Announcement

Collapse
No announcement yet.

Wanna Cyber?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wanna Cyber?

    Every time I hear news about some sort of "cyber" initiative, all I can think of is the countless requests from back in the day on a wildcat bbs with people asking that question. It calls up images of surly and less than sanitary individuals wanting to fantasize about being something greater and sexier than they are. Which, of course, is exactly what the term symbolizes with most things in the news now.

    While I have concerns about how we handle security, I have greater concerns about the sensationalist method of delivery. The idea of a new czar for cybersecurity worries me, because I worry they will fall prey to the sensationalists over reality. I would hate for someone in government to come running through the halls shouting to shut off the tubes because we're under attack from thousands of sasser terrorists.

    Why isn't there a grain of salt czar to come in and smack someone the moment they say I "In a post 9/11 world" when trying to justify an absolute rape of our rights? Or when someone starts telling people how other countries are just hacking us left and right, when they may mean "We saw a bunch of port scans today in between reading xkcd comics". Again, not saying these things never happen, but to overdo this only ends up desensitizing the intended audience so when there is a real event to get spun up on, they yawn and go back to playing solitaire.

    What do you think? Is there hope for a pragmatic individual to fill this post who refrains from promoting the rape of rights?

    *I haven't read the 40-page document to be released yet, but plan to. Hopefully it doesn't mention 9/11.
    ----------------------------------------
    Fraternal Order of Locksport

  • #2
    Re: Wanna Cyber?

    I do agree with you. I believe this position will be used to sensationalistic 'initiatives' to strike fear into the common 'netizen'. So far every single report that I've read about in alleged attacks from overseas have been overblown and far from the truth as to what happened.

    Most actual attacks that I've researched have come from someone on the inside with intimate knowledge of the network that was being attacked. I think the most recent report of Chinese hax0rs in the grid were mostly common malware infections on office computers. I do not believe there was any evidence that the actual grid was in trouble.

    I'm not saying that there isn't a danger, but I do not like the idea what I see is coming. A 'cyberczar' that will apparently have the power to shut down the tubes based upon some undefined and over reported threat to our safety.

    What about utilities that are actually using the tubes to maintain C&C of their facilities? If the tubes get shutdown because of some perceived threat, those utilities would lose access to their C&C. What about all those thousands of Tech's out there that work for utilities that rely upon VPN connections to work from where ever they are, again they'd lose that ability because the government thinks there's a threat. The last thing anyone needs if there's an attack is the inability to get access to their systems from wherever they are and attempt to stop the attack.

    Unfortunately the unwashed masses see shows like 24, and think that's the reality, that the FBI somehow has access to every single facility in the country and could some how do what was done in the early episodes of this past season.

    This position is bad news, it will only add to more government bloat and bureaucracy and it won't accomplish anything other than waste money. Plus, in case you missed it, part of the government's plan in regards to this new department is to require anyone that works for a utility to have some kind of government certification. If that doesn't scare you, nothing will.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

    Comment


    • #3
      Re: Wanna Cyber?

      http://www.whitehouse.gov/CyberReview/

      The 60-day cyberspace policy review (PDF):
      http://www.whitehouse.gov/asset.aspx?AssetId=1732

      Papers they used in the review:
      http://www.whitehouse.gov/cyberreview/documents/
      Last edited by HighWiz; May 29, 2009, 09:29. Reason: Time specific
      And I heard a voice in the midst of the four beasts, And I looked and behold: a pale horse. And his name, that sat on him, was Death. And Hell followed with him.

      Comment


      • #4
        Re: Wanna Cyber?

        Originally posted by HighWiz View Post
        Thanks for posting, I caught the last part of the speech.

        http://www.youtube.com/watch?v=hoqY_oWRQ0A
        Holy crap what a bunch of open-ended talking headism. I know, you can't have executives always know what they are talking about, but this is like taking a trip to blanket statement land.


        I'm reading the 60-day review now.

        From whitehouse.gov:
        "During the review we engaged in more than 40 meetings and received and read more than 100 papers that informed our recommendations."

        Well, thank the stars. That must make everyone involved an expert.

        When I hear the idea of partnering, all I can think of is that large monolithic companies will be asked while innovative and agile groups will be ignored. Maybe I'm a little jaded on the whole thing, but partnerships often mean ganging up to talk louder than the voice of reason.
        Last edited by valanx; May 29, 2009, 09:51. Reason: redundant link removed
        ----------------------------------------
        Fraternal Order of Locksport

        Comment


        • #5
          Re: Wanna Cyber?

          well this thread was not at all what I expected...

          *pulls pants back up*
          Network Jesus died for your SYN

          Comment


          • #6
            Re: Wanna Cyber?

            Well (1) They didn't use the term "Czar" - the concept of a coordinator is much better than a dictator. Think of this position as that of senate whip trying to get everyone on the same page and it makes more sense than that of an all knowing network ninja. (2) This office is as close to the president as possible without being a senate approved cabinet level position. That shows more commitment than in the past.
            PGP Key: https://defcon.org/html/links/dtangent.html

            Comment


            • #7
              Re: Wanna Cyber?

              Originally posted by Dark Tangent View Post
              Well (1) They didn't use the term "Czar" - the concept of a coordinator is much better than a dictator. Think of this position as that of senate whip trying to get everyone on the same page and it makes more sense than that of an all knowing network ninja. (2) This office is as close to the president as possible without being a senate approved cabinet level position. That shows more commitment than in the past.
              And like you I'm happy they didn't use the term. Considering the thread started before the speech I can't go back and edit what everyone else was calling the position prior. I don't expect a high level official to be a technical expert. I expect them to listen to the technical experts and balance that with all of the other factors those experts are not privy to and make the right decision.

