Pentagon: If You Don't Let The US Gov't Spy On Your Network, You Place American Lives At Risk
from the moral-panics? dept
The whole “cyberterorrism” fear mongering is being taken to even more extreme levels. At the Strategic Command Cyber Symposium, William Lynn III, the deputy defense secretary apparently told the audience that companies who operate critical infrastructure need to let the US install monitoring equipment or it puts everyone at risk. The NSA has apparently developed a monitoring system called Einstein (I wonder if they paid the license fee), and want to let companies “opt-in” to installing the gov’t’s system on their own systems, or face the “wild west” and put everyone at risk. This sounds like blatant fear mongering to let the government tap into all sorts of private infrastructure systems. After all, the government has shown, time and time again, that once it gets access to information, it doesn’t take those whole “oversight” or “privacy rights” issues particularly seriously.
Filed Under: cyberwar, einstein, government, monitoring, networks
Comments on “Pentagon: If You Don't Let The US Gov't Spy On Your Network, You Place American Lives At Risk”
It’s times like this that I almost hope for a zombie apocalypse.
Re: Re:
And they say I’m a “doom and gloom” guy… 😉
Re: Re:
Me TOO!
[nitpick]cyberterrorism[/nitpick]
It seems that there are some people at the top that need to see Enemy Of The State. Or maybe we should just install a webcam in their homes.
Dear Pentagon.
FUCK YOU
Re: Re:
I think some companies like Google and the ISPs need to say the same thing to the Pentagon, and Congress while they’re at it.
[warning] Conspiracy theory alert [/warning]
Aaah, now it’s starting to make some sense.
The whole Cyberterrorism thing is just a smoke screen to allow the government to push for increased electronic surveillance, the same way 9/11 was used to take airport security to extremes no sane person would agree to otherwise (I’m not implying 9/11 was intentionally triggered for that purpose…but it sure was convenient).
Pretty soon, every operating system, every application and every piece of hardware will be required to have backdoors for them to spy on you.
All you need to do is just toss in some plausible scary scenario (with a hint of making people feel guilty) and you can make people agree to anything…
The funny thing is, they are digging themselves a bigger hole. That monitoring software can also be used by the “bad guys” to spy on those systems, making them actually LESS secure. Heck, it’ll make their life a hell lot easier. They don’t need to infect the system with a trojan, since the system is already “infected”…
Re: Re:
Hermann Goring interview, the Nuremberg Diary (1947):
——————————————–
Why, of course, the people don’t want war. Why would some poor slob on a farm want to risk his life in a war when the best that he can get out of it is to come back to his farm in one piece. Naturally, the common people don’t want war; neither in Russia nor in England nor in America, nor for that matter in Germany. That is understood. But, after all, it is the leaders of the country who determine the policy and it is always a simple matter to drag the people along, whether it is a democracy or a fascist dictatorship or a Parliament or a Communist dictatorship.
Gilbert: There is one difference. In a democracy, the people have some say in the matter through their elected representatives, and in the United States only Congress can declare wars.
Göring: Oh, that is all well and good, but, voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country.
—————————————-
The irony here would be if a DMCA was delivered over this qoute 😉
Re: Re:
Talk about conspiracies all you want, they’re already prepared (if this is accurate):
http://boingboing.net/2008/08/05/lawrence-lessig-on-t.html
Thanks, but "Wild West" works for me and others quite well.
Another “I’m from the Government and I’m here to help.” moment. I guess I should not be surprised at Defense Department nincompoops making pronouncements that cause one to wonder how long they’ve been channeling Josef Stalin. Wait until the mandatory webcams in all residences are suggested. Just give them time.
The Complete Opposite
Seems like this would actually do the complete opposite – the monitoring software could open up security holes in the code, as well as being ripe for abuse from the monitoring side.
The other issue is “critical infrastructure”; this is the same asinine concept as “too big to fail”. The idea that we must control what individual parties can do because the rest of us are somehow helpless and completely vulnerable to being negatively affected by what they do with their own money and their own property, and that if anything bad happens to them it will be the end of the economy/internet/….is phenomenally stupid.
But the public is too willfully ignorant and stupid, and politicians are either too stupid or too willing to exploit that for power, so we get this cyberterrorism crap and pretty much every single thing the government did as a response to the housing slump/recession – which did exactly nothing to actually improve the system or country.
Reminds me of this...
I couldn’t find a better article,
but I do recall something about the Russians proposing this for their ISPs.
What I don’t know is whether this proposal has been already implemented at this point.
Has promise if installed to *ACTUALLY* protect the public.
If the NSA wants to install these systems, they should be put in place at banks and major financial institutions. They are the ones who put America most at risk and probably need a “Big Brother” the most.
The recently approved finance bill that is now in the House is a joke. Like this system, has no oversight, which is why they would be at parity.
Why is it that so many people go with the flushing flow?
I really don’t get this. Is it just me or does it seem like the US has a ton of imported labor from China or India that didn’t properly assimilate or understand what the basis of the US as a country is?
