Cyber Security
http://thedianerehmshow.org/shows/2011-06-02/cyber-security
The Pentagon is putting together a plan for a U.S. response to cyber sabotage: the report will likely outline the kinds of computer attacks that would be considered acts of war and warrant possible military retaliation. Recent cyber attacks here and abroad highlight what many say is growing vulnerability for both civilian and military infrastructure, but the perpetrators of cyber attacks are often not easily or quickly identified. Join us for a conversation on the challenge of cyber security in the public and private sectors.
Guests
Siobhan Gorman
Intelligence and Homeland Security Correspondent, Wall Street Journal
Mischel Kwon
president, Mischel Kwon Associates, a security consulting firm
former director, the United States Computer Emergency Readiness Team (US-CERT)
Stewart Baker
attorney, Steptoe and Johnson
former assistant secretary of policy, Department of Homeland Security
Comments
Please familiarize yourself with our Code of Conduct and Terms of Use before posting your comments.
This show along with many others in an organized campaign during the last several days is an attempt to shape public opinion, manufacture consent and put definitive phrases into people's daily conversation. All I can think is that the Bradley Manning/Wikileaks thing has the Establishment really scared that some truth might be revealed that would undermine their agenda. Now if your nuclear plants and your sensitive manufacturing, and your cowardly murdering drones are hooked up to the Internet I have to assume this must be your fault. Because wouldn't that be like hooking your air pipe up to the car exhaust? Why would you do a thing like that?
Asserting that hacking is an act of war expands your purview and your mandate to control and interfere. It enlarges your license to kill. It gives you leverage to insist that every Pentium III desktop is a loaded weapon ready to discharge into a kindergarten. If "bidness" had not already ruined the pleasures and advantages of the Internet this would be comical. Yesterday I heard one commentator say that every sensitive operation must be Internet connected because businessmen need to check their investments 24/7. It's the same logic of a "free market" that stymies gun control and makes every corporation a superhuman citizen. All we are getting here today is the argument that the Oligarchy owns the Internet and that they are ready to use military force against anyone or anything that threatens the increase of their revenue stream. I don't think their big wide ass should be blocking vital public discourse and dominating the commons. I'll go so far as to say that our elite is definitely overlapped with the Chinese elite and shares the same interest of shutting us up.
Grady, expand on this?
"It's the same logic of a "free market" that stymies gun control and makes every corporation a superhuman citizen".
Does this mean that the Susnext attack on the Iranian nuclear infrastructure by the US and Israel will be classed as an act of war, and Iran can legally defend itself against the US and Israel by any means they chose?
Grady Lee Howard wrote:
"Asserting that hacking is an act of war expands your purview and your mandate to control and interfere."
Amen and amen again.
As far as HB Gary being careful about security? Please, sir. The Anonymous hackers who managed to get all those emails were themselves stunned at how lax HB Gary had been about their own security. This weak security system has been pointed out by numerous media sources even.
Is there a hidden agenda in claiming their security was tight??
At the highest level is prevention of failure through highly expert design of the programs that government or businesses use. This is PRO ACTIVE rather than REACTIVE. No system will be fail safe, but designing it well from the get-go is the critical first step. It includes a unique mathematical logic expertise that is far better known, understood, and used in Europe.
Just remember we damaged Iran's system with the 'worm' and have for years jammed radio systems that were not friendly to capitalism. Just like drones, others can come at us with the same technologies at some time. What's good for the goose is ...........!
American Education is below par for network security; as a student, I have first hand knowledge of this. When NSA gives its accreditation, it needs to make sure it doesn’t grant it to programs where the teachers aren’t capable of teaching it. As a laid of federal employee, I was given federal funds to go to a school for network security. It was the worst program I EVER attended. I am appalled at the framework we depend on to defend our country.
I suggest the panel should include a spokesperson of the Electronic Frontier Foundation (EFF), considering the passage and reception of the Patriot Act.
