Oh, noes.
Guess I'd better call up the commander of the Air Force's new Cyber Command and tell them their plans to protect the U.S. against malicious information warfare are totally off-kilter.
Because you know, sure as shinola, were the U.S. electronic data infrastructure crippled by an external or internal attack, nobody on a piddly-assed internet forum would just sit there and say, "That's ok" as their ATM cards cease to function, let alone that all-important web browser.
I understand the reason for protecting American cyberspace. Previous attacks have shown a real vulnerability.
Anything important is on a SCADA network. Little critical infrastructure is on internet accessible networks. The most critical stuff is only monitored by SCADA networks but cannot be given commands over SCADA. Yes, SCADA networks need to be updated to keep in line with advances made in network defense that internet facing networks almost always have.
The NSA and DISA publish good white papers and specifications for securing OS's, network devices, some applications, etc. They also cooperate with private sector manufacturers and software publishers to promote Information Assurance concepts and resources. They have a good reputation, remain strictly neutral, and usually only advise. DISA is responsible for the overwhelming amount of US military networks, and a surprising number of general government networks. DISA handles the bulk of the hands on information security on defense and national security networks. A lot of server stuff too. NSA does some stuff, but not as much hands on stuff as you'd think. Probably for the best.
I'm not convinced that the USAF's Cyber Command is little more than a money sink. What can they do that the NSA or DISA is not doing? I suspect their primary mission will be to suck up funds and maybe protect a very few number of networks. On the plus side, maybe they will do some improvements on embedded networks specific to the USAF. That'd be nice. But not critical to the security of the US infrastructure, as they run only more or less internal networks. They turn over more and more of those networks to DISA each year. While I would recommend being polite, G98, your call would not be incredibly inaccurate advice.
Disclosure: I am a former Army commo guy that did some infosec work. I also worked on a DISA Operational Support Team (OST).
Tin foil hattery notwithstanding, we're a cyber attack or two away from another 9/11, except we're already in a pretty bad recession this time. Let's knock out the financial institutions for a few days, and see how it goes. We'll be trading chickens and ammo in no time. Then there will be some serious belly-aching. "How come the government didn't take measures to prevent this?"
Is the cure worse than the cause? Maybe. The devil's always in the details.
...
I agree and strongly disagree at the same time. While there is a lot of improvement needed in the information security field, it's not catastrophically bad. Consumers need better security. That's the biggest threat at the moment. Millions of ordinary desktops and laptops. Infrastructure and corporate wise, infosec is getting better. Govt always needs to get better, but is good enough by and large. The only advice I can give that crosses private and public sector is, more applicable user training. Not the boring CYA legal-ese crap, but short good information. Put your written passwords in your wallet, don't share them, shred papers you don't need, if in doubt ask IT, don't click on stuff you think is off, if something sounds odd ask your security department, etc etc.
IT and IT Security departments need to expand beyond technical issues and also regularly interface with the users. Yes, I bloody well know how problematic this can be. But most users don't want to work around standard procedures, they just want to do their job in a way that isn't too painstaking. IT personnel should try to make their user solutions as streamlined as possible.
All of that said, a centralized body governing network security is such a bad idea I'm not sure I can make a proper analogy. "You might as well shoot yourself in the head to save time" would be the closest I can come to explaining how bad of an idea it is. Any hypercentralized NSOC (Network Security Operations Center) with legal powers to control every network in the US would be the worst security threat I can imagine. If you find a way into such a NSOC, you can take down everything. As it stands now, if somehow you could take down... say a specific hospital, that didn't mean you could automatically also take down a nuclear power plant, a jet liner or a Mom'n'Pop small business network. Decentralization means you have a wide variety of different environments. The more diverse and decentralized you make the entire US IT infrastructure, the less likely any one attack vector can do damage to a bunch of different networks using the same trick.
If you wanted to do the same thing in a somewhat secure manner, which is a bad idea, give the central telecoms a right to blacklist IP traffic without legal repercussion and the ability to void their obligation to completing contracts at their leisure but still get paid anyways. Sounds like a bad idea? It is. But it's much more secure than the hypercentralized NSOC idea.
That's why the IT community was scared poopless about the recent 1 April 09 Conficker worm threat, and why Microsoft has a $250K bounty on the head(s) of those responsible.
Really? Must be a different part of the IT community than I regularly communicate with. Oh sure, we're very concerned with users installing malware. Any one worm? Not so much. If you patch your systems regularly, have a good AV solution and hopefully a half decent firewall, there isn't a worm made yet that the IT community is 'scared poopless' over. I think you're confusing secondary effects (rush to patch an exploit, or dealing with an upsurge in spam traffic) with the worm or malware itself.
Hell, I was amazed at how much the media was playing up Conficker. The persons that designed Conficker were either really stupid, or didn't care. If you upgrade to nmap 4.85Beta7 and run the command " nmap -PN -d -p 445 --script=smb-check-vulns --script-args=safe=1 12.34.56.78 ", you can determine if the host is infected or not. (12.34.56.78 being the target IP, and obviously removing the quotes.) Why? NetpwPathCanonicalize() gives a nonstandard answer to queries. So you ask the worm if it has infected a host, and it accurately says "Yes, I did."
I'll grant you, worms are becoming more sophisticated. Storm was designed by someone with a glancing knowledge of secure programming. Not a professional level, of course. Almost, but not quite, respectable. Conficker is worrisome not because it was well written or well designed, but rather because it exploited a nasty hole in all relevant versions of Windows (See MS08-067), which is a hole that gives system level access with no authentication over a network. That's as bad as an security hole gets. If you're patched, no problem. If you're running an AV, somewhat no problem.
Instead of saying "ZOMG! Killer worm! All the geeks are in a panic and predict end of the world", the media should say "Yo, a routine worm is making it around the internet exploiting a hole patched on Oct 8th, 2008. If you haven't patched your desktop in SIX MONTHS, please do so. Go to whatever.com for details on how to do so." As we all know, rational dissemination of information ain't the media's strong point.
