Sunday, January 27, 2008

The virtual battleground

The President has signed a directive, exact contents still unknown, to authorize NSA to monitor the Internet against cyber-intrusion. The Washington Post reports:

President Bush signed a directive this month that expands the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems.

The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies -- including ones they have not previously monitored.

Published reports suggest the directive is merely an assignment of responsibility to the NSA to take the lead in this area. "Until now, the government's efforts to protect itself from cyber-attacks -- which run the gamut from hackers to organized crime to foreign governments trying to steal sensitive data -- have been piecemeal."



But the $64,000 question is whether the directive is the opening shot in attempts to expand the scope of Internet surveillance as well. The backdrop of the classified directive is a much wider policy debate over the extent to which information defenses should be erected around America. The Wapo story continues:

The initiative foreshadows a policy debate over the proper role for government as the Internet becomes more dangerous. Supporters of cyber-security measures say the initiative falls short because it doesn't include the private sector -- power plants, refineries, banks -- where analysts say 90 percent of the threat exists.

This debate first hit the public when Director of National Intelligence Mike McConnell told the New Yorker that America was under constant and growing cyber-attack. Tom Donahue of the CIA then alleged hackers had already penetrated a number of power systems outside the U.S., and Alan Paller of the SANS Institute, a crisis-center organization for hacked companies, claimed "hundreds of millions of dollars had been extorted" from online gambling sites, e-commerce sites and banks.

In the face of such a threat, McConnell wanted a broad power to monitor Internet activity in order to defend American information networks. Not everyone was willing to accept this grim assessment. Bruce Schneier, a well known expert in cryptography and information security, thought Donahue's and Paller's narrative was full of "rumor" and "hyperbole". There were threats, no doubt, but Schneier wanted "a little bit more information" before deciding whether the surveillance powers McConnell demanded were justified by the severity of the intrusions.

Expect this issue to come to the forefront of the debate as the broader cyber-security plan is presented to the public.

Update

The idea of cyberwarfare has become mainstream. Why it's even on the news. A group called Anonymous is threatening its enemies. Beware.




Did you like "Alien Versus Predator"? How about Anonymous versus Scientology? And how long before we see the Internet Haganah Versus the CyberJihad? Oops. That match has been running for a long time. And ... just in. Denial of service attacks on Scientology sites are being reported ...

What are the odds the hue and cry over the danger of Internet threats and Anonymous are unrelated? I considered the question and concluded that I just don't know. The dangers of cyberwarfare are objectively serious, but how serious? We now live in a time when memetic warfare -- creating ideas which have physical effects -- is no longer a figure of speech. In the beginning was the idea. And the idea took shape.

21 Comments:

Blogger Stephen Renico said...

First of all, I am not computer-savvy.

That being said, I often wonder why the government relies so heavily on the internet. I just read a story yesterday about hackers gaining access to power stations and causing blackouts in cities. My first reaction was "Why in the world are power plant controls accessible online?"

Same goes for CIA and Pentagon information.

Couldn't the government rely on some kind of intranet which would be harder to hack, first by requiring physical access to one of the terminals?

1/27/2008 03:48:00 AM  
Blogger Doug said...

Steve,
Mr. Obama, in an upcoming (and uplifting) speech, will pledge to bring real change to govt IT Infrastructure, so your concerns will be addressed soon after he takes office.

1/27/2008 05:48:00 AM  
Blogger DoubleTapper said...

Ahhhh! Now I understand why there are so many readers from Langley,VA reading my blog.

1/27/2008 05:54:00 AM  
Blogger Wretchard said...

stephen,

As long as there's a way into a network, however it may be routed, anyone who can present the proper authentication can enter it. Many physical installations are controlled by a SCADA systems. Think of a mine, for example, with pumps and stuff spread out over a large area, being controlled from central control room, controlled by a SCADA system. Then imagine a head office in a city far from the mine site which wants to know how the operation is going. Or imagine that you want to be able to troubleshoot a remote factory by giving a consultant or manufacturer's rep access to the SCADA system. Allowing a rout into the sysem would theoretically open the SCADA system to unauthorized access.