My understanding is that the Secret Service is designated by the Patriot Act as the authority within Homeland Security with responsibility for investigating cyber attacks. They should be the first call if a cyber attack is suspected, not the SEC or any other Federal agency.
I agree with one point from Grady. Why exactly is are the critical systems of Nuclear Power plants, missile systems and other critical things hooked up to the internet? It simply makes no sense unless the word 'Lazy' is applied. These systems, if necessary to be on a network, can have their own networks that are hackproof unless you physically hook up to it with a wire. Anybody tried to run a wire to a Minute Man missile site lately?
JSawyer wrote:
I suggest the panel should include a spokesperson of the Electronic Frontier Foundation (EFF), considering the passage and reception of the Patriot Act.
That would have been very nice indeed. *sigh*
Cyber Security is not some sort of a destination as many people seem to assume it to be. There isn't a magical button (other than the power button) that can keep any networked system secure.
Cyber Security is an ongoing process of attack and defense. When someone finds a new way in, you build a wall and hope they didn't slip through before it's finished. The only real method of being secure is hoping that your employees are better than the ones your opposition has hired.
Stuxnet had little impact on the Iranian nuclear program. Perhaps its worst ramification has been that the knowledge how to construct such worm is divulged.
More details about Stuxnet and sources can be found here:
http://brainmindinstrev.blogspot.com/2010/09/stuxnet-worm-windows-intern...
"Sally Kuks wrote:
Just remember we damaged Iran's system with the 'worm' and have for years jammed radio systems that were not friendly to capitalism. Just like drones, others can come at us with the same technologies at some time. What's good for the goose is ...........!
June 2, 2011 - 10:30 am"
"michael collins wrote:
Does this mean that the Susnext attack on the Iranian nuclear infrastructure by the US and Israel will be classed as an act of war, and Iran can legally defend itself against the US and Israel by any means they chose?
June 2, 2011 - 10:17 am"
Some years ago, I read an article that went something like this-
An American Company sold a Gas Pipeline Control System to the Soviets. It was said to have had a bug deliberately built in that, when activated, caused the biggest non-nuclear (non-natural?) explosion ever produced.
Monte Haun mchaun@hotmail.com
The last lady who spoke is wrong...yes...if security is 'free' to all users someone will have to pay for it...but if everyone has security on their computers it will not be profitable for crooks to spend the time developing new viruses as they will only be able to infect very few machines...similar to why there has not been many viruses for the Mac.
I heard one of your experts say with regards to online security (I paraphrase) that there's *nothing* you can do to protect yourself online if someone out there is targeting your accounts -- eventually they'll find something that works.
While this is pretty much true, it's an inflammatory way to state it because it fails to account for the fact that you are not a target. Unless you're in politics, or insanely rich or famous, you are not a target. The vast majority of people do not have real world enemies, and are not going to be a *specific* target of this type of crime.
For 98% of the population it suffices to use a different password for their bank than they do for online games. If the bank itself gets hacked, then you have a problem, but that's as much your fault as if the bank building gets robbed by masked men.
"PeterMelzer wrote:
Stuxnet had little impact on the Iranian nuclear program. Perhaps its worst consequence has been to divulge how to construct such worm.
More details about Stuxnet and sources can be found here:
http://brainmindinstrev.blogspot.com/2010/09/stuxnet-worm-windows-intern...
June 2, 2011 - 10:51 am"
The moment the Stuxnet story came out, Siemens undertook a huge advertising Campaign in the US, explaining about all the great stuff they produce.
I wouldn't put it past the German B_____s. Those systems don't run off the Internet, they are closed and all the CIA and the Jews lame explanations of Thumb Drives, Worms, etc, etc are the usual CIA and Jew B_l_s__t.
