Obama Creates a Color-Coded Cyber Threat 'Schema' After the DNC Hack (vice.com) 133
The White House on Tuesday issued new instructions on how government agencies should respond to major cyber security attacks, in an attempt to combat perceptions that the Obama administration has been sluggish in addressing threats from sophisticated hacking adversaries, Reuters reports. The announcement comes amid reports that hackers working for Russia may have engineered the leak of emails stolen from the Democratic National Committee in an attempt to influence the outcome of the upcoming presidential election. Motherboard adds: George W. Bush's Homeland Security Advisory System -- the color-coded terrorism "threat level" indicator that became a symbol of post-9/11 fear mongering -- is getting its spiritual successor for hacking: the "Cyber Incident Severity Schema." President Obama announced a new policy directive Tuesday that will codify how the federal government will respond to hacking incidents against both the government and private American companies. [...] The Cyber Incident Severity Schema ranges from white (an "unsubstantiated or inconsequential event") to black (a hack that "poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of U.S. persons") , with green, yellow, orange, and red falling in between. Any hack or threat of a hack rated at orange or above is a "significant cyber incident" that will trigger what the Obama administration is calling a "coordinated" response from government agencies. As you might expect, there are many unanswered questions here, and the federal government has announced so many cyber programs in the last few years that it's hard to know which, if any of them, will actually make the US government or its companies any safer from hackers.
Waste of time (Score:2, Insightful)
Re: (Score:2)
He's just mad as all get out because they got caught.
All RED, All the time. (Score:3)
C'mon. There are a million attackers 24 hours a day, for a network and data center architecture that treats security as an afterthought, and applications that are built as well as the industry standard. (smirk)
Re: (Score:2)
https://www.youtube.com/watch?... [youtube.com]
Re:Waste of time (Score:5, Funny)
I don't see Threat Level Plaid anywhere on there...
Re: (Score:1)
Two up from Threat Level Puce, four down from Threat Level Taupe, right next to Threat Level Paisley.
Re: (Score:1)
Good post, for an AC! :)
Re: (Score:2)
My first thought, even though this system has nothing but the use of color codes in common with the terror alert levels.
Using colors for this was a big mistake, if it had numerical or alphabetical levels nobody would bat an eye.
Re: (Score:2)
Of course. It's completely meaningless. Can you imagine having an online threat, turning to your friend and asking "What's the danger color right now?"
"Where and for what site?"
"The US of course!"
"My site isn't hosted in the US, and what software are you talking about?"
"Anything the Russians might use against us!"
"Oh boy, the Russians you say? What about everybody else?"
"Damn it Dan, it's red, that's all I wanted!"
"Go back to sleep George."
The threat level has been permanently established as being the color of; 'Bananas".
Re: (Score:2)
So we have one set of colors established after 911 to indicate terrorist threat levels, and now another for hacker threat levels.
This is going to get really confusing during Christmas.
Re: Waste of time (Score:5, Interesting)
A lot of people misinterpret what that was for. It wasn't "fearmongering" in any sense. Such a system was already in place for decades, only in a different form. I was in the Army at the time of 9/11, and that day we went to threatcon delta. All it was for was to signal all government personnel to assume a different security posture, as per protocol.
The public version just came off to me as being the same thing, only if any civilian entities (i.e power plants, etc) wanted to safeguard themselves based on recent events, they could reliably follow that.
It occurs to me that this is a similar system, only for cybersecurity. If people get all panicky over it, that's their problem, and it's not intended to make people afraid of anything.
Re: (Score:1)
ROFL! The filter error made me get rid of all the exclamation points after that, but really you gave me a good belly laugh there.
The Terror Threat level was one of the biggest disseminators of FUD the world has EVER seen. The Homeland Security Advisory System NEVER went below Yellow during its existence (condition 3 of 5.) It went to red once and was kept there for a couple of weeks based on the 5th anniversary of 9/11, not apparently because of any specific actionable intelligence.
Why was it finally dis
Re: (Score:1)
It's kind of sad. People shouldn't have written those communications in the first place.
Stop trying to fix the leaks and start trying to fix the problem that caused people to subvert democracy.
Re:Waste of time (Score:4, Insightful)
This is what the government does when they want to give the appearance of doing something when they really don't have any idea what to do. It didn't do anything after 9/11 and nobody really will pay any attention to it now, either.
Yes, it's called the Politician's Syllogism [wikipedia.org]. In summary:
1. Something must be done!
2. Look, this is something.
3. Therefore, we must do this!
It also seems to apply to IT.