One could of course, implement an "air gap" where the industrial control software or classified system is physically disconnected from any outside electronic access.

1/27/2008 06:01:00 AM  
Blogger Wretchard said...

It would be a mistake to think of cyberwarfare exclusively in terms of America versus (fill in any other country). It's a conflict which features many parties against other parties. It's about copywright enforcers versus the pirates. Businesses versus criminals. Criminals versus law enforcement. Parents versus porn sites. Etc.

It has a domestic component and and international one. And it features a continuous arms race between the combatants. Encryption. Architecture. Things we haven't even thought of yet. Computer attacks by Russia on Estonia are only the obvious threats. But identity theft, the subversion of bank trading systems ... why the list is endless.

We entered the online world thinking it was a cave of wonders, only to realize it is also a pit of vipers at one and the same time. Now come the politicians to offer us safety. Give us the power to conduct universal surveillance. Etc. And we will save you from your own thoughts. Well the rebels are going to fight back, with funny routers, encryption, P2P, etc. It's only just begun.

By and by, we are going to long wistfully for the world of bricks and mortar. But it's too late. Ideas, concepts, good and evil are more tangible things than we imagined. Who said you couldn't conjure with spirits? Horror movie rule number one is never to read from a book which says it will bring up things from another dimension, even as a joke.

1/27/2008 06:42:00 AM  
Blogger Cannoneer No. 4 said...

from JP 3-13

Computer Network Operations.
Comprised of computer network attack, computer network defense, and related computer network exploitation enabling operations. Also called CNO.

computer network attack. Actions taken through the use of computer networks to disrupt,deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. Also called CNA.

computer network defense. Actions taken through the use of computer networks to protect, monitor, analyze, detect and respond to unauthorized activity within Department of Defense information systems and computer networks. Also called CND.

computer network exploitation.
Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks. Also called CNE.

Civilian Irregular Information Operators can do this. Even the digitally challenged assist in implementing
Restrictive Measures.

1/27/2008 07:31:00 AM  
Blogger Cannoneer No. 4 said...

Personal Memo From Rusty to the Taliban

1/27/2008 07:38:00 AM  
Blogger rkb said...

Stephen, there is a classified network (SIPRNET) and a special net for the intelligence community. However, these are quite expensive to build and maintain because to be truly separate you in essence have to duplicate a lot of the infrastructure that carries signals (fiber optic backbones, satellites for radio-based hops etc.) The military can do that on the battlefield, but justifying the expense is not easy for less immediately critical missions. Plus, once you invest in such equipment it's expensive to upgrade for new technologies and to increase bandwidth.

There are ways to encrypt and pass signals along the open internet but they do have both costs and vulnerabilities.

Re: power plants, remember that these are private or semi-private entities, not government agencies. Google 'I3PC' to read about a government-industry consortium that is working hard on issues regarding power infrastructure vulnerabilities and protection.

1/27/2008 08:14:00 AM  
Blogger rkb said...

BTW, as my previous comment demonstrates, Bush was quite correct in his much scorned reference to "internets" (plural).

1/27/2008 08:16:00 AM  
Blogger jmatt said...

>>> "whether the directive is the opening shot in attempts to expand the scope of Internet surveillance as well"

If you don't know the answer to the question to be undeniably "yes", then everything that comes after it is tinfoil hat delusion.

The author chose the word "monitor" because it is ambiguous and provocative. If he had said that the government was taking steps to "secure" its information systems, everyone would agree that this is desirable.

But then it wouldn't promote the agenda of bashing "the unpopular Bush presidency".

1/27/2008 09:25:00 AM  
Blogger Peter Grynch said...

The REAL problem is the lack of punishment when the culprits are caught. Everybody has heard stories of hackers who cause billions of dollars worth of damage and are "punished" with a thousand dollar fine.

A lady who spills her coffee in her own lap can sue McDonalds for a quarter-of-a-million dollars, but malicious hackers can attack America with impunity.

1/27/2008 09:34:00 AM  
Blogger David said...

"Why in the world are power plant controls accessible online?"