Monte Haun mchaun@hotmail.com
"Grady Lee Howard wrote:
Now if your nuclear plants and your sensitive manufacturing, and your cowardly murdering drones are hooked up to the Internet I have to assume this must be your fault. Because wouldn't that be like hooking your air pipe up to the car exhaust? Why would you do a thing like that?
June 2, 2011 - 7:37 am"
Want to hook up your air intake to your exhaust pipe? Use Windows Operating Systems to control your critical applications!!
Monte Haun mchaun@hotmail.com
While the Smart Grid has engaged with so-called "white hat" hackers, those with skills to find vulnerabilities without the baggage of illegal past behaviors, the SCADA/DCS industry has been extremely late to the security game. Changing "known-good" systems always adds a risk of outage/failure, so it is understandable that maintainers of critical infrastructure are hesitant to change things. However, the result has been lackluster action to address glaring security issues. While not always well-received, Joe Weiss has been attempting to gain attention to these issues through the Realtime ACS conference, targeted at critical-infrastructure industries and government. During this conference last year the representatives indicated limited to poor reception of security discussions within their organizations, due both to this reluctance to change as well as poor communication between engineers and upper management. While the engineers within these industries continue to attempt changes, the impacts have been thus far minimal.
Hopefully continued attention from government and industry will push the issue, as most lay-managers do not understand 90% of the security landscape, typically only grasping 10% of the attack-surface.
rici, I agree.
I've spent the last six plus years at the university level taking anything remotely related to Informational Security. The framework is horrible. Classes trend toward teaching a top-down approach where information security managers learn to use buzzwords like Disaster Recovery, Business Continuity, and other terms that really just demonstrate that the current security model of writing standards, policies, procedures, and guidelines to combat an attack. It seems like there is more of a focus on protecting an entity from litigation then there is an any real-time defense.
I think the entire security model needs to change in how it is taught. First, scrap the top-down approach. I like something that I termed a "meet-in-the-middle" approach. This involves joining the management capabilities of security professionals and the actual technical know-how of the systems analyst and administrator on an equal level. It amazes me how unqualified "security professionals" are when it comes to the technical details of network defense.
This show really didn't come close to even touching on what is being done and seemed to focus more on reporting and auditing. No way is a topic like this going to even come close to touching on the enormity of the cyber security problem in one hour.
I'm also in support of inviting an EFF spokesman the next time this topic is covered. My only hesitation is that the overall issue of security not be lost in the minutia of specific attacks or problems, much like a lot of these comments.
Grady,
There are elites. There have always been elites, and they will continue to exist. Yes, they exert a disproportionate amount of power and we live, suffer, and prosper to a certain extent as a result of the power they exert. However, hacking is a real threat. It's not just the government or large corporations that are being hacked. Small businesses and individuals (especially older citizens and the poor) are also being hacked. There are black hats and white hats in the cybersphere. They have the power (that is the key word) to wreak havoc on anyone they choose. That power and the willingness and ability to do what they do makes them another kind of elite group. We are at their mercy. If they decide that they want to destroy your credit history or deplete your bank account, they may be able to do so. In fact, they may feel justified in doing it for any reason they choose. This sense of entitlement, control, power, and dominance is the very definition of elitism. They get to choose who needs to be punished and who doesn't. It is a god-like perspective.
I'm not under any illusion that our government is altruistic or innocent, and I agree that corporations should not be considered super-citizens (or even people for that matter), but what gets lost in all of this is the little guy, the individual, the people we should be protecting. If a group crashes a bank site, a hospital power supply, or a 911 response system, we all suffer. If someone or a group of someone's crashes our power grid, is that not an act of war?
Marius: Consider the analogy of vulnerable tall structures.
Decentralized power production (grid alternative) would not be hackable.
Community level security (including a minimal floor of food, shelter and medical access) would attract no hacking.
A non- Imperial US would not generate or seek these confrontations.
A poor person has nothing left to lose, so why would they be targeted by anything other than an extractive corporation packaging debt?
You seem stuck in the present mindset.
