Forgot your password?
typodupeerror
Government Security The Military News Your Rights Online

Department of Homeland Security Wants Nerds For a New "Cyber Reserve'" 204

Posted by samzenpus
from the grabbing-geeks dept.
pigrabbitbear writes "Just three weeks after Defense Secretary Leon Panetta told an audience at the Sea, Air and Space Museum that the U.S. is on the brink of a 'cyber Pearl Harbor,' the government has decided it needs to beef up the ranks of its digital defenses. It's assembling a league of extraordinary computer geeks for what will be known as the 'Cyber Reserve.'"
This discussion has been archived. No new comments can be posted.

Department of Homeland Security Wants Nerds For a New "Cyber Reserve'"

Comments Filter:
  • by Anonymous Coward on Thursday November 01, 2012 @08:45PM (#41848899)

    If that were true, it would have already happened by now. I mean, wtf are the US's enemies waiting for?

    Here's what someone said back in 1998: [fas.org]

    PREPARED STATEMENT OF SENATOR FRED THOMPSON
    CHAIRMAN

    COMMITTEE ON GOVERNMENTAL AFFAIRS

    MAY 19, 1998

    "WEAK COMPUTER SECURITY IN GOVERNMENT: IS THE PUBLIC AT RISK?"

    The Governmental Affairs Committee today is holding the first of a series of hearings on the security of federal computer systems. The potential benefits promised by computers are contrasted with inherent risks to our security and public safety. While advances in computing power potentially can remake how the government does business and how future wars are fought, it also creates vulnerabilities which must be reduced. Today’s hearing will address the darker side of the information revolution while exploring how we can better protect government information.

    Computers are changing our lives faster then any other invention in our history. Our society is becoming increasingly dependent on information technologies, which are changing at an amazing rate. Consider a couple of examples:

    The singing greeting cards which you buy today for $2 have more computing power then existed in the world before 1950.

    A video camera which you buy today for less then $1000 has more computing power then a 1960s computer the size of this room.

    Combine this rapid explosion in computing power with the fact that information systems are being connected together around the world without regard to geographic boundaries. The increasing ability of computers talking to each other offers both opportunities and challenges.

    In today’s hearing, we will discuss these challenges. We will hear that the nature of this challenge comes from the fact that our nation’s underlying information infrastructure is riddled with vulnerabilities which represent severe security flaws and risks to our nation’s security, public safety and personal privacy.

    While "hacker attacks" receive much media attention, what worries me are the attacks that go unknown. The nature of attacks in the information age seems to allow a malicious individual or group to reach out and inflict extensive damage from the comfort and safety of their home.

    We must ask whether we are becoming so dependent on communications links and electronic microprocessors that a determined adversary or terrorist could possibly shut down federal operations or damage the economy simply by attacking our computers.

    At risk are systems that control power distribution and utilities, phones, air traffic, stock exchanges, the Federal Reserve, and taxpayers’ credit and medical records. Unfortunately, government agencies are ill-prepared to address the situation. We as a nation cannot wait for the "Pearl Harbor" of the information age. We must increase our vigilance to tackle this problem before we are hit with a surprise attack.

    Our witnesses today have substantial knowledge about what the problems really are and can recommend solutions. First, Dr. Peter Neumann, a recognized private-sector expert on computer security, will provide the Committee with an overview of information security issues and testify on the systemic security problems in the government’s computer systems.

    Then we will hear from L0pht -- seven members of a "hacker think tank" who identify security weaknesses in computer systems in an effort to persuade companies to design more secure systems. L0pht members will testify about specific weaknesses which enable hackers to exploit the nation’s information infrastructure and government information.

    Excuse me if I can't take the government seriously about preventing a cyber "Pearl Harbor". What'll happen is that there will be some attack w

  • by SB9876 (723368) on Thursday November 01, 2012 @09:17PM (#41849125)

    Ummmmmmm...
    Have you just not been reading anything at all about the pervasive SCADA security holes that keep popping up everywhere? Hooking industrial control hardware to the internet to centralize monitoring, control and update has been a huge industry movement. Combine that with a mindset in the SCADA industry and end users that is much more focused on reliability than security and you get the equivalent of thousands of pieces of hardware on the internet with the security equivalent of a wireless router with the default admin account and password.

    The SCADA security holes have only recently come to the attention of the industry. I can assure you that there's a giant collective brick being shat over it but fixing this stuff takes time.

    And foaming at the mouth about honest mistakes isn't going to solve anything.