Two reasons: cost and reliability. The alternative to remote access is sending someone out to monitor sensors, make adjustments, etc. This could take hours under normal circumstances, or days in the event of a major storm or other emergency. The cost of eliminating remote access would be reduced reliability, which consumers would not put up with.

1/27/2008 09:55:00 AM  
Blogger Jerub-Baal said...

Well, this may just be CYA to legitimize all the time the desk-flyers at Langley are spending reading "the Daily Kos."

1/27/2008 11:09:00 AM  
Blogger Zenster said...

Peter Grynch: The REAL problem is the lack of punishment when the culprits are caught. Everybody has heard stories of hackers who cause billions of dollars worth of damage and are "punished" with a thousand dollar fine.

The German punk who unleashed the Sasser worm got 18 months probation and 30 hours of community service after damaging millions of computers.

Far more evil is how security software companies are allowed to hire these slimeballs. It represents a stunning conflict of interest to reward these scumbags with high paying jobs after they have caused total havoc in the cyber-world.

Conviction for writing and releasing malicious code should carry with it the potential for a lifetime ban from employment in the computer industry and even a lifetime ban from the Internet itself. Currently, the market incentivizes these little turds to gain their "creds" by writing this malware.

An Apple employee slyly pointed out to me how it was only after big security software houses came into being that malware really became prevalent.

Hackers and malware coders need to slapped down hard. Unfortunately, the vast majority of our politicians do not have even a remote concept of how computers work. Von Neuman architecture, parallel busses and random access memory might as well be brain surgery to athe vast majority of them. We'll have the same luck expecting them to properly address malware coders as deporting illegal aliens.

1/27/2008 11:48:00 AM  
Blogger ledger said...

It seems that Supervisory Control and Data Acquisition is using some fairly old protocols. That could lead to someone figuring out how to manipulate those protocols and cause a lot of trouble.


I notice when I go the encyclopediadramatica.com site I eventually get redirected to another site with smiley faces all over the page. This can be seen with task manager open then go to the encyclopediadramatica.com site and watch it redirect to another site.

See Anonymous

or
http://www.encyclopediadramatica.com/Anonymous


The for 4chan link supposedly interviews Anonymous – but again your are redirected.


See:4chan

or
http://www.encyclopediadramatica.com/4chan

Some of the other links in the encyclopediadramatica.com site indicate they know who he is and have some sort of document (passport?) showing a British citizen.

See Powerword

or
http://www.encyclopediadramatica.com/Powerword

See EBaum

or

http://www.encyclopediadramatica.com/EBaum

1/27/2008 02:15:00 PM  
Blogger Elijah said...

This comment has been removed by the author.

1/27/2008 06:42:00 PM  
Blogger Stephen Renico said...

Thanks for the explanation from all of you who answered me directly.

It's a shame that so many vital areas of our government and economy are so dependent on a network which is so vulnerable.

1/27/2008 06:56:00 PM  
Blogger Mad Fiddler said...

For those like who me failed to understand the reference, SCADA is an acronym --- Supervisory Control and Data Acquisition

1/27/2008 08:54:00 PM  
Blogger Doug said...

Elijah's link above:
In Athena’s Camp
Preparing for Conflict in the Information Age


And for Tony!

How technology's accelerating power will transform us
(Ray Kurzweil)

Ray Kurzweil is an engineer who has radically advanced the fields of speech, text, and audio... Read full bio »

1/27/2008 09:14:00 PM  
Blogger Doug said...

ht- Mat

1/27/2008 09:16:00 PM  
Blogger submandave said...

jmatt: ditto. This directive is something that should have happened a long time ago. Since their inception, government networks and their users have been subject to monitoring, all this directive does is say "hey, why don't we let someone who knows what they're looking for actually do the monitoring." If anything, having the NSA monitor government networks enhances the individual user's privacy. After all, who cares more about how much time you spend surfing, your boss or some anonymous spook at Ft. Meade looking for malicious intrusion?

1/28/2008 11:04:00 AM  

Post a Comment

Links to this post:

Create a Link

<< Home


Powered by Blogger