Bush’s Secret Cyber Initiative
I’m actually fairly sympathetic to the notion that we need to get much better at defending our network infrastructure against attacks. I’m fairly supportive of the notion that one agency within the government should take the lead on the project.
But the news that Bush has assigned that role secretly…
President Bush signed a directive this month that expands the intelligence community’s role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies’ computer systems.
The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies — including ones they have not previously monitored.
Until now, the government’s efforts to protect itself from cyber-attacks — which run the gamut from hackers to organized crime to foreign governments trying to steal sensitive data — have been piecemeal. Under the new initiative, a task force headed by the Office of the Director of National Intelligence (ODNI) will coordinate efforts to identify the source of cyber-attacks against government computer systems. As part of that effort, the Department of Homeland Security will work to protect the systems and the Pentagon will devise strategies for counterattacks against the intruders.
And the news that cyber-defense still focuses exclusively on government networks…
Supporters of cyber-security measures say the initiative falls short because it doesn’t include the private sector — power plants, refineries, banks — where analysts say 90 percent of the threat exists.
"If you don’t include industry in the mix, you’re keeping one of your eyes closed because the hacking techniques are likely the same across government and commercial organizations," said Alan Paller, research director at the SANS Institute, a Bethesda-based cyber-security group that assists companies that face attacks. "If you’re looking for needles in the haystack, you need as much data as you can get because these are really tiny needles, and bad guys are trying to hide the needles."
…Doesn’t give me a whole lot of confidence that this is being done right.
Though I will say this. The news that Michael Chertoff’s badly managed and contractor dominated Department of Homeland Security is no longer slotted to take the lead on this is one bit of good news.
A proposal last year by the White House Homeland Security Council to put the Department of Homeland Security in charge of the initiative was resisted by national security agencies on the grounds that the department, established in 2003, lacked the necessary expertise and authority. The tug-of-war lasted weeks and was resolved only recently, several sources said.
Hi EW! request for background. Is the HSA forever or forever in the form that it is? Legally, we have created and spun off new departments. Can we disperse this one? I ask because it seems the problem is as much in the bureaucracy as in its head.
Well, Bush has made some changes, such as putting FEMA back in charge of disasters.
We shall see. Chertoff has tried to turn all of his political appointees into non-politicals, to ensure they’ll stick around after he leaves. That’s very disturbing, particularly since DHS has the highest rate of revolving door turnover going.
Chertoff seems to have succeeded in setting up another source of crony cash. But he apparently hasn’t set up a department that attends to homeland security.
And Merk @ 4. Sounds like ripe pickings for returning agencies to their previous autonomy, leaving the fake non-politicals with a real desire to go elsewhere. I guess that there will be or should be some kind of rats leaving the ship throughout the exec. branch.
Am I too optimistic in seeing the smarter rats with the dirtiest nests leaving often and early, as there will be only so much space on K street in lobbying shops once they face the reality of a real Democratic majority?
They are probably reorganizing for the opposition role with a democratic
administration… how many more Kagans can the system keep up? Joe Coors
and pals will fund another think tank war for our distraction and put it
on our tab via 501c3 and 527 cutouts. There will be some stay behind rats
left in the system like Linda Tripp, too stupid for the private sector
and more useful in place. Hell, cleaning house could be fun this time.
But the
Goodbadlings are all non-political with protection from firing. Incompetence and a bad law degree are not fireable offenses. So how do you imagine this house cleaning happening. And which candidate is promising to do such or if the subject is taboo has the people around them with the muscle and mind to do it. This is a concern that all candidatologists or candidarisans particularly on this site share. We should be able to discuss this calmly and civilly.It is not a happy process, but demonstrable disloyalty and political
activity can earn a performance review problem or transfer to less
sensitive duty assignment. I have seen this up close in a municipal
situation and it can be done, is done every day… there are plenty
of Democrats that have lost their “safe” jobs in the last 7 years by
reassignment, performance review, or retraining issues. I do not advocate
something on the level of the USA purge tactics, but reassignment works
and is legal.
I think there are ways to get rid of bureaucrats. Think Office Space.
This is why for me the most important question in this election is which candidate is most likely to root out the ideologue maggots the spawn of satan is burying all over the bureaucracy.
Yep, the Bushies are really good at handling cyber info:
http://blog.wired.com/defense/…..hingt.html
DHS is really a front organization to keep any dissent from the agencies
it coordinates coming into the open. Chertoff’s job is political CYA,
not technical intelligence or any other, firewall for executive hijinks.
Marcy touched on parts of this program already here:
http://thenexthurrah.typepad.c…..over-.html
I did so also in one of my scandals list entries:
I intend to add the following to it:
Curiously, when I try to link to the September 20, 2007 article by Siobhan Gorman in the Baltimore Sun, I get that it is no longer available but in their archive. When I try to search the archive, it doesn’t appear.
Winston Smith at work.
The problem is that if you succeed in protecting, really protecting, the infrastructure, you can’t easily spy on anyone. That is because protection requires secure communications, such as not allowing plain text login, etc. And that is because breaking into a computer only requires attacking the weakest link, not hacking into the super-paranoid account.
But I have to agree that it is good news that Homeland Security isn’t in the lead. It seems we have agencies which can’t deal with technology very well, such as the FBI. Imagine if the FBI were involved! But having DHS involved in any way is very bad. This is more of a Manhattan project type operation, and secrecy is probably good if it keeps contractors and politicians out of the mix, but eventually, you can’t rely on secrecy for the external defenses on non-government networks.
TomJ (or anyone else)
What do you think of the effort to reduce the number of portals?
I understand the idea of cutting down the number of doors you need to remember to lock, but if you’ve got fewer, doesn’t any eventual access give you much greater access overall?
What is all this hand wringing about secrecy. When you are combating evil, you don’t tell them how you are going to do it.
I hate it when the police use a clever strategy to find or catch the crook, and then the stratagem is broadcast over the evening news so that the next crook won’t get caught by the same method.
Yes, why can’t we do it the old fashioned way where you take them out in the night and just shoot them. Problem solved!
So you don’t like law enforcement.
Ok, we will take your house off the grid, off the 911 list, and not run the patrol cars up your streets. We wouldn’t want to infringe on any crooks night time activities.
Then using the example given by melior at #18, we will publish this (open source) so everyone knows about it.
Yep hand wringing and caterwalling are your two bugaboos.
Agree that cybersecurity is a problem.
I’d prefer to see Congress fund those 1200 FBI fraud agents, for a start.
No one will ever convince me the Big Shitpile could conceivably have occurred if there had been more FBI fraud and cybersecurity investigators. There’s simply too much money to be made in mortgages, and the WH and Congress completely dropped the ball.
When you are combating evil, you don’t tell them how you are going to do it.
This maxim is often false when applied to information security.
As just one example, open source cryptographic algorithms that have been published, analyzed, and strengthened in the sunlight do a far better job of ensuring security than the alternative, known as ”security through obscurity”.
What I like is the rule of law, the Constitution, due process, probable cause, and equal protection, things that people who think and speak in strawmen never seem able to wrap their itsy bitsy minds around.