NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations 103
Trailrunner7 writes: In a keynote speech at a security conference in Washington on Tuesday, new NSA Director Mike Rogers emphasized a need to establish behavioral norms for cyber war. "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers. "If this was easy, we would have figured it out years ago. We have a broad consensus about what constitutes an act of war, what's an act of defense." Rogers went on to explain that we need to better establish standardized terminology and standardized norms like those that exist in the realm of nuclear deterrence. Unfortunately, unlike in traditional national defense, we can not assume that the government will be able to completely protect us against cyber-threats because the threat ecosystem is just too broad.
Protect us against cyber-threats? (Score:5, Insightful)
YOU ARE THE CYBER-THREATS.
They are pretending that they do not know (Score:2)
"We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers
NSA supposed to be a government agency filled with very intelligent folks, and they are telling us that they can't differentiate between common hacking (whether it be criminal or otherwise) and an _Act of War_ ?
I dunno about you, but I find it very hard to believe!
Re:They are pretending that they do not know (Score:5, Insightful)
I find it easy to believe. He's typical of the fucking morons that run the bureaucracy of this nation. War is what happens between nations and criminal activity is what happens when individuals or gangs break the law. This whole thing of calling these thugs terrorists tends to legitimatize them and makes them more effective. Just catch them, throw them in a hole and toss the key away. Enough of all the drama already. Now they've twisted things so that minor criminals serve time like they were mass murderers or something. It's like the terrorists won, they destroyed the entire culture so that you can't even fly from Atlanta to New York without feeling like you're in the old Soviet Union. It feels like you're trying to sneak out plans for a new Red Navy submarine.
Re: (Score:3)
The chicken or the egg argument applies, but since when is it the NSA's responsibility over law makers to make this distinction?
Re: (Score:2)
How do you distinguish between an attack from a nation and an attack from a group of individuals.
I hear a bunch of individuals only marginally related to Russia, are attacking the Ukraine. No? Well, unless the country fesses up, you have to rely on a preponderance of various sorts of evidence. The first hint will be a powerful attack with sophistication and resources. I could see it being much harder to get beyond that when it comes to cyberwarfare, but you still have to hunt down the perpetrators and identify them, whether they're a government or not, so it's not a meaningful difference until then.
But
Re: (Score:2)
The right way is for the President to go to Congress and ask for a declaration of war. We keep fighting police actions instead and police actions by definition shouldn't not be called war. If it was a war we'd have it declared and ramp up to get it over with instead of this death by a thousand cuts stuff we're doing now.
Re: (Score:3, Insightful)
Well, that's probably overstating it. Let's read TFA, shall we?
Well, fuck.
Re: (Score:2)
Admiral Rogers,
The anonymous letter above has some good ideas about respecting the Constitution. You swore an oath to defend that social contract, and that oath is one of the most respectible American values I know. i know nothing about you and your history, so I respectfully - and hopefully - give you the benefit of the doubt and assume that has an American Admiral, you understand words such as "oath", "honor" and "duty" better than most.
The duty to defend the Constitution is not an easy one at tim
Re: (Score:2)
Well said.
But I don't bother posting anonymously because it's not like they don't know who I am, anyway.
Re: (Score:2)
Admiral Rogers, I know this is harder for you than it is for a civilian, but you've really gotta stop conflating "legal" with "ethical." And if you can't do that, I can sympathize, but could you at least stop conflating "legal" with "in the interests of the United States?"
You should read what he said again.
I try to remind people that the all judgement to date find that the NSA has abided by the law. We have not been found to attempt to undermine the law.
He didn't say that the NSA abides by the law, only that no court has judged them as acting illegally.
The NSA's warrantless wiretapping was nakedly illegal and unconstitutional, but so far (AFAIK) no Judge has taken a case to its conclusion.
And Congress passed the FISA Amendments Act of 2008 to retroactively shield the telecom companies for their participation.
The NSA has even admitted to "overcollection" under the 2008 law, but the details are classified, so no one can cla
Re: (Score:3)
What happens when those "criminal gangs" are just fronts for government espionage and/or attacks to slowly undermine your own country's industry?
That's the problem they are faced with right now, the same way some corporations get away with abuses through 'shell companies', governments are using these 'shell criminal gangs' as a means to unofficially sanction behavior which the government uses to maintain plausible deniability. The challenge is deciding on a point where overlooking 'criminal' activity reach
Re: (Score:2)
They don't have access to lawyers. Intentionally.
