would never, and should never, be an ambient "color level" for this system.

      The HSAS is not a post-event system. It's a system that is intended to convey the ambient risk and possibility of a terrorist event occurring. It's like the DEFCON system except with a different scope of antagonists to keep tabs on. It's dumb that HSAS uses colors but it does serve its usefulness to convey a basic understanding to groups of individuals that would be responsible to taking proactive steps to protect against or mitigate the risk of a potential terror attack. The general population does not need to be aware of it.

      --
      "Lack of speed can be overcome. In the worst case by patience." --Znork
  5. Will they use it on their own TLAs? by PeeAitchPee · · Score: 4, Insightful

    So, when can we expect this system to be applied to rate the mass surveillance activities of the NSA, CIA, FBI, and others against law-abiding US citizens? Sounds like a good way for the EFF to rank the severity of abuses.

  6. Re: Why hasn't Trump's campaign been hacked? by Ralgha · · Score: 2

    Because he's actually running an ingenious campaign. Hillary is reactionary and making only safe moves. Trump is out in front taking chances and getting attention. Hillary's tag line even has Trump's name in it! What moron does that? Trump is going to trounce her.

  7. All RED, All the time. by Jeremiah+Cornelius · · Score: 2

    C'mon. There are a million attackers 24 hours a day, for a network and data center architecture that treats security as an afterthought, and applications that are built as well as the industry standard. (smirk)

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."