Slashdot Mirror

← Back to Stories (view on slashdot.org)

America's 'CyberWar' With Foreign Governments Could Get More Aggressive (wral.com)

Posted by EditorDavid on from the zero-cool dept.

America's Department of Defense "has quietly empowered the United States Cyber Command to take a far more aggressive approach to defending the nation against cyberattacks, a shift in strategy that could increase the risk of conflict with the foreign states that sponsor malicious hacking groups," reports the New York Times. Long-time Slashdot reader TheSauce shares their report: In the spring, as the Pentagon elevated the command's status, it opened the door to nearly daily raids on foreign networks, seeking to disable cyberweapons before they can be unleashed, according to strategy documents and military and intelligence officials... The new strategy envisions constant, disruptive "short of war" activities in foreign computer networks... "Continuous engagement imposes tactical friction and strategic costs on our adversaries, compelling them to shift resources to defense and reduce attacks"...

The risks of escalation -- of U.S. action in foreign networks leading to retaliatory strikes against U.S. banks, dams, financial markets or communications networks -- are considerable, according to current and former officials... The chief risk is that the internet becomes a battleground of all-against-all, as nations not only place "implants" in the networks of their adversaries -- something the United States, China, Russia, Iran and North Korea have done with varying levels of sophistication -- but also begin to engage in daily attack and counterattack.
An article shared by schwit1 notes that officials in the Obama administration "were also worried that a vigorous cyber response...could escalate into a full scale cyber war."

Yet the Times reports that this new policy reflects "a widespread view that the United States has mounted an inadequate defense against the rising number of attacks aimed at America."

53 of 116 comments (clear)

  1. I bet there's one country that's off limits by Anonymous Coward · · Score: 1

    They're not really a "foreign" government now, more like a good buddy

    1. Re:I bet there's one country that's off limits by WindBourne · · Score: 1

      all depends on where the order came from.

      --
      I prefer the "u" in honour as it seems to be missing these days.
  2. Do it by WindBourne · · Score: 3, Interesting

    Seriously, the west has been under attack from Russia, CHina, North Korea, Iran, Syria, and a few others, for the last 20 years. We have been in a defensive posture, and losing badly.
    It is high time to do the right things and first off strengthen our telecommunications network. We should be running vlan on equipment that is made ONLY in the west. Utilities should be on 1 vlan, and with absolutely NO CROSS-OVER. Likewise, MIlitary/Intelligence should be on one, Roads on another, banks on another (used only for transfers between banks), etc, etc. Regardless, the internet/gen comm absolutely should be on a different vlan from the rest of this.
    And above all, we need to stop offshoring of access to those vlans, as well as making sure that telcos techs have security checks. The idea that ATT is outsourcing access to their internal network to India and CHina is nothing less than amazing.

    --
    I prefer the "u" in honour as it seems to be missing these days.
    1. Re:Do it by PopeRatzo · · Score: 2, Funny

      Seriously, the west has been under attack from Russia, CHina, North Korea, Iran, Syria, and a few others, for the last 20 years.

      Yes, but Russia only attacks us because they love freedom and want the USA to be strong and a shining example of democracy in the West, and not for any nefarious reasons. If you suggest otherwise, you should watch your ass.

      --
      You are welcome on my lawn.
    2. Re:Do it by whoever57 · · Score: 2

      VLAN. I do not think that word means what you think it means.

      --
      The real "Libtards" are the Libertarians!
    3. Re:Do it by tindur · · Score: 3, Funny

      Seriously, the west has been under attack from Russia, CHina, North Korea, Iran, Syria, and a few others, for the last 20 years. We have been in a defensive posture, and losing badly.

      So let's start by attacking Canada and western Europe.

    4. Re:Do it by WindBourne · · Score: 1

      Hmmm. I thought it was all 'make America first'' bit. So, would he not attack us first?

      --
      I prefer the "u" in honour as it seems to be missing these days.
    5. Re:Do it by WindBourne · · Score: 2

      attacks from Russia, China, North Korea, and Iran were going on LONG before Stuxnet.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    6. Re:Do it by Zontar+The+Mindless · · Score: 1

      America is not and never has been a "Christian nation".

      --
      Il n'y a pas de Planet B.
    7. Re:Do it by Nkwe · · Score: 4, Informative

      It is high time to do the right things and first off strengthen our telecommunications network. We should be running vlan on equipment that is made ONLY in the west. Utilities should be on 1 vlan, and with absolutely NO CROSS-OVER. Likewise, MIlitary/Intelligence should be on one, Roads on another, banks on another (used only for transfers between banks), etc, etc.

      You do understand that VLAN only offers security if you have complete control over the physical network? I suspect you may not because you mention using VLAN to isolate services that would typically be at significantly different physical locations and be administered by different people.

      Using US made equipment would be a start, but the issue with VLAN is that if anyone has access to the configuration of anything touching a physical connection that is "protected" by VLAN, they can just change the configuration and you don't have isolation any more. All VLAN does is add a couple of bytes to the header of the packets and you *hope* that everyone listening honors those packets. It can really only be used within a physically trusted segment of your network *and* you have to trust everyone who can configure the related network gear. This means that if an attacker gets configuration access to any of your devices touching the VLAN trunk, they can alter the configuration and escalate their access. If you are using VLANs to isolate workstation access at the workstation NIC, well just don't.

      In your example of using VLAN to isolate military, utilities, and banking, I would have to assume that you mean isolating them when they run across a common set of network links. This is an unlikely scenario because VLAN is a physical layer 2 (data link / Ethernet segment) thing and you typically would use a network layer 3 (routing / IP subnet) thing to deal with connecting disparate networks over distance. If you are actually talking about tying these entities together at the physical layer of the network, you would have to trust that the parties at both ends and everyone in the middle absolutely kept physical administrative control and that there were no bad actors in the mix. This is unlikely.

      Other technologies, such as VPN would be more appropriate. This as well as regulations that require either air-gapping of sensitive systems or proven control of the encryption keys used to create VPN sessions running through shared networks.

    8. Re: Do it by Reverend+Green · · Score: 1, Offtopic

      The United States had never had a theocratic government, for sure. However for a conception of "nation" that is broader than "government" - yes America was long a Christian nation.

      One could argue that even today, excluding a few coastal bourgeoisie, we are still a Christian people.

    9. Re:Do it by WindBourne · · Score: 1

      North Korea:
      Bureau 121 is a North Korean cyberwarfare agency, which is part of the Reconnaissance General Bureau of North Korea's military.... its primary intelligence targets are South Korea, Japan, and the United States[4]. Bureau 121 was created in 1998

      China:
      A 2008 article in the Culture Mandala: The Bulletin of the Centre for East-West Cultural and Economic Studies by Jason Fritz alleges that the Chinese government from 1995 to 2008 was involved in a number of high-profile cases of espionage, primarily through the use of a "decentralized network of students, business people, scientists, diplomats, and engineers from within the Chinese Diaspora".[57]....Operation Shady RAT is an ongoing series of cyber attacks starting mid-2006, reported by Internet security company McAfee in August 2011. China is widely believed to be the state actor behind these attacks which hit at least 72 organizations including governments and defense contractors.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    10. Re:Do it by serviscope_minor · · Score: 2

      America is not and never has been a "Christian nation".

      The constitution is the starting point to define the body of laws. It doesn't define the culture of the country. In practice, America (which explicily disallows the government from favuring a religion) is far more of a Christian nation than the UK (which has a state religion and that religion has some voting power in the Lords).

      There's the legal aspect and then there's how people act. In the US, a lot of politicians fall over themselves to display their religious credentials, especially if they're on the whackjob fringe. In the UK for example, politicians on the whackjob fringe coughBlaircough keep it very, vey quiet.

      Then there's the "one nation under god" pledge of allegiance. Frankly, I barely had that much religion at the C of E school I went to up until 11 (that is hyperbole by the way).

      Anyway as a some-time resident of a few years, America seemed much much more Christian in practice than my homeland no matter what the constitution says.

      On a Sunday the church car parks were always full. In the UK there's a serious problem with declining attendance which means that there's a real lack of funds to perform upkeep on important historic architecture.

      But I digress. Even Donald Trump (who if nothing else, we can all agree is not a conventional politician) felt the need to advertise his Christian credentials during his campaign.

      America might not be a Christian nation from a legal point of view, but from just about every other point of view it looks, feels and behaves like one.

      --
      SJW n. One who posts facts.
    11. Re: Do it by sabbede · · Score: 1

      No, that's not right. Why not learn about corporatism instead of working off what you think it means?

    12. Re:Do it by dk20 · · Score: 1

      Are you sure about that?

      https://en.wikipedia.org/wiki/...
      "One nation under god"

      https://en.wikipedia.org/wiki/...
      "In God We Trust" is the official motto of the United States of America and of the U.S. state of Florida. It was adopted as the nation's motto in 1956 as a replacement or alternative to the unofficial motto of E pluribus unum, which was adopted when the Great Seal of the United States was created and adopted in 1782.[1][2]

    13. Re:Do it by Zontar+The+Mindless · · Score: 1

      I'm aware of religious activists pushing to have that nonsense pasted on our currency and seal, although we got along just fine without it for 180 years, yes.

      --
      Il n'y a pas de Planet B.
  3. Re:Is water wet? by WindBourne · · Score: 1

    wrong. It is NOT apparent. NSA is doing their jobs. They absolutely DO lock down systems. The problem is that W split the work between NSA and DHS, which was stupid. DHS has done a HORRIBLE job. And the fact that you do not understand what is happening speaks of how poorly our tech world is doing.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  4. Extreme Stupidity by gweihir · · Score: 1

    Perpetrated by cave-men that think the only valid response to anything is to apply violence. The actual facts are that attribution is basically impossible and that you have an extremely high chance to hit the wrong target and that will obviously make matters worse, not better. There is even an attack-technique were you let some aggressive but brain-dead actor do your dirty work by faking an attack from the intended victim. So far this did usually not work because nobody was actually stupid enough to try an offensive "defense", but of we get that stupidity now, we will see these attacks. What is needed instead is that the utterly laughable level of defense prevalent in most businesses need to finally be brought so something that actually qualifies as defense. Hacking is a lot of work and hacking a reasonably defended enemy is economically non-viable. What is also needed is that DDoS for hire, bot-nets and the like get shut down fast and in coordinated actions, but that is law enforcement, not war. Might require some international treaties and collaboration, and the US currently seems to have forgotten the very high value of those.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Extreme Stupidity by admin7087 · · Score: 1

      Oh yes, of course, they cannot attribute anything to anyone, because they are extremely stupid, and you know so much better. Luckily, hope is not yet lost, the current US comander-in-chief is constantly looking for people as brilliant as you...

    2. Re:Extreme Stupidity by gweihir · · Score: 1

      Probably not. Historically, a people this disconnected from reality just becomes irrelevant. This is typically accelerated by all the smart ones leaving when it becomes obvious that things will not improve.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. What allies? by Midnight+Thunder · · Score: 2, Insightful

    Once upon a time the US was an ally many nations wanted to have (discounting the relationships fostered by the CIA). Today, the image of the US is one of isolationism and paranoia, very much in the frame of the leader.

    Granted, it is hard to tell what is due to the commander in chief and what is simply politics as usual? It is also hard tell who is creating more spin?

    Whatever happens the next leader needs to heal the wounds and divisions created by Trump (he already started during Obamaâ(TM)s terms), but that wonâ(TM)t be easy while Trump is still respected by his base. It also wonâ(TM)t be easy while the Democrats donâ(TM)t listen to the nation.

    --
    Jumpstart the tartan drive.
    1. Re:What allies? by swell · · Score: 1

      Not sure how you got modded up for an incoherent rant that you didn't bother to proofread. Try to do better in the future. Show a little respect for other Slashdot users.

      --
      ...omphaloskepsis often...
    2. Re:What allies? by currently_awake · · Score: 1

      The Leader of the Free World shares some qualities with the person who cuts your birthday cake. If they say "I want to eat the whole cake" then you don't want that person doing the job.

    3. Re:What allies? by Zontar+The+Mindless · · Score: 1

      Perhaps you need to re-evaluate what you consider "incoherent", then.

      --
      Il n'y a pas de Planet B.
    4. Re:What allies? by Zontar+The+Mindless · · Score: 1

      He didn't say Obama caused divisions, he said Trump started doing so while Obama was still in office.

      To avoid future embarrassment, try reading the entire sentence rather than just looking for random words within it to snarl at.

      --
      Il n'y a pas de Planet B.
    5. Re:What allies? by maestroX · · Score: 1

      Once upon a time the US was an ally many nations wanted to have (discounting the relationships fostered by the CIA). Today, the image of the US is one of isolationism and paranoia, very much in the frame of the leader.

      A bit grotesque to hold Trump accountable for the demise of US as world police agent and favourite cheerleader.

    6. Re: What allies? by sabbede · · Score: 1

      And people who want to use slanderous accusations of racism to silence their opponents never fail to find something to call a pretext for racism, or "dog whistle".

  6. Involuntary pen testing needed. by Gravis+Zero · · Score: 4, Insightful

    If there is going to be any real defense of our critical systems then what we actually need is to have our own government bringing down vulnerable systems. Allowing these systems to continue to function when they could fail at any moment is like building on a fractured foundation: it's a disaster waiting to happen.

    This effort will cause annoying outages but it will also force companies to invest in real security while allowing those who already have will thrive. Most companies have been complacent for far too long and it's made us very vulnerable.

    --
    Anons need not reply. Questions end with a question mark.
  7. More aggressive ... by CaptainDork · · Score: 1

    ... than what?

    We hear about Russia, China, Ukraine ...

    What has the US ever done?

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:More aggressive ... by AHuxley · · Score: 1

      Its the 1983 way of thinking. Every bad person has to have an ip. At the end of that is an ISP and a modem.
      Thats the way networks are created. In the 1980's and now in 2018.
      Beyond that modem is a home computer with a ssd in 2018. All the US cyber experts have to do is follow the network back to a bad home computer in a bad nation.
      Push some new and unexpected gov malware down to that home computer and its a happy cyber ending.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:More aggressive ... by serviscope_minor · · Score: 1

      What has the US ever done? ...

      That's missing the point abut as badly as it's possible to miss.

      Sure so America has done some pretty bad stuff, but surely that doesn't mean you want people to do it back to you in turn. Even if you argue turnabout is fair play, it's also entirely fair and wise to protect against it.

      --
      SJW n. One who posts facts.
    3. Re:More aggressive ... by CaptainDork · · Score: 1

      That's leaks , not cyber attack.

      Pay attention.

      Your example highlights incompetency.

      Additionally, hackers extant to the US have grabbed the good shit crom CIA and NSA, right?

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:More aggressive ... by CaptainDork · · Score: 1

      You and I are in agreement on that.

      My goal is to separate that from aggressive, proactive cyber attacks on the part of the US.

      They can't do that.

      And my point is: While the US sucks the big one on hacking, they are also lousy gatekeepers.

      It's incompetence all the way down.

      --
      It little behooves the best of us to comment on the rest of us.
  8. These are the same people who ... by CaptainDork · · Score: 1

    ... can't get rid of Kaspersky.

    US Government Can't Get Controversial Kaspersky Lab Software Off Its Networks

    --
    It little behooves the best of us to comment on the rest of us.
  9. Re:Is water wet? by currently_awake · · Score: 3, Insightful

    There should be 1 government organization responsible for computer security, and they should not also be in charge of spying as that deters foreign governments and corporations from fully cooperating with them. Giving them legal authority to force companies to patch security holes would also help.

  10. This "war" was lost in the 1970s by ka9dgx · · Score: 3, Insightful

    Ambient Authority is a design decision which only appears once you have multiple users sharing a computer. As a result, everyone just kept using it without much thought... until we find ourselves in a world of persistent networks, mobile code, no system administrators, and multiple layers of firmware and OS from various hardware and software vendors.

    In such a system, any code runs with the full authority of the user who started the task, and the users have no effective means of limiting the side effects of running a given program. This in turn means we have to try to guess the intent of code (which is equivalent to solving the halting problem, and is thus impossible). The band-aid is to then try to enumerate all the bad code in the world (virus scanners), and to enumerate all the code bugs in all our programs (security updates), and to eliminate the trust of users (DRM, forced updates, "safety" filters in our browsers). None of these band-aids will work against a determined individual, let alone a nation-state.

    Running tasks with the least possible privilege, the "Principle of Least Authority" (POLA) allows a user in such a system to decide ahead of time exactly what files the program is allowed to read, write, etc. Because we're all used to dialog boxes, and drag to drop GUI elements, this doesn't even require any special training of users to accomplish.

    Of course, rebuilding our infrastructure to fix a design flaw of the size and scope of using 2 digit years (the Y2K problem we once faced), isn't going to be easy... especially when there's no deadline to make the need for action obvious. It's just going to remain an insidious vulnerability instead for decades to come.

    If you think EAL certifications address this, they don't. 8(

  11. Is this performance art.... by Uberbah · · Score: 1

    Seriously, the west has been under attack from Russia, CHina, North Korea, Iran, Syria, and a few others, for the last 20 years.

    ...or are you so far out there you can see Pluto from your house? Paid no attention whatsoever to Wikileaks or Edward Snowden? Attacking other countries networks and trying to spy on everyone is what you do. Just ask one of your top allies, Angela Merkel.

    attacks ON Russia, China, North Korea, and Iran were going on LONG before Stuxnet.

    FTFY. For christsake you spend more than the rest of the world combined, so stop being a tough guy crybaby.

    1. Re:Is this performance art.... by WindBourne · · Score: 1

      BS. We DO spy, which is what Snowden spoke about.
      BUT, CHina, Russia, North Korea, Iran, etc have been working to destroy the west since the 90s. We were not even dealing with the issues.
      And had you paid attention to Snowden, you would have known that BND had given NSA access to their networks. IOW, they KNEW we were there (though I suspect that they did not know that we were listening in on Merkel).
      So, no, the smart thing is for us to start dealing with Russia/China/etc on their own terms.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    2. Re:Is this performance art.... by Uberbah · · Score: 1

      BUT, CHina, Russia, North Korea, Iran, etc have been working to destroy the west since the 90s.

      More projection. The U.S. literally bragged about interfering in the 1996 Russian election, has been staging practice invasions off North Korea's coast every year since the 90's, committed an act of war on Iran with Stuxnet and spent years illegally threatening them with a military invasion over a nuclear weapons program the U.S. knew Iran didn't actually have.

      So, no, the smart thing is for us to start dealing with Russia/China/etc on their own terms.

      Good to hear! So you'll slash you war budget from ~$1.4 trillion or so a year down to $45 billion dollars to match Russia's, close down almost every single one of your overseas military bases, and go down to a single aircraft carrier to match China's.

  12. US 'giving' ideas to NK, LoL by TiggertheMad · · Score: 2

    "Stuxnet was a game-changer because it opened people's eyes to the fact that a cyber event can actually result in physical damage," says Mark Weatherford, deputy undersecretary for cybersecurity in the National Protection Programs Directorate at the U.S. Department of Homeland Security.

    ...and this guy was a stupid tool if he didn't realize this sooner. There were viruses back in the 1980s that could cause physical damage to computers by parking the head on a spinning platter of a hard disk, or wrecking the monitor by setting the refresh rate to an unsupported value. And those sorts of things could be done to a computer that WASN'T hooked up to a uranium centrafuge.

    Stuxnet might have opened the eyes up of the uninformed desk clowns, but programmers and security people knew this for decades.

    The US didn't open this can of worms...it is hubris to think that every country in the world doesn't have smart people in intelligence working these sorts of plans 24/7. If Stuxnet wasn't done by the US / Israel / whoever did it, someone else would have in fairly short order. The Russians were meddling in US elections via the internet because nobody had tried it before. NK attacked Sony Pictures. EVERYBODY is experimenting right now to see what you can get away with before you catch a retaliatory nuke.

    Furthermore, this is the tip of the iceberg. There are plenty more operations being run by ALL nation actors to steal, hack, destroy enemy information and infrastructure right now. Nobody is talking about it, because it is bad spy craft to talk about what you do and do not know. It cost pennys on the dollar to hack when you compare that with conventional military operations.

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
  13. obligatory by Reverend+Green · · Score: 1

    Oceania was at war with Eastasia: Oceania had always been at war with Eastasia.

  14. Re:United States Cyber Command? by AHuxley · · Score: 1

    The US has looked over its OPM files to find people who can fill its new Cyber Command from all sections of the US mil/gov and its many contractors.
    After sorting for the optics of demographics and considering equality of outcome a new US command was created.
    Fill in a questionnaire, pass the biographical screening and become a cyber expert.

    --
    Domestic spying is now "Benign Information Gathering"
  15. Re:Is water wet? by BlueStrat · · Score: 1

    There should be 1 government organization responsible for computer security, and they should not also be in charge of spying as that deters foreign governments and corporations from fully cooperating with them. Giving them legal authority to force companies to patch security holes would also help.

    Not only authority to legally order large software companies to patch security holes, but prosecute them for some form of criminal negligence when they do things like marketing routers with hard-coded default admin/vendor-access passwords (and especially for not mentioning that little detail very plainly to potential buyers). That sort of nonsense is not just ignoring security or even doing it badly, it's giving the entire concept of security the "Bronx cheer" and causes great financial and societal harm that affects everyone including people who are not their customers.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  16. Yes, countries MUST have secure and local ICT by what+about · · Score: 1

    The idea is that it is foolish to have a single producer of CPU, OS, components.
    Think about it: Where is all the Win 10 telemetry going ?
    How many "conveniente bugs" do a modern CPU have ?
    How many ways are there (that we do not know) to "shutdown" a network infrastructure ?

    By having country level perople and experts you also enhance the employment...
    What can you wish more ?

  17. America's cyberwar with foreign governments by najajomo · · Score: 1

    "the Pentagon elevated the command's status, it opened the door to nearly daily raids on foreign networks, seeking to disable cyberweapons before they can be unleashed"

    All the Pentagon has to do is stop running their infrastructure on Microsoft Windows.

  18. We know how to improve security. This ain't it. by dweller_below · · Score: 1

    The Pentagon is trying to CyberAttack our way to a more secure future. But Security comes from Defense, not attack.

    Thousands of years of human experience have shown that destruction is easier than creation. One man can quickly destroy something that takes a community months to create. It may be that "To every thing there is a season; and a time for every purpose under heaven." But, if you don't spend more time on creation than destruction, you end up a lonely, starving scavenger. Any stable, prosperous society must provide more rewards for creation then destruction.

    Modern economies of manufacture and transportation have made many things better, but this is not one of them. In almost every way, the modern economy favors attack:

    • * The huge advantage granted to market leaders guarantee that we all, government, corporate, and private, foreign and domestic, use the same computers and software.
    • * There are great economic incentives to ship quickly, with many features, rather than spend time and money to create secure products.
    • * Our sales and advertising driven economy has convinced us that new stuff, with new features and vulnerabilities is always better than old stuff.
    • * Products are deployed LONG before understanding. Most of the issues, bugs, and vulnerabilities are discovered after things go into production.

    The Internet has made many things better, but this is not one of them. In almost every way, the Internet favors attack over defense:

    • * The Internet makes everything more complex. This provides the attacker with a vast array of attack surfaces.
    • * The Internet makes it easier to extend influence. This allows attackers to greatly extend their list of victims. An attacker can easily apply a viable attack strategy to every eligible Internet target.
    • * The Internet increases the pace of attack. Usually attack can easily outrun any possible warning.

    The transition to digital has made many things better, but, again, this is not one of them. In almost every way, being able to make effortless, accurate copies favors attack:

    • * It is easy to automate attack. This greatly reduces the cost of attack. It also removes the economic cost of scaling up attack against multiple victims.
    • * It is easy to make self-replicating attack. This allows attack to spread itself beyond any previous control or limit.
    • * It is easy to capture, analyze and reproduce somebody else's attack. If somebody drops a bomb on you, it is hard to reassemble all the bits, unburn the chemicals, and reuse it. But, if somebody develops an Internet attack, it is easy to copy the attack and repurpose it. Internet attack efficiently spreads destructive knowledge and capability direct to your enemies.

    The reality is, Internet attack is like poisoning a common watershed, and hoping that your enemy dies first. There is no "Win" in "CyberWar". We all have to defend the same stuff. Every successful attack weakens us all.

    We have a fairly clear understanding of how to increase security through defense. Almost every Internet Security expert agrees on the general shape of the necessary changes. But, the changes are HARD and EXPENSIVE. So, we keep hauling out the "Security Through Destruction" fantasy. If we were really serious about improving Defense, we would make changes like:

    • 1) Change US politics and policy toward CyberWar. Our long-held belief is that Internet attack is less devastating than conventional attack. But now, all economies are so dependent on the Internet, that a sustained Internet outage would kill more people than a nuke. We need to lead the world to the negotiating table and impose strategic limits on Internet Attack. This needs to be enforced by cooperative International Internet monitoring and meaningful penalties.
    • 2) Separate the Defenders from the Attackers. Defense needs it's own budget. Internet Defense must be prioritized OVER Attack. While Attack can inform Defense, it can't create
  19. Re:Is water wet? by Agripa · · Score: 1

    There should be 1 government organization responsible for computer security, and they should not also be in charge of spying as that deters foreign governments and corporations from fully cooperating with them. Giving them legal authority to force companies to patch security holes would also help.

    The NSA has poisoned that well for the entire US government with the aid of the FBI and Congress. They even managed to smear NIST. Nobody should be cooperating with them.

  20. Re:Is water wet? by Agripa · · Score: 1

    Not only authority to legally order large software companies to patch security holes, but prosecute them for some form of criminal negligence when they do things like marketing routers with hard-coded default admin/vendor-access passwords (and especially for not mentioning that little detail very plainly to potential buyers).

    Who do they prosecute when another government agency either pays or orders exploits to be designed in?

  21. Re:Is water wet? by BlueStrat · · Score: 2

    Not only authority to legally order large software companies to patch security holes, but prosecute them for some form of criminal negligence when they do things like marketing routers with hard-coded default admin/vendor-access passwords (and especially for not mentioning that little detail very plainly to potential buyers).

    Who do they prosecute when another government agency either pays or orders exploits to be designed in?

    Well, since we're "wish-listing" here as it's unlikely in the extreme that any of this unconstitutional behavior will see any serious repercussions anytime soon, I'd like to see every single government official, agent, etc etc, face prosecution that originated the orders to violate civil rights and those down the chain that followed them.

    When your government officials and agencies become "too big to prosecute" it might be a sign that your government has grown far too large & powerful.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  22. Re:Is water wet? by sabbede · · Score: 1

    The NSA is a foreign intelligence gathering agency. They're not allowed to have domestic operations. The DHS and FBI handle that.

  23. To really avoid escalation, let's just surrender. by sabbede · · Score: 1
    That's the only way to really avoid escalation, never fight back, never defend, just give up.

    If we're going to hit back out of the fear that the people attacking us will be mad about it (as if we aren't), why bother defending ourselves at all?

  24. Re: Is water wet? by WindBourne · · Score: 1

    Obviously, u do not work in intelligence. The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9] The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.[10]

    --
    I prefer the "u" in honour as it seems to be missing these days.
  25. Re: Is water wet? by WindBourne · · Score: 1

    Ppl really do not realize that nsa really are the good guys. For example, they have gone to great lengths to lock down linux, without putting in backdoors. In addition, when they find openings in Windows and apple, they exploit them UNLESS, they become aware that somebody.elsr knows about it. Then they tell the companies . keep in mind that nsa has dual conflicting purposes, so they try hard to make it work.

    --
    I prefer the "u" in honour as it seems to be missing these days.