January 27, 2008
The internet arms race has begun. On January 8, the Washington Post reports, George Bush signed a far-reaching executive order expanding the power of federal law enforcement and spy agencies to combat Internet attacks on government computer systems using both defensive and offensive measures:
The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies - including ones they have not previously monitored.
Until now, the government's efforts to protect itself from cyber-attacks - which run the gamut from hackers to organized crime to foreign governments trying to steal sensitive data - have been piecemeal. Under the new initiative, a task force headed by the Office of the Director of National Intelligence (ODNI) will coordinate efforts to identify the source of cyber-attacks against government computer systems. As part of that effort, the Department of Homeland Security will work to protect the systems and the Pentagon will devise strategies for counterattacks against the intruders ...
The directive outlines measures collectively referred to as the "cyber initiative," aimed at securing the government's computer systems against attacks by foreign adversaries and other intruders. It will cost billions of dollars, which the White House is expected to request in its fiscal 2009 budget.
The move is a controversial one. It signals an expanded, formal role in domestic online surveillance for the NSA, whose legendary electronic snooping capabilities have traditionally been focused on foreign communications and networks. "Agencies designed to gather intelligence on foreign entities should not be in charge of monitoring our computer systems here at home," Democratic Representative Bennie Thompson told the Post. Said James X. Dempsey of the Center for Democracy and Technology: "We're concerned that the NSA is claiming such a large role over the security of unclassified systems. They are a spy agency as well as a communications security agency. They operate in total secrecy. That's not necessary and not the most effective way to protect unclassified systems."
But others argue that the directive needs to go further to encompass commercial systems as well as governmental ones. They argue that businesses are increasingly the focus of cyberattacks and need federal protection. Says one security expert: "If you don't include industry in the mix, you're keeping one of your eyes closed because the hacking techniques are likely the same across government and commercial organizations. If you're looking for needles in the haystack, you need as much data as you can get because these are really tiny needles, and bad guys are trying to hide the needles."
The hardliners could point to a CIA warning earlier this month that Internet hackers have broken into "multiple" computer systems of utilities overseas, causing at least one major power outage. (Bruce Schneier questions the report of utility attacks, but also notes that "cyber-extortion" attacks on industry are in general on the rise.)
Given the Net's growing importance as a commercial and governmental infrastructure, it seems inevitable that we're in for a long-term Internet arms race, a cat-and-mouse cloudwar in which governments continually upgrade their Internet data-mining and attack capabilities and, at the same time, outlaw organizations seek ever more sophisticated ways to make money or wreak havoc. Although traditional national infrastructures, such as highway systems and electric grids, have served both personal and commercial interests and represented rich military targets, the Net goes much further in blending a wide range of governmental, commercial, and personal uses. Surveillance systems designed for military or national-defense purposes would thus be indistinguishable from, and easily repurposed as, systems for domestic snooping and monitoring.
One thing seems certain: We'll never really know what's going on.
There was a similar program at the Pentagon prior to 2001 which was covertly canceled in the embarrassment after the attacks on 911 when it becomes painfully obvious that physical security was more important. Aside from the privacy issue, this seem dangerous because its regressing back to the pre-911 attitude that electronic spying gives you a heads up on what's going on in the real world.
Its easier sit at a computer looking at dumps of network traffic than doing physical surveillance, setting up informants and etc. 911 showed how wrong that attitude was. Besides catching the "script kiddies" in Latvia or playing spy-vs.-spy with Chinese "honey pots", does this initiative really mean that they are going to catch the REALLY bad guys? Al-Qaeda operatives (most of them were trained in US universities under various visa programs) aren't stupid enough to use email, chat rooms or unencrypted cell phones, so evil people like that are probably not going to get caught by this program.
If you are ever sitting in your office, hear an explosion and see flames coming up the floor toward you, run to the window and just before you jump out into nothing, utter a prayer of thanks to George Bush and his spooks who are at that moment sipping coffee, eating donuts and pinching the secretary’s butt in some cozy office in Washington state. Your tax dollars at work!
Posted by: Linuxguru1968 at January 27, 2008 11:30 AM
“Surveillance systems designed for military or national-defense purposes would thus be indistinguishable from, and easily re-purposed as, systems for domestic snooping and monitoring,” and they already are!
There is complete mistrust of the government and big business due to their greed and mismanagement. “One thing seems certain: We'll never really know what's going on,” but we do and therein lays the problem!
The vast majority of ordinary people have little confidence in those who are in positions of power. Any surveillance or collection of data will, at some point, be used for the consolidation of such power! What more does one need to know?
"Agencies designed to gather intelligence on foreign entities should not be in charge of monitoring our computer systems here at home," Democratic Representative Bennie Thompson told the Post."
- New Watergates
- Additional Insiders (in NSA - possibility to make money on unknown government desisions)
- New internal power center (in NSA)
One more reason for foreigners to admire US:
"The Pentagon can plan attacks on adversaries' networks if, for example, the NSA determines that a particular server in a foreign country needs to be taken down to disrupt an attack on an information system critical to the U.S. government. That could include responding to an attack against a private-sector network, such as the telecom industry's, sources said."
Mistakes are impossible in the Office of the Director of National Intelligence - exepting Iraq, of course.
"You have zero privacy anyway. Get over it."
-- Scott McNealy CEO Sun Microsystems 1999
Posted by: Linuxguru1968 at January 29, 2008 10:25 AM
Third undersea cable reportedly cut between Sri Lanka, Suez
"It's ship anchoring," said the Flag official.
Posted by: takomabibelot at February 2, 2008 01:01 PM
Post a comment
Thanks for signing in, . Now you can comment. (sign out)(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)
"Riveting" -San Francisco Chronicle
"Rewarding" -Financial Times
"Ominously prescient" -Kirkus Reviews
"Riveting stuff" -New York Post