I mean, unless you grew up in a communist country, this move towards sharing even bowel movements doesn’t make sense. I don’t understand why there isn’t more (not less) respect for the very basics of privacy, especially at the highest of levels like the Pentagon. Is it treasonous?
I don’t think any legitimate business will be jumping for this and think opening up their proprietary data to anyone is a good idea. It’s probably aimed towards backbone providers, and other companies that have hordes of personal data.
Wow...
Ratcheting up the feature creep to speedy levels, I see. Everyone still think I’m just a nutbar conspiracy kook?
No critical systems ?
Ok, so we do nothing, and pretend that there is no problems, and that all is well. Good advice. I can see why the likes of the NSA are the experts in the area of computer and information security. NSA have been doing this type of work since well before the internet ever existed.
As for no critical systems, there are thousands of critical systems, it’s not that their too big to fail, (allthough they can be) but they are too important to fail, and not just fail to be manipulated in a manner not intended.
GPS navigation system IS a critical system, and it’s not accessible by the ‘net’.
How about the US air traffic control system ? Not critical, not at risk of possible attack?
What about the thousands or even millions of Programmable Logic Controller computers that control almost every aspect of you’re life, especially things like, water, electricity, gas, all you’re transport systems, aircraft, power plants, waste water everything, (and most things you cannot do without).
It’s not “just trying to put scares into people, it’s a common occurance” that means it happens ALLREADY, and possibly too easily.
So again, trying to say “it’s all ok, there is really no problem” is misleading at best and irresponsible at worst.
It is real, it does happen, and it can cause massive damage, loss of life, huge expense, loss of productivity, and massive repair bills.
And you want to do nothing, but I would take the NSA’s advise over yours anyday. I know from experience when it comes to security they know what they are doing.
NSA have been building and providing this equipment to NATA forces for well over the last 30 years from my personal experience.
Just wait for the day, when some company creates a CPU that does on-the-fly encryption of the executable, you’ll have DRM on everything from the CPU up, OS, Apps, and media, but that will only be introduced if the industry sees software and media theft as a big enough issue to take those measures.
So thanks to the file sharers, the rest of us have to suffer with DRM and other measures put in place to stop people doing things they should not be doing.
IF there was really no problem, then measures to fight the problem would not need to be implemented, but there are problems, people do break into critical systems, people do copy copyrighted products without legal rights to do so.
Therefore measures need to be put in place to stop or reduce the problem.
If you run a bank and you get robbed, you increase security to stop the action, or the other option is to close the bank, sure you wont get robbed, but you’re not doing what you wanted to do.
Allowing them to rob you is not an option, so you take measures to stop it, put in guards, camera’s, vaults etc. And you put the criminals when you find them in jail.
What you’re trying to say, is music downloading is always going to happen, therefore let it and change how you make a living.
Does not work that way, that is why we have locks on door, if everyone was honest they would not be necessary.
If no one ever tried to break into a computer system, computer security would not be necessary.
If no one ever tried to illegally copy someone elses work, then copyright, and DRM would not be necessary.
If no one ever tried to copy someone elses invention, then patents would not be necessary.
Thats just how it is, and if no one ever tried to break into the US ATC, or the GPS sat Nav system, or the NY exchange, or the US power grid, then security systems would not be required.
Just as if no one listened into the enemies communications, encryption would not be necessary.
But people do, and because they do, you expect them do continue to do it, therefore measures need to be inplace to contend with that problem.
Imagine the outcry, if the US power grid dropped off, mabey like in 97, remember the ‘cascading failure’, it was proposed that was due to a hack on the power grid system detected several days before, it cost the US billions of dollars from losses.
Now if the power companies, said “there is no problem, so we dont employ any security thats silly, there is no such thing as a people breaking into computer systems and causing problems”. They would not be employed the next day, for neglegence.
Re: No critical systems ?
Then we should protect those systems, but why would we have to open the entire network so Big Brother can watch everything we do?
Oh, wait, I forgot, “if you’re not with us, then you’re against us”, right?
Give up your freedom to your government, rather than the terrists, because the terrists will just watch everything you do and you’ll have no freedom. “If you aren’t doing anything wrong, then you’ve got nothing to hide.”
The biggest issue is that most people won’t educate themselves about this stuff and it will make its way through congresses and parliaments and what have you around the world with barely a whimper of protest from the common man. In other words, even if the terrists lose, they win, because either way, some schmuck with a cybersecurity mega-contract is more worried about making money than about personal rights and freedoms.
While we’re at it, why don’t we just install CCTV cameras at ever corner and have a webcam or two feeding live pictures of our homes? Hey, we’re not doing anything wrong, so we should mind anybody watching us, right?
Re: No critical systems ?
a few simple items that you are failing to take into account.
1. if its DRM, it will get cracked regardless of what type and where it takes place in the system.