  • by johnnick (188363) on Thursday November 01, 2012 @09:22PM (#41849163)

    >The bacteria that enter the drinking supply poisons a good portion of an entire city and thousands (if not tens of thousands) die.

    Because no one, not even the people there at the plant, notice that the sewage is going into the water, and no one notices that the water smells funny, etc., etc. NYC is dealing with something like this right now in the wake of hurricane Sandy. See http://www.huffingtonpost.com/2012/10/30/hurricane-sandy-sewage-toxic-_n_2046963.html [huffingtonpost.com].

    Killing people with computers is a LOT harder than killing them with kinetic weapons because, aside from people being monitored by computers in hospitals, most people aren't directly relying on the computers to keep them alive.

    The north eastern US suffered a major, multi-day blackout a few years ago. It did not bring the country to its knees. Similarly, regional weather events may shut down transit/business/etc., but people are moving to backup systems (e.g., walking/biking to work in the case of NYC) and dealing for the time it will take to bring the systems back online.

    Any cyber attack that could actually meaningfully harm the US would cross the line into casus belli and likely receive a kinetic response.

    It's possible that some kind of cyber attack could be used as a distraction or to syphon off resources while a kinetic attack takes place, but that's still assuming some other nation believes it is in their national interests to get into a shooting match with the US.

    Sen. Lieberman had an opinion piece in the NYT (http://www.nytimes.com/roomfordebate/2012/10/17/should-industry-face-more-cybersecurity-mandates/the-cyber-threat-is-real-and-must-be-stopped-by-business-and-government) supporting your position. Numerous real security professionals would disagree, from Bruce Schneier (http://www.schneier.com/blog/archives/2012/10/stoking_cyber_f.html) to people like Scot Terban (http://www.schneier.com/blog/archives/2012/10/stoking_cyber_f.html).

  • by girlinatrainingbra (2738457) on Thursday November 01, 2012 @09:39PM (#41849269)
    re: If it worked like the Army reserve, I'd be in. Think about it, you participate one weekend a month for ,,,

    .

    You do know that :

    -- quite a few of the reserves are actually deployed at the present;

    --a lot of the National Guard is called out and deployed at the present;

    -- a lot of people who have finished their tours are told that they must re-up.

    .

    Even if they are not deployed overseas, they are often activated to take the place on base of combat troops who are deployed overseas. So if you're part of the Ready Reserve [wikipedia.org], be ready to be deployed at any time of need. Not that there's anything wrong with that. Just know about that ahead of time.

  • by stephanruby (542433) on Thursday November 01, 2012 @09:41PM (#41849279)

    I'd be in for that, especially if it (being those projects) could be done as moonlighting outside my regular job. That doesn't sound so bad.

    If they actually pay you for it, I doubt they'd let you do it at home.

    Think about it, you participate one weekend a month for sec training and preparedness drills, and take on a special project every once in a while, and get the military benefits without leaving your house.

    The US military is famous for switching job descriptions once people have entered their ranks.

    Many people want to be Air Force pilots for instance, so they sign up with the Air Force, but when they find that it's really too competitive to be a pilot, or they don't have the political connections to make that happen. It's too late already -- they've signed on the doted line. The same goes for State Military Reserves, most thought they were committing themselves for a limited time duration of possibly doing disaster relief work, or at most that they might fight within the US in case it ever got attacked, not they were going to fight in Iraq in a pre-emptive war, and nor did they know that their contracts could be changed indefinitely at will.

  • by Absolutely.Geek (2765293) on Thursday November 01, 2012 @09:55PM (#41849379)
    As someone who works with this stuff all the time, I feel I can say this with some degree of authority, if you connect your SCADA / PLC system DIRECTLY to a internet connected PC. You should be drawn and quartered / keel hauled for pure stupidity.

    I have access to some of my customers sites remotely, all of them are through secure VPN then either RDP from the secure connection or in one case through citrix to the computer in question. If their IT dept can't sort out VPN security that is another issue entirely.

    When it comes to industrial gear stability is #1, #2, #3 and #4 on the list of priorities, and #5 is physical security, most plants that I have worked at are fenced and require you to go through a gate house of some sort before you can enter site, this is not because they are doing some super secrete work it is for liability issues, if some retard sneaks onto the site and gets an arm ripped off because they put their hand in some bit of plant, the fines and paperwork would be hideous.

    Most computers on industrial sites will be running unpatched XP SP2, but it is ok because there should not be any internet connection to these machines. USB's should also be limited to trusted ones for backups.

    Ok rant over.....I could go on....

"Irrationality is the square root of all evil" -- Douglas Hofstadter

Working...