              I'll reserve opinion on the level of commitment until I see something happen. Hope is good, blind faith is something else.
              ----------------------------------------
              Fraternal Order of Locksport

              Comment


              • #8
                Re: Wanna Cyber?

                Originally posted by valanx View Post
                And like you I'm happy they didn't use the term. Considering the thread started before the speech I can't go back and edit what everyone else was calling the position prior. I don't expect a high level official to be a technical expert. I expect them to listen to the technical experts and balance that with all of the other factors those experts are not privy to and make the right decision.

                I'll reserve opinion on the level of commitment until I see something happen. Hope is good, blind faith is something else.
                Hmm.. I heard that the person was to be announced as well today, but it didn't happen yet.. maybe Monday?
                PGP Key: https://defcon.org/html/links/dtangent.html

                Comment


                • #9
                  Re: Wanna Cyber?

                  they are waiting for you to hurry up and return their calls already
                  ----------------------------------------
                  Fraternal Order of Locksport

                  Comment


                  • #10
                    Re: Wanna Cyber?

                    Originally posted by Dark Tangent View Post
                    (2) This office is as close to the president as possible without being a senate approved cabinet level position. That shows more commitment than in the past.
                    This is exactly the problem. People that aren't subject to Senate confirmation typically don't get any authority to "do" anything. They may not be calling it a "czar" but that's pretty much what it is going to end up being.
                    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                    Comment


                    • #11
                      Re: Wanna Cyber?

                      Originally posted by theprez98 View Post
                      This is exactly the problem. People that aren't subject to Senate confirmation typically don't get any authority to "do" anything. They may not be calling it a "czar" but that's pretty much what it is going to end up being.
                      I don't think that's true at all. Take, for example, the Director of the NSA:

                      http://en.wikipedia.org/wiki/Directo...ecurity_Agency

                      According to Section 201 of Title 10, the Director of the NSA/CSS is recommended by the U.S. Secretary of Defense and approved by the President of the United States.
                      That said, more specifics would be nice but I'm certainly not opposed to the Obama Administration taking action on this front. When I see things like data.gov I think it's nice to see people running this country with a certain degree of "cyber-savvy" (lulz)
                      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
                      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
                      [ redacted ]

                      Comment


                      • #12
                        Re: Wanna Cyber?

                        Originally posted by bascule View Post
                        I don't think that's true at all. Take, for example, the Director of the NSA:

                        http://en.wikipedia.org/wiki/Directo...ecurity_Agency



                        That said, more specifics would be nice but I'm certainly not opposed to the Obama Administration taking action on this front. When I see things like data.gov I think it's nice to see people running this country with a certain degree of "cyber-savvy" (lulz)
                        Ok, let me clarify. I am generally talking about positions that are created for specific missions (like "drug czar"), or "special advisors" to the President that don't get approved. Also, I did use the qualifier "typically" which in my case, I meant that many such positions meet my definition of "no authority" but not necessarily all of them. Further, DIRNSA is by statute a military job, when I'm thinking more about civilian posts.

                        As for cyber-savviness, I am not impressed. To me everything has been "show" without the details to back it up...but I will avoid the slippery slope of politics.
                        "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                        Comment


                        • #13
                          Re: Wanna Cyber?

                          Originally posted by theprez98 View Post
                          As for cyber-savviness, I am not impressed. To me everything has been "show" without the details to back it up...but I will avoid the slippery slope of politics.
                          But.. but.. they have the twitters! They MUST be experts!!


                          I have concerns over what I have seen so far, and it looks like a lot of talk. Sure someone has to run the show and coordinate, but if everyone is just talking then nothing is actually getting done. Putting out a false sense of security is worse than no security- Much like spreading a bunch of cyber boogey man tales is a poor direction to head.
                          ----------------------------------------
                          Fraternal Order of Locksport

                          Comment


                          • #14
                            Re: Wanna Cyber?

                            A cybersecurity quiz: Can you tell Obama from Bush?

                            Originally posted by CNet News
                            A cybersecurity quiz: Can you tell Obama from Bush?

                            By Declan McCullagh
                            Politics and Law
                            CNET News
                            May 29, 2009

                            The U.S. president has announced a comprehensive cybersecurity strategy for the federal government, saying Internet-based threats have risen "dramatically" and the country "must act to reduce our vulnerabilities."

                            A 76-page White House document calls for a new way of looking at Internet and computer security, saying that private-public partnerships are necessary, collaboration with international organizations will be vital, and privacy and civil liberties must be respected in the process.

                            Sound familiar? The year was 2003, and the president was George W. Bush, who wrote the introduction to what he called a "National Strategy to Secure Cyberspace."

                            On Friday, President Obama announced his 76-page "Cyberspace Policy Review"--with precisely the same number of pages as his predecessor's--at an event at the White House.

                            While the Bush document discusses centralizing cybersecurity responsibilities in the Department of Homeland Security and the Obama document shifts them to the White House, the two reports are remarkably similar. Perhaps this should be no surprise: Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an Bush-era "Cyber Task Force,"
                            to conduct the review.

                            To test your political acumen, we've taken excerpts from both and placed them side by side in the following chart. Can you tell which quotations come from which administration? (An answer key is at the end.)
                            ...
                            http://news.cnet.com/8301-13578_3-10252263-38.html
                            Thorn
                            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                            Comment


                            • #15
                              Re: Wanna Cyber?

                              Originally posted by Thorn View Post
                              A cybersecurity quiz: Can you tell Obama from Bush?



                              http://news.cnet.com/8301-13578_3-10252263-38.html
                              You beat me to the punch (maybe you got your email before I did!)--this is along the points that I was trying to make about window dressing.
                              "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                              Comment

                              Working...
                              X