If you could have anything what would you wish for?
The answers are all there embedded in your critique of my complaint against concentration of wealth, income and power.
Can the People not change the rules they never approved?
Somebody better tell Egypt.
monte: I have expanded on "this", but you were too lazy to read closely and consider.
montehaun: Thanks for your reconsideration and analysis of my arguments. I respect your dissent. What is this new thing about Jews? I have Jewish forebears, so am I in some way threatening or perverse? I wonder! Be more specific when critiquing Israeli policy and don't insult allies and innocents, Pulease!
rici: I'm sorry for your (job) loss. Thank you for your service. Your good deeds could not be allowed to go unpunished.
Grady,
I think that you are assuming that some how having less will in some way dissuade others from wanting the little you have. Anyone can be targeted for a perceived slight, or unwillingness to act. You mention imperialism. Lest take a country like Switzerland. They famously claim to be neutral. However, they should rightfully claim to be indifferent, since they capitalize on the misery of others through their banking system. If as a country (again, I'm not under the illusion that we as a country are innocents), we espouse freedom, but do not interfere in any conflict one way or another, do not engage in globalization (or the spread of hegemony through the movement), someone may still target us because they feel that we are week or that we are hypocrites for not getting involved in struggles for freedom.
You give the example of Egypt, but it is a false example. The people in Egypt did not accomplish what they did on their own. Without international involvement, they results would have been quite different. And as for Egypt, it connectivity (ironically) that help them coalesce as a movement.The very thing you argue against (connectivity) is what helped the people of Egypt in their struggle. Indeed, it is helping all of the people in that region.
Marius: Objecting to large scale collusion and the concentration of power, wealth and income is antethical to opposing discursive connectivity. Yes, I have an apartment and a bank account in Switzerland, which is no worse than having the same in Charlotte, NC- where a BofA simpleton will rush around like a sewer rat helping those with extra cash offshore it.
I'm not explaining further because if you were sharp you'd know we mostly agree except that you can't let go of the jackpot dream. When both players have their hands firmly on the basketball the ref should call for a jump. But honey, your feets is out of bounds.
Lockheed, Play Station, and HBGary? Diane you got took.
For your guest to work in HBGary as just another company hacked into is disingenuous without mentioning that HBGary specializes in hacking into Americans. She made you into a shill for HBGary, girl. You going to let her get away with that?
--------
http://www.informationweek.com/news/security/client/229219056?cid=RSSfee...
Air Force Seeks Fake Online Social Media Identities
The military has issued a request for bids on software to let it spread messages and make online friends using non-existent identities on social media sites.
By Alison Diana InformationWeek
February 22, 2011 01:56 PM
The United States Air Force is taking an unusual approach to cyber-security with a request for bids for "Persona Management Software," which would let someone command an online unit of non-existent identities on social media sites. The move became a major topic last week following the release of emails from private security firm HBGary, which were disclosed after an attack by Wikileaks competitor and collaborator Cryptome.org.
According to Solicitation Number: RTB220610 , the armed services division sought a software program that could manage 10 personas per user, including background; history; supporting details, and cyber presences that are " technically, culturally and geographacilly [sic] consistent. Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user's situational awareness by displaying real-time local information."
MORE
http://www.informationweek.com/news/security/client/229219056?cid=RSSfee...
Grady, just asking you to flesh out "gun control". Plain spoken you are not. In my opinion one can only pretend to know your destination of thought.
I think basically Grady just likes to use big words and insult people. Thats' his/ her thing.
This is what makes a female attain out for these shoes once again and again. On the other hand the christian louboutin boots allows bringing out the strange in you. I promised the world's cutest oakley oil rig, christian louboutin sweetest wedding and I'm right here to liberate. Sending to us by Jen Curtis oakley sunglass outlet, this wedding offers me butterflies having a bride that is ALL panache and a comb that could possibly be the most adorable groom on the offer with in the world.
The most recent update: