Department of Homeland Security Wants Nerds For a New "Cyber Reserve'" 204
pigrabbitbear writes "Just three weeks after Defense Secretary Leon Panetta told an audience at the Sea, Air and Space Museum that the U.S. is on the brink of a 'cyber Pearl Harbor,' the government has decided it needs to beef up the ranks of its digital defenses. It's assembling a league of extraordinary computer geeks for what will be known as the 'Cyber Reserve.'"
Worried about cyber perl harbor? Give me a break. (Score:3, Informative)
If that were true, it would have already happened by now. I mean, wtf are the US's enemies waiting for?
Here's what someone said back in 1998: [fas.org]
Excuse me if I can't take the government seriously about preventing a cyber "Pearl Harbor". What'll happen is that there will be some attack w
Re:Please, just stop... (Score:5, Informative)
Ummmmmmm...
Have you just not been reading anything at all about the pervasive SCADA security holes that keep popping up everywhere? Hooking industrial control hardware to the internet to centralize monitoring, control and update has been a huge industry movement. Combine that with a mindset in the SCADA industry and end users that is much more focused on reliability than security and you get the equivalent of thousands of pieces of hardware on the internet with the security equivalent of a wireless router with the default admin account and password.
The SCADA security holes have only recently come to the attention of the industry. I can assure you that there's a giant collective brick being shat over it but fixing this stuff takes time.
And foaming at the mouth about honest mistakes isn't going to solve anything.
Re:Please, just stop... (Score:4, Informative)
>The bacteria that enter the drinking supply poisons a good portion of an entire city and thousands (if not tens of thousands) die.
Because no one, not even the people there at the plant, notice that the sewage is going into the water, and no one notices that the water smells funny, etc., etc. NYC is dealing with something like this right now in the wake of hurricane Sandy. See http://www.huffingtonpost.com/2012/10/30/hurricane-sandy-sewage-toxic-_n_2046963.html [huffingtonpost.com].
Killing people with computers is a LOT harder than killing them with kinetic weapons because, aside from people being monitored by computers in hospitals, most people aren't directly relying on the computers to keep them alive.
The north eastern US suffered a major, multi-day blackout a few years ago. It did not bring the country to its knees. Similarly, regional weather events may shut down transit/business/etc., but people are moving to backup systems (e.g., walking/biking to work in the case of NYC) and dealing for the time it will take to bring the systems back online.
Any cyber attack that could actually meaningfully harm the US would cross the line into casus belli and likely receive a kinetic response.
It's possible that some kind of cyber attack could be used as a distraction or to syphon off resources while a kinetic attack takes place, but that's still assuming some other nation believes it is in their national interests to get into a shooting match with the US.
Sen. Lieberman had an opinion piece in the NYT (http://www.nytimes.com/roomfordebate/2012/10/17/should-industry-face-more-cybersecurity-mandates/the-cyber-threat-is-real-and-must-be-stopped-by-business-and-government) supporting your position. Numerous real security professionals would disagree, from Bruce Schneier (http://www.schneier.com/blog/archives/2012/10/stoking_cyber_f.html) to people like Scot Terban (http://www.schneier.com/blog/archives/2012/10/stoking_cyber_f.html).
Re:If it worked like the Army reserve, I'd be in. (Score:5, Informative)
.
You do know that :
-- quite a few of the reserves are actually deployed at the present;
--a lot of the National Guard is called out and deployed at the present;
-- a lot of people who have finished their tours are told that they must re-up.
.
Even if they are not deployed overseas, they are often activated to take the place on base of combat troops who are deployed overseas. So if you're part of the Ready Reserve [wikipedia.org], be ready to be deployed at any time of need. Not that there's anything wrong with that. Just know about that ahead of time.
Re:If it worked like the Army reserve, I'd be in. (Score:5, Informative)
I'd be in for that, especially if it (being those projects) could be done as moonlighting outside my regular job. That doesn't sound so bad.
If they actually pay you for it, I doubt they'd let you do it at home.
Think about it, you participate one weekend a month for sec training and preparedness drills, and take on a special project every once in a while, and get the military benefits without leaving your house.
The US military is famous for switching job descriptions once people have entered their ranks.
Many people want to be Air Force pilots for instance, so they sign up with the Air Force, but when they find that it's really too competitive to be a pilot, or they don't have the political connections to make that happen. It's too late already -- they've signed on the doted line. The same goes for State Military Reserves, most thought they were committing themselves for a limited time duration of possibly doing disaster relief work, or at most that they might fight within the US in case it ever got attacked, not they were going to fight in Iraq in a pre-emptive war, and nor did they know that their contracts could be changed indefinitely at will.
Re:Please, just stop... (Score:4, Informative)
I have access to some of my customers sites remotely, all of them are through secure VPN then either RDP from the secure connection or in one case through citrix to the computer in question. If their IT dept can't sort out VPN security that is another issue entirely.
When it comes to industrial gear stability is #1, #2, #3 and #4 on the list of priorities, and #5 is physical security, most plants that I have worked at are fenced and require you to go through a gate house of some sort before you can enter site, this is not because they are doing some super secrete work it is for liability issues, if some retard sneaks onto the site and gets an arm ripped off because they put their hand in some bit of plant, the fines and paperwork would be hideous.
Most computers on industrial sites will be running unpatched XP SP2, but it is ok because there should not be any internet connection to these machines. USB's should also be limited to trusted ones for backups.
Ok rant over.....I could go on....