It falls under plausible deniability. "I didn't know that was illegal". Sure, it doesn't work for you and I, but it does for the gov't. Particularly with the FISA court.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
YOU ARE THE CYBER-THREATS.
Exactly. "What you mean 'We', White Man?"
Why not disband the NSA and instead spend the hundreds of billions of dollars that fascist cess-pit drinks off of the public teat - instead spending a decent fraction on making FRIENDS, not ENEMIES? There are a lot of schools, hospitals and high-school diplomas that could be bought, all round-the-world. You wouldn't have a popular resistance to American influence in the world, were that influence actually benign.
Re: (Score:1)
You can't buy friends. No matter how much money you spread around it ends up with most of it in the hands of the thugs running all these little shitholes and the people still hate us because we don't bow towards Mecca. The NSA have a job to do but they need to clean house by firing everyone there from the top down to minor level administrators. All the idiots in charge should have been fired right after 9/11. Instead of rolling heads we got the fucking "Patriot" act. They aint' patriots they're fucking
Re: (Score:3, Insightful)
You're a racist cunt. People are people, and want/need basically the same things - if you don't push them into corners and poke at them with sticks.
The thugs? Products of our selective, post-colonial domination. Nobody rallies round a bully, when they have nothing much to fear.
Re: (Score:2)
Re: (Score:2)
I'm saying that people will always have issues. People hate for all kinds of reasons and as a nation we will always have enemies. A religion that has a major, not minor component, that states "believe the way we do or we'll kill you" is never going to be my friend and I don't give a shit what race or sect or whatever they are. How many times have we tried to be friends with someone and then once our common goal is met or gone they go back to being our enemies? It's an ugly world and to think just becaus
Re: (Score:1)
We'll both go take our racism over there, out of your way. Have fun chatting with the highly enthusiastic Religion of Peace supporters -- but I'm afraid you'll need a piece handy if you'd like to continue the conversation for an extended period of time.
May I point you to this highly charged and offensive picture and article here. [theonion.com] His point i
Re: (Score:2)
Convert to Islam or die.
This is not, nor has it ever been a central tenet of Islam. This cannot be viewed in political or historical isolation.
"Convert to Christianity under Papal authority or die by red-hot poker" was a governing principal of church and state - at the center of Europe's most powerful empire, for nearly 200 years. It was never the message of Jesus, regardless of your belief in Christianity. But scripture and political expropriation of pseudo-theology made that it seem so.
I hope someday you have a daughter who m
Maybe they shouldn't try to! (Score:3, Insightful)
Maybe they should just get off their lazy fucking asses and start pulling all those exploitable 'cyberweapons' off the fucking public network and start having them running on a private network akin to MILNET. There's no excuse for the power grid, medical records, social security, police records, etc being accessable over the public internet, except as a threat window to use in the quest for more security theater. Eliminate access to the resources and you eliminate the majority of non-military threats. On the off chance such information *IS* needed via the internet (see: online banking), make it run through isolated systems with limited end-user data available on the 'public' side, and a batch processing system in-between the public and private networks. While it wouldn't stop exploitation of the end-user, it could stop the majority of actual banking system hacking by eliminating direct access to the computing resources. While this is probably already done to some degree the level of isolation is obviously insufficient.
Militarizing turf wars over the internet however is bad for everyone.
Re: (Score:3)
I really can't believe one of the Telcos wouldn't rather reuse their copper network (that touches nearly every building in every town) to form a secure isolated system for processing payment data, separate from the internet, instead of just letting it rot.
They just wire in and reuse old phone stuff to make a private network with connections and a firewall they manage, to guarantee (for a slice of security pie) that only specific data can go to specific places on direct routes, and no one can access the netw
Well, that was interesting... (Score:4, Interesting)
Personally I translate that to "It's important that we don't see ghosts everywhere here!".
And yes, very! Even the NSA know they've gone out of hands here, they also have humans working for them - and nothing they ever do will ever stay 100% a secret everywhere, so it's a better strategy to play with open cards (which they have *NOW* learned the hard way) in the long run. Besides, you can't possibly store all the 1 terabyte personal computer harddisks in the world in even googles vast server-lands anyway. It's all about spotlight. If you're in their spotlight, you'll be spied on, your data will get collected no matter where it is. Going trough vast amounts of byte garbage will yield certain finds - but mostly it's just noise, people who use words that could be similar to what you're looking for, but ultimately...just noise.
Re: (Score:2)
Just put up /. beta before any US gov pages.
