Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Privacy Security The Internet

NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations 103

Trailrunner7 writes: In a keynote speech at a security conference in Washington on Tuesday, new NSA Director Mike Rogers emphasized a need to establish behavioral norms for cyber war. "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers. "If this was easy, we would have figured it out years ago. We have a broad consensus about what constitutes an act of war, what's an act of defense." Rogers went on to explain that we need to better establish standardized terminology and standardized norms like those that exist in the realm of nuclear deterrence. Unfortunately, unlike in traditional national defense, we can not assume that the government will be able to completely protect us against cyber-threats because the threat ecosystem is just too broad.
This discussion has been archived. No new comments can be posted.

NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations

Comments Filter:
  • by Anonymous Coward on Tuesday September 16, 2014 @09:12PM (#47923533)

    YOU ARE THE CYBER-THREATS.

    • "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers

      NSA supposed to be a government agency filled with very intelligent folks, and they are telling us that they can't differentiate between common hacking (whether it be criminal or otherwise) and an _Act of War_ ?

      I dunno about you, but I find it very hard to believe!

      • by amiga3D ( 567632 ) on Tuesday September 16, 2014 @09:52PM (#47923699)

        I find it easy to believe. He's typical of the fucking morons that run the bureaucracy of this nation. War is what happens between nations and criminal activity is what happens when individuals or gangs break the law. This whole thing of calling these thugs terrorists tends to legitimatize them and makes them more effective. Just catch them, throw them in a hole and toss the key away. Enough of all the drama already. Now they've twisted things so that minor criminals serve time like they were mass murderers or something. It's like the terrorists won, they destroyed the entire culture so that you can't even fly from Atlanta to New York without feeling like you're in the old Soviet Union. It feels like you're trying to sneak out plans for a new Red Navy submarine.

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          I find it easy to believe. He's typical of the fucking morons that run the bureaucracy of this nation.

          Well, that's probably overstating it. Let's read TFA, shall we?

          "We always follow the rule of law," he said. "You can debate whether we should have these laws. Are existing laws constitutional? I try to remind people that the all judgement to date find that the NSA has abided by the law. We have not been found to attempt to undermine the law. And we have protected the information we collect."

          Well, fuck.

          • by Endymion ( 12816 )

            Admiral Rogers,

            The anonymous letter above has some good ideas about respecting the Constitution. You swore an oath to defend that social contract, and that oath is one of the most respectible American values I know. i know nothing about you and your history, so I respectfully - and hopefully - give you the benefit of the doubt and assume that has an American Admiral, you understand words such as "oath", "honor" and "duty" better than most.

            The duty to defend the Constitution is not an easy one at tim

          • Admiral Rogers, I know this is harder for you than it is for a civilian, but you've really gotta stop conflating "legal" with "ethical." And if you can't do that, I can sympathize, but could you at least stop conflating "legal" with "in the interests of the United States?"

            You should read what he said again.

            I try to remind people that the all judgement to date find that the NSA has abided by the law. We have not been found to attempt to undermine the law.

            He didn't say that the NSA abides by the law, only that no court has judged them as acting illegally.

            The NSA's warrantless wiretapping was nakedly illegal and unconstitutional, but so far (AFAIK) no Judge has taken a case to its conclusion.
            And Congress passed the FISA Amendments Act of 2008 to retroactively shield the telecom companies for their participation.
            The NSA has even admitted to "overcollection" under the 2008 law, but the details are classified, so no one can cla

        • What happens when those "criminal gangs" are just fronts for government espionage and/or attacks to slowly undermine your own country's industry?

          That's the problem they are faced with right now, the same way some corporations get away with abuses through 'shell companies', governments are using these 'shell criminal gangs' as a means to unofficially sanction behavior which the government uses to maintain plausible deniability. The challenge is deciding on a point where overlooking 'criminal' activity reach

      • They don't have access to lawyers. Intentionally.

        It falls under plausible deniability. "I didn't know that was illegal". Sure, it doesn't work for you and I, but it does for the gov't. Particularly with the FISA court.

      • by s.petry ( 762400 )
        I believe it's much more likely that they know the difference, but gauging the crowd to see how much they can get away with. It helps keep the pressure off people that should be facing criminal charges for lying to Congress, and offers a great diversion.
      • I find this statement entirely believable as something they would say to conference. This sounds like a prelude to a request to have their budget expanded. This sets the scene so that they can point to this conference as a public instance where they pointed out how hard of a time they are having and use it as justification to congress in the next budget go around cluster fuck next year.
    • YOU ARE THE CYBER-THREATS.

      Exactly. "What you mean 'We', White Man?"

      Why not disband the NSA and instead spend the hundreds of billions of dollars that fascist cess-pit drinks off of the public teat - instead spending a decent fraction on making FRIENDS, not ENEMIES? There are a lot of schools, hospitals and high-school diplomas that could be bought, all round-the-world. You wouldn't have a popular resistance to American influence in the world, were that influence actually benign.

      • by amiga3D ( 567632 )

        You can't buy friends. No matter how much money you spread around it ends up with most of it in the hands of the thugs running all these little shitholes and the people still hate us because we don't bow towards Mecca. The NSA have a job to do but they need to clean house by firing everyone there from the top down to minor level administrators. All the idiots in charge should have been fired right after 9/11. Instead of rolling heads we got the fucking "Patriot" act. They aint' patriots they're fucking

        • Re: (Score:3, Insightful)

          You're a racist cunt. People are people, and want/need basically the same things - if you don't push them into corners and poke at them with sticks.

          The thugs? Products of our selective, post-colonial domination. Nobody rallies round a bully, when they have nothing much to fear.

          • by s.petry ( 762400 )
            If you read past the first two sentences, he stated that the administration (US) should have been held accountable for 9/11 instead of passing the Patriot Act. Yes, seems contradictory from the first 2 sentences...
            • by amiga3D ( 567632 )

              I'm saying that people will always have issues. People hate for all kinds of reasons and as a nation we will always have enemies. A religion that has a major, not minor component, that states "believe the way we do or we'll kill you" is never going to be my friend and I don't give a shit what race or sect or whatever they are. How many times have we tried to be friends with someone and then once our common goal is met or gone they go back to being our enemies? It's an ugly world and to think just becaus

          • Well then I guess I'm a racist cunt too, because I agree with him (amiga3D (567632)) and I think he's right on the money: friends, Mecca, NSA, Patriot Act and all.

            We'll both go take our racism over there, out of your way. Have fun chatting with the highly enthusiastic Religion of Peace supporters -- but I'm afraid you'll need a piece handy if you'd like to continue the conversation for an extended period of time.

            May I point you to this highly charged and offensive picture and article here. [theonion.com] His point i
  • by Anonymous Coward on Tuesday September 16, 2014 @09:16PM (#47923555)

    Maybe they should just get off their lazy fucking asses and start pulling all those exploitable 'cyberweapons' off the fucking public network and start having them running on a private network akin to MILNET. There's no excuse for the power grid, medical records, social security, police records, etc being accessable over the public internet, except as a threat window to use in the quest for more security theater. Eliminate access to the resources and you eliminate the majority of non-military threats. On the off chance such information *IS* needed via the internet (see: online banking), make it run through isolated systems with limited end-user data available on the 'public' side, and a batch processing system in-between the public and private networks. While it wouldn't stop exploitation of the end-user, it could stop the majority of actual banking system hacking by eliminating direct access to the computing resources. While this is probably already done to some degree the level of isolation is obviously insufficient.

    Militarizing turf wars over the internet however is bad for everyone.

    • I really can't believe one of the Telcos wouldn't rather reuse their copper network (that touches nearly every building in every town) to form a secure isolated system for processing payment data, separate from the internet, instead of just letting it rot.

      They just wire in and reuse old phone stuff to make a private network with connections and a firewall they manage, to guarantee (for a slice of security pie) that only specific data can go to specific places on direct routes, and no one can access the netw

  • by MindPrison ( 864299 ) on Tuesday September 16, 2014 @09:29PM (#47923597) Journal
    ...definitively the most honest thing I've ever heard to come publicly from NSA, ever.

    Personally I translate that to "It's important that we don't see ghosts everywhere here!".

    And yes, very! Even the NSA know they've gone out of hands here, they also have humans working for them - and nothing they ever do will ever stay 100% a secret everywhere, so it's a better strategy to play with open cards (which they have *NOW* learned the hard way) in the long run. Besides, you can't possibly store all the 1 terabyte personal computer harddisks in the world in even googles vast server-lands anyway. It's all about spotlight. If you're in their spotlight, you'll be spied on, your data will get collected no matter where it is. Going trough vast amounts of byte garbage will yield certain finds - but mostly it's just noise, people who use words that could be similar to what you're looking for, but ultimately...just noise.
    • by aliquis ( 678370 )

      Just put up /. beta before any US gov pages.

      The attackers will be confused and wonder where they have arrived, if it's some blog of sort, and most likely just leave it alone / leave as quickly as possible.

  • that would be a good start.
  • Cut The Cable (Score:3, Insightful)

    by rtb61 ( 674572 ) on Tuesday September 16, 2014 @09:48PM (#47923675) Homepage

    Pretty bloody easy to define the difference between hacking and act of war. Any hacking attack you can simply divert by cutting the connection is not an act of war. A major electro magnetic pulse generated by a thermonuclear war head is an act of war.

    For the idiots at the NSA, permanent damage versus repaired disruption. They just need to ask the buddies at the CIA when it comes to their idea of torture, permanent harm equals torture non permanent harm according to them, based upon them being a bunch of sick psychopath sadists, does not equal torture.

    So if you ain't using explosives on digital infrastructure it ain't war. No matter how badly behaved the NSA has been, their acts have not quite crossed the bounds of an act of war. Somehow I guess this will be another example of American exceptionalism and when the US does it, it is not an act of war and when any other country does it, it is an act of war and the US must spend another billion dollars on the US military industrial complex per incident or so the lobbyists say.

    • Re:Cut The Cable (Score:4, Insightful)

      by Livius ( 318358 ) on Tuesday September 16, 2014 @10:20PM (#47923841)

      No, no, if it comes from somewhere with oil in need of liberating, then it's an act of war.

    • Pretty bloody easy to define the difference between hacking and act of war. Any hacking attack you can simply divert by cutting the connection is not an act of war. A major electro magnetic pulse generated by a thermonuclear war head is an act of war.

      For the idiots at the NSA, permanent damage versus repaired disruption. They just need to ask the buddies at the CIA when it comes to their idea of torture, permanent harm equals torture non permanent harm according to them, based upon them being a bunch of sick psychopath sadists, does not equal torture.

      So if you ain't using explosives on digital infrastructure it ain't war. No matter how badly behaved the NSA has been, their acts have not quite crossed the bounds of an act of war. Somehow I guess this will be another example of American exceptionalism and when the US does it, it is not an act of war and when any other country does it, it is an act of war and the US must spend another billion dollars on the US military industrial complex per incident or so the lobbyists say.

      So if country XYZ was actively attempting to retarget and launch our nuclear weapons towards our own cities this would not be an act of war just because we could stop it?

      In the same way then, would country XYZ firing nuclear weapons at us not be an act of war just because we could (imagine) shoot them out of the sky with laser satellites (or whatever)?

  • by gavron ( 1300111 ) on Tuesday September 16, 2014 @10:10PM (#47923799)

    While you're looking for "the cyber threats" you might as well just buy a modern dictionary. Nobody calls anything "cyber" anymore and the number two threat is malware... right behind the number on threat... the NSA.

    Cyber-think your way out of that one, NSAmen. Time is short. The cybermen are coming.