2. we have locks on doors to keep dishonest people out. we do not have locks on doors to keep the government from violating our constitutional rights – huge difference
3. all things change. including how companies and individuals do business. sometimes that change is brought about by proactivly finding better ways, sometimes forced by obsolesance. but they always do change. to say its unfair to force people to change the way they do business because of obsolesance is a disservice to society as a whole. a much more appropriate metaphore would be the USPS and the combustion engine.
in and of itself, there is nothing wrong with snail mail. its an effective means of communications. should we just scrap the entire internet because some companies just cant seem to figure out how to use it and it jeapordizes their business structure? the horse and buggy are perfectly acceptable modes of transporting goods from one place to another. should the rise of the transportation industry have been halted because it put the entire industries that relied on the sale of products to keep the horse and buggy industries working out of business?
(psst, the answer is no)
oh and by the way, trying to say because of file sharing we have to have safeguards on systems that are critical to infrastructure is over the top hyperbole and fear mongering. it adds nothing of substance to the conversation and only serves to distract from the real issues. sorry if i didnt fall for it.
Re: No critical systems ?
What a tool.
Its time
Its time for every one to start encrypting everything guess I should reinstall WASTE.
I think Big Brother could be good for America...
The Opt-In requirement for these types of systems should be waived, and made mandatory for a period of 20 years in the event an officer of said company is subpoenaed before Congress.
Why? Because they probably have transparency and accountability issues.
Right...
Dear Pentagon,
Given that my network is FAR more secure than yours, I think I’ll take a pass on your monitoring equipment.
@Darryl: Nice rant. Unfortunately, you’re distant relation to the facts is a little hard to swallow. The NSA has a long (and secret) history of screwing things up. I wouldn’t be surprised if they were on the class-action against Google StreetView. If someone can hack the GPS satellites, we’re already screwed. GPS navigation is a one-way communications system. CPUs can already do JIT encryption. Most DRM is not based on need, but paranoia. DRM did not stop music piracy, the availability of quality music at a decent price did (iTunes). The failure of the powergrid in ’97 was traced to an engineer not following proper protocols. The energy policies of the Clinton and Bush administrations allowed power companies to connect their grids so they could sell energy in different markets. This led to grids without buffers, Enron, and the California energy crisis. It had nothing to do with Internet security.
But that’s all moot. The Pentagon want civilian contractors to accept NSA-monitoring of their networks. This is a colossally bad idea, as it effectively gives network admin rights to a third-party without any oversight or liability. If the NSA wants to monitor my network, then they’ll have to prove that my network doesn’t meet their standards.
To what degree can monitoring prevent an attack?
I guess it would make sense that early warning would be able to help lessen the damage, but to my understanding, a large scale botnet attack is, in practical terms, unstoppable.
I think it’s not just a matter of privacy, but of efficacy. The Pentagon should be out there proving that what they’re offering is actually capable of protecting something, may be then a real dialog can start about who should join, how, and when.
That's just what everyone's IT deparment needs...
another loosely managed system spraying every device on the network with ICMP and SNMP requests.
Honest though, shouldn’t they just set up standards and auditing, starting with a specific definition for “critical infrastructure”.
Why you shouldn't bet on Government Security...
Wasn’t there an issue a few years ago where the DoD was caught buying counterfeit network gear?
http://www.zdnet.com/blog/projectfailures/fbi-counterfeit-cisco-routers-risk-it-subversion/740
Yup, lots of security. Pot meet Kettle.
Here’s your hopenchange.
Re: Re:
Right, because John McCain(you remember our other choice) would never allow anything like this.
ALWAYS HAD CONTROL
Why is everyone surprised at this? The Internet/WWW has ALWAYS been a military operation…. http://tinyurl.com/2wndwa8
Re: ALWAYS HAD CONTROL
Until it wasn’t. It’s no longer associated with ARPA in any way, and it’s *global.* The internet belongs to the world now, not a single country.
Falling off my chair, “I wonder if they paid the licensing fee”? (For Einstein’s name) Good one!
Darryl is what you get when NAMELESS.ONE and TAM have a child.
To quote my favorite Pirate Space Cowboy “I aim to misbehave.”
To quote my favorite Pirate Space Cowboy “I aim to misbehave.”
PCI
In order to maintain PCI (Payment Card Industry) compliance … that is, “assurance” that systems and networks are sufficiently secured and data encrypted, the PCI requires companies to purchase (from ONE vendor) a sniffer device [to which the company has no access, but that provides the vendor with full remote access] on their network. Talk about F’in EVIL!
Tough shit. People face risk everyday. Deal with it.
Do what thou wilt, shall be the whole of the law.
“To quote my favorite Pirate Space Cowboy “I aim to misbehave.”
Nice and simplistic :), I would have thought Alister Crowley’s main quote would be more appropriate for those there who do not think the law is for everyone. And somehow you’re above every else and the existing laws in some way.
So what did Crowley say ?? hmm
you already know
fuck you —I’m not stupid===you guys pretend to be (groovy) but are all about control and monitering
if I could spell I would spell (BUCK FUTT) with your collective names on it……911 is just an excuse for abuse!!!