The attackers will be confused and wonder where they have arrived, if it's some blog of sort, and most likely just leave it alone / leave as quickly as possible.
nsa needs to stop attacking US Citizens (Score:1)
It is ***MUCH MORE*** than that !! (Score:1)
We're having coming up with a definition that means "It's fine when we do it, but an act of war if we want it to be when someone does it to us" that passes the laugh test
Remember it's NSA we are talking about
They do not need to speak the truth, and in fact, they have lied to the congress and nobody could do anything to them
In other words, they can declare "An Act of War" any time they want, even if nobody did nothing, because right now, as we speak, NSA is an entity that no one have any right to inspect - not the congress, not the court, and surely, not the White House
Cut The Cable (Score:3, Insightful)
Pretty bloody easy to define the difference between hacking and act of war. Any hacking attack you can simply divert by cutting the connection is not an act of war. A major electro magnetic pulse generated by a thermonuclear war head is an act of war.
For the idiots at the NSA, permanent damage versus repaired disruption. They just need to ask the buddies at the CIA when it comes to their idea of torture, permanent harm equals torture non permanent harm according to them, based upon them being a bunch of sick psychopath sadists, does not equal torture.
So if you ain't using explosives on digital infrastructure it ain't war. No matter how badly behaved the NSA has been, their acts have not quite crossed the bounds of an act of war. Somehow I guess this will be another example of American exceptionalism and when the US does it, it is not an act of war and when any other country does it, it is an act of war and the US must spend another billion dollars on the US military industrial complex per incident or so the lobbyists say.
Re:Cut The Cable (Score:4, Insightful)
No, no, if it comes from somewhere with oil in need of liberating, then it's an act of war.
Re: (Score:3)
What happens when cooling systems at a nuclear power plant are taken offline by an aggressor?
Then I would say that the management of the facility has been negligent in their duties and should all face criminal prosecution. The same would go for water treatment plants where someone could access a computer over the internet, or any other utility.
How about a major stock exchange being crippled?
I think this depends on the damages. At best, I would say that civil liability would exist and the owners of the stock exchange should be liable to reimburse losses. If there are non recoverable damages, then we have a criminal case as well.
Why does it matter if it was done by a hacker or by a warhead? No amount of repairs will undo the direct effects of these events.
Why don't you h
The same applies to New York, right? Ok to attack? (Score:3)
The internet isn't safe, so it's all the victim's fault, and we should ignore the attackers. Hmmm. .."
"Anyone in any business who doesn't realize that the internet^H^H^H^H^H^H New York isn't a safe playground.
That's your theory, right? Because the internet / New York / the ocean isn't a safe place, anyone attacked on the internet or in New York had it coming. The government of China is attacking our internet infrastructure, but theyget a pass because the internet isn't perfectly safe, right? The high
Re: (Score:2)
Well, no, the theory is military who hooks up nuclear warheads to the internet should be imprisoned for life and those warheads disconnected. The surreal idiotic supposition, that other people can gain control of your nuclear warheads is ludicrous and if they can, well, it is all to late already, is in not?
Re: (Score:2)
Your arguments are really quite poor. Let me expound on your two attempted examples. For posterity, "the Ocean" is at least close to the function of the Internet, where "New York" is not.
If a person runs a boat on the ocean are they not required to have gear to operate safely? If a boat owner had no lifeboats, no radar, no radio, not enough people to staff the boat would they not be held accountable if the boat had an accident?
If your job is to carry around cash for people and you live in New York, are y
An attack by a foreign govt is not an accident (Score:2)
> For posterity, "the Ocean" is at least close to the function of the Internet, where "New York" is not.
Okay, let's go with that, then.
> If a person runs a boat on the ocean are they not required to have gear to operate safely? If a boat owner had no lifeboats, no radar, no radio, not enough people to staff the boat would they not be held accountable if the boat had an accident?
An attack is not an accident. The government of China is _attacking_ US resources via the internet. We're not talking about
Re: (Score:2)
I fully agree that an attack is not an accident, but you are really not addressing the issue. Lets continue down our Boat and Ocean path using the tried and true Socratic method.
Is a boat required to have necessary gear to run on the Ocean? Yes or No? Realizing that the only proper answer here is "yes" then we to ask whether or not any other prior questions should be asked ahead of this. Low and behold there is a question we should ask ahead of this. "Should the boat be in the ocean to begin with?".
In
that explains partially, you don't know the word (Score:2)
Well we're kind of getting somewhere.