  • When you went online you agreed to accept any traffic thrown at you. There never has been any system to prevent that. If you can't handle it don't get on the internet. It's not war when someone attacks you- it's the internet.

    That said the underlying problem is shitty code on a grand scale. If the US wanted to defend itself it would start implementing programs to review every bit of critical code multiple times, minimizing baggage, developing best practices and standards for critical infrastructure like: TC

    • Intel's remote management software is scary when you look at what it can do.

      They mention some of the more powerful features are only available on your LAN, hoping you'll forget that to some... The entire internet is their LAN.

      Then there's the features they don't tell you about.

      Scary capabilities advertised as control features.

  • Attacks against targets that are considered basic infrastructure for life, government or defense with damages that severely cripple those sites and cause harm to American citizens.

    Shutting off power, blanking out emergency services, crashing planes, etc.

    NOT downloading a MP3 or looking at porn or reading a johnny rocket how-to for do-it-yourself nuclear reactors. I am still on the fence about economic stuff since that does affect everyone, however it's all fixable. It's hard to goto war over damages to your

    • The problem for that is the origin. Other nations and their fellow travellers, cult members, dual citizens, deep cover agents or useful groups can stage any kind of network event with internal or expected external IP address, time zones and other code hints all pointing to the expected 'country' or group.
      Contractors, the politically connected all then feed from the event with digital products, services, clean ups, changes, new expensive training and long term monitoring.
      All that is found is a legal worki
  • by Anonymous Coward

    Pass me the floppies, I've got my acoustic coupler hooked up and I'm loading up the BBS! Gonna get some sweet warez from the sysop.
      giddeeup [youtube.com]

  • we need to have pity upon government workers tasked with these jobs, especially the military

    some of them spend their entire working day on tasks that *help* us (of course others do other things too...ahem)

    so..."criminal activity" or "act of war"

    i understand the distinction...but beneath those options are huge icebergs of heirarchy and process

    the way out is to take the technology out of the equation...

    chinese government hacker uses the internet to steal nuclear plans

    -now take the tech out-

    chinese government

    • The other fun part is what where "nuclear plans" doing on the web to be found?
      On average they might have been kind of expected to be found? The press getting whispers to stoke public outrage to show that they where very real?
      A nation goes to try and build from altered plans that wastes a decade and makes import supply lines and requests show up?
      The domestic press feeds a perfect operation to ensure plans are seen as real but nobody told the rest of the cleared political or signals intelligence teams no
  • by bipbop ( 1144919 ) on Tuesday September 16, 2014 @11:33PM (#47924095)
    The solution is simple. The NSA should continue to spend the lion's share of its effort on attacking the United States' own citizens. It's not an act of war if you're attacking yourself!
  • I guess their troubles are how to define it so that they are a mere criminal gang (and hence have immunity like all "law enforcement"), yet others are committing acts of war so they can be drone-killed and it is (legally, but not ethically) not murder...

  • while they try to sneak through another Secret Law [wikipedia.org] like the Patriot Act which will assume that everyone is a CYBER WAR CRIMINAL.

    Hacked some credit cards? Cyber war criminal.

    Spoofed a website? Cyber war criminal.

    Changed your grades? CYBER WAR CRIMINAL.

    Wrote some open-source code? CYBER. WAR. CRIMINAL.

  • by sociocapitalist ( 2471722 ) on Wednesday September 17, 2014 @03:59AM (#47924917)

    Of course the NSA knows what an act of war is, in cyber terms. They just don't want it defined as such because they themselves are no doubt performing those very acts on perceived threats and allies alike and yes, on American citizens as well.

  • "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war,"

    this is like the scene in the movie where the parent knocks on the door to the kids room asking "what are you doing in there!?!?" knowing full well... and the kid hurriedly puts out his joint and sprays air freshener... "nothing!!!"
  • I question your motives, junior.
  • Stumbling from one million constitutional violations into the other.
    And yet this 'look we're pathetic' plea.

Kiss your keyboard goodbye!

Working...