Infrared: below red
Infrasound: below sound
Infrastructure: below structure
> "Infrastructure" means that everyone relies on this, and society can not function without it.
Not in any way, shape or form, not even a litle bit close or related.
Infrasound does not mean "sound that society cannot function without", and infrastructure does not mean "structure that society cannot function without".
Infrastructure means parts and pieces which are underneath structure. A wire is
Re: (Score:2)
You seem to be attempting to mangle the meaning of infrastructure. Infrastructure is "foundational", not "not needed" as you seem to be implying with the term "below". Even though the term has a similar root "infra" to "infrared", the use of "infra" is absolutely not the same.
You are trying to claim, falsely I'll add, that some infrastructure is not actually infrastructure. In terms of Infrastructure, there is absolutely no difference. If someone can take out roads then we have an infrastructure problem
okay, so the dry cleaner DOES need a private army (Score:2)
> I don't restrict the argument to just infrastructure. It's commerce as well, where some person/company accepts responsibility for another person's wealth or property (as with the original post and their stock exchange comment). All of these things are the same, and the argument is the same.
Okay, so the dry cleaner DOES need a private army to defend your clothes in case of attack by China.
A minute ago you shifted to "society absolutely cannot function without", but now we're back to all commerce. I c
Re: (Score:2)
Why do you keep introducing invalid and unrelated arguments? Did I or anyone else claim that a dry cleaner needs a private army? The latter question I can answer, and that answer is "NO". Further, it does not at all relate to the debate. The first question I can only answer with the fact that that you continue to muddy the waters instead of answering the questions I posed earlier. Contrary to your 2nd paragraph, I have never shifted my position even the slightest. I stated that if people are not acco
Re: (Score:2)
In the true spirit of the Socratic method I should have also added that my question number 1. is not really required to gaining the rational answer to primary question. It does however relate\ directly to the answer I gave in my first post.
The primary question is why anyone would believe that 2 forms of justice can exist simultaneously in the same society? The separation of infrastructure is not necessary in the grand scheme of your claim that certain people should be excluded from justice. Just like acc
to carry bananas (Score:2)
1> Why should the boat (infrastructure) be in the Ocean (attached to the Internet)? As previously stated, "profit" is not an answer.
A ship should be in the ocean to bring bananas to North America, and generally get things to people eho need them. Foreign governments should not fire missiles at those ships. The internet made up of infrastructure , and can itself be considered to be critical infrastructure. It makes no sense to ask why it should be connected to itself. I see now you must have read
Re: (Score:2)
did my answers include words you don't know? (Score:2)
I think I answered them quite clearly. If there are English words you're unfamiliar with in my answers, I'd be happy to explain those words to you.
Here are two questions for you:
Why would you blame and punish the victim, rather than holding people accountable for what they do?
The attacker committed a crime / act of war. The victim tried to provide important services to people and was attacked while doing so.
Do have any idea what level 4 preparedness costs, or even what it is? If not, perhaps you're not q
Re: (Score:2)
I think I answered them quite clearly.
No, you did not, you immediately started to muddy the waters again and then diverted the topic. Instead of answering why a power plant needs to be connected to the internet, you made up a new scenario about banana boats being shot at by a foreign military.
You completely ignored the primary question regarding two forms of justice, and cherry picked a fragment of that statement to add more bullshit about foreign super powers.
At no point did you answer either question, you are just spinning mud.
The question
so now "all commerce" is just power stations? (Score:2)
You asked "why does the boat (infrastructure) need to be in the ocean (internet). You said very specifically that you were talking about ALL commerce, NOT just about critical infrastructure. Would you like to flip-flop a third time and go back to critical infrastructure? If so, refer to my explanation of why public health services are connected.
Re: (Score:2)
Pretty bloody easy to define the difference between hacking and act of war. Any hacking attack you can simply divert by cutting the connection is not an act of war. A major electro magnetic pulse generated by a thermonuclear war head is an act of war.
For the idiots at the NSA, permanent damage versus repaired disruption. They just need to ask the buddies at the CIA when it comes to their idea of torture, permanent harm equals torture non permanent harm according to them, based upon them being a bunch of sick psychopath sadists, does not equal torture.
So if you ain't using explosives on digital infrastructure it ain't war. No matter how badly behaved the NSA has been, their acts have not quite crossed the bounds of an act of war. Somehow I guess this will be another example of American exceptionalism and when the US does it, it is not an act of war and when any other country does it, it is an act of war and the US must spend another billion dollars on the US military industrial complex per incident or so the lobbyists say.
So if country XYZ was actively attempting to retarget and launch our nuclear weapons towards our own cities this would not be an act of war just because we could stop it?
In the same way then, would country XYZ firing nuclear weapons at us not be an act of war just because we could (imagine) shoot them out of the sky with laser satellites (or whatever)?
Clue #1: Nobody calls it Cyber except Doctor Who (Score:3)
While you're looking for "the cyber threats" you might as well just buy a modern dictionary. Nobody calls anything "cyber" anymore and the number two threat is malware... right behind the number on threat... the NSA.
Cyber-think your way out of that one, NSAmen. Time is short. The cybermen are coming.
the net is not bound by any law and shouldn't be (Score:1)
When you went online you agreed to accept any traffic thrown at you. There never has been any system to prevent that. If you can't handle it don't get on the internet. It's not war when someone attacks you- it's the internet.
That said the underlying problem is shitty code on a grand scale. If the US wanted to defend itself it would start implementing programs to review every bit of critical code multiple times, minimizing baggage, developing best practices and standards for critical infrastructure like: TC
Re: (Score:2)
Intel's remote management software is scary when you look at what it can do.
They mention some of the more powerful features are only available on your LAN, hoping you'll forget that to some... The entire internet is their LAN.
Then there's the features they don't tell you about.
Scary capabilities advertised as control features.
This isn't impossible... (Score:1)
Attacks against targets that are considered basic infrastructure for life, government or defense with damages that severely cripple those sites and cause harm to American citizens.
Shutting off power, blanking out emergency services, crashing planes, etc.
NOT downloading a MP3 or looking at porn or reading a johnny rocket how-to for do-it-yourself nuclear reactors. I am still on the fence about economic stuff since that does affect everyone, however it's all fixable. It's hard to goto war over damages to your
This isn't impossible... (Score:2)
Contractors, the politically connected all then feed from the event with digital products, services, clean ups, changes, new expensive training and long term monitoring.
All that is found is a legal worki
I'm still trying to figure out cyber operations :/ (Score:1)
CYBER!!!!! (Score:1)
Pass me the floppies, I've got my acoustic coupler hooked up and I'm loading up the BBS! Gonna get some sweet warez from the sysop.
giddeeup [youtube.com]
trapped in nomenclature (Score:2)
we need to have pity upon government workers tasked with these jobs, especially the military
some of them spend their entire working day on tasks that *help* us (of course others do other things too...ahem)
so..."criminal activity" or "act of war"
i understand the distinction...but beneath those options are huge icebergs of heirarchy and process
the way out is to take the technology out of the equation...
chinese government hacker uses the internet to steal nuclear plans
-now take the tech out-
chinese government
trapped in nomenclature (Score:2)
On average they might have been kind of expected to be found? The press getting whispers to stoke public outrage to show that they where very real?
A nation goes to try and build from altered plans that wastes a decade and makes import supply lines and requests show up?
The domestic press feeds a perfect operation to ensure plans are seen as real but nobody told the rest of the cleared political or signals intelligence teams no
Just attack your own citizens! (Score:3)
Re: (Score:2)
Nice one!
Hint: What YOU do is an act of war... (Score:2)
I guess their troubles are how to define it so that they are a mere criminal gang (and hence have immunity like all "law enforcement"), yet others are committing acts of war so they can be drone-killed and it is (legally, but not ethically) not murder...
Probably just stalling (Score:2)
while they try to sneak through another Secret Law [wikipedia.org] like the Patriot Act which will assume that everyone is a CYBER WAR CRIMINAL.
Hacked some credit cards? Cyber war criminal.
Spoofed a website? Cyber war criminal.
Changed your grades? CYBER WAR CRIMINAL.
Wrote some open-source code? CYBER. WAR. CRIMINAL.
Politics (Score:3)
Of course the NSA knows what an act of war is, in cyber terms. They just don't want it defined as such because they themselves are no doubt performing those very acts on perceived threats and allies alike and yes, on American citizens as well.
i've seen this before (Score:2)
this is like the scene in the movie where the parent knocks on the door to the kids room asking "what are you doing in there!?!?" knowing full well... and the kid hurriedly puts out his joint and sprays air freshener... "nothing!!!"
The Truth Will Set You Free (Score:2)
NSA (Score:2)
Stumbling from one million constitutional violations into the other.
And yet this 'look we're pathetic' plea.
Re: (Score:2)
Careful what you wish for. With the current generation, you might end up with iWar instead.