Re: (Score:2)
They could try to stay neutral during the primaries.
Re: (Score:1)
Re: (Score:3)
But Obama's version is way better than Bush's! So it is Better, because Obama!
Re: (Score:2)
Re: (Score:3)
Black is the worst threat level...? (Score:5, Funny)
[tongue in cheek]
I guess it isn't since Obama says it is ok....
Re: Black is the worst threat level...? (Score:2)
No it is not racist. If white was on the top level and blacks, reds and tans were at lower levels, then it would be racist. This is a diverse pallet and diversity helps make us safe.
Now, much the content in various emails written by Democrats for Democrats was racist.
Re: (Score:2)
"You whites are too picky"
"You blacks are too easy going"
Sergeant: "This is the Army, we're all GREEN. Say it, We are green! We are green!"
Men: We are Green!
Men: We are Green!
Sergeant: "Good! and you, the dark green one, clean up your desk!"
-- Beetle Bailey, before the world went PC
Re: (Score:2)
Maybe Obama is just using this to implicate that whites are "unsubstantiated or inconsequential "...per the description of t
Re: (Score:2, Funny)
No, you've got it wrong. If Black is the new Red, and Orange is the new Black, then by the transitive property, Orange is the highest level threat, therefore, we must immediately protect the country and ourselves from Donald Trump.
peg that bugger at black.... (Score:3, Insightful)
Re: (Score:2)
Our current level is solid black.....because programmers don't care about bugs, managers don't let them care, and our critical infrastructure is connected to the internet.
Got to be agile bruh!
Re: (Score:3, Informative)
"Agile" means changing jobs quickly when bleep hits the fan due to IT fads and bad management.
Re: (Score:2)
s/means/causes/ and it's equally true.
Re: (Score:2)
Schema? (Score:1)
Yes, let's adopt the most widely-mocked concept of Rumsfeld's DOD and apply it to the most widely-obfuscated topic of national security, making the whole thing seem absolutely as trollish as possible.
The only thing missing is an article by Gersh Kuntzman about how his amazon gift order invoices got leaked to family members and ruined his Hanukkah.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
It was mocked because except for New York City and airline flights (where they were perpetually Orange) it was perpetually Yellow. It was even suggested that they just get rid of Blue and Green [wikipedia.org] and admit that it would never go down.
NTAS, which replaced yellow and orange (that might as well have been painted on) with "precise, actionable" alerts [wikipedia.org] is superior in nearly every way, except for not insisting everyone panic day in and day out.
Obligatory Spaceballs (Score:1)
I just want to hear a high-ranking government official say we gone to plaid.
Re: Why hasn't Trump's campaign been hacked? (Score:2)
Re: (Score:1)
Why hasn't Trump's campaign been hacked?
Because the apparatchik going around hacking presidential campaigns wants Trump to win.
Whistling by the graveyard (Score:2)
Color coded alerts? (Score:1)
Obama didn't build that. Someone else built that system.
Show of hands (Score:5, Interesting)
Who here keeps up with what the current color is for our " Terrorism Threat Level " ?
* crickets *
( Who here remembers we even have one ? )
Exactly. No one cares. Even fewer are going to give a sh*t about some other lame ass color coded scheme. :|
( LoudSpeaker: Today's cyber-threat level is Muave with just a hint of Magenta )
Don't want your networks hacked ? Maybe you should keep a competent IT staff on hand. ( and treat them like you want them to stick around )
Not the contractors from India you're using because it's cheaper.
Re:Show of hands (Score:5, Informative)
( Who here remembers we even have one ? )
We don't have one anymore, actually [wikipedia.org].
Re: (Score:3)
Exactly. No one cares. Even fewer are going to give a sh*t about some other lame ass color coded scheme.
Your comment is the exact reason why they shouldn't have brought up the Homeland Security Advisory System. While the colors are the same the systems themselves are completely different. This system is an incident response system. It's like the International Nuclear Event Scale. It's a post-event system. There would never, and should never, be an ambient "color level" for this system.
The HSAS is not a post-event system. It's a system that is intended to convey the ambient risk and possibility of a terrorist
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The only time I have ever actually seen the threat level posted in public was on the front window of a gas station just off the I-84 in Eastern Oregon. I thought it was amusing.
Re: (Score:2)
Who here keeps up with what the current color is for our " Terrorism Threat Level " ?
* crickets *
( Who here remembers we even have one ? )
That color-coded 'terrorist' threat level was colored in an obtuse way. It was ROY B GIV. The DHS had its cluelessness on clear display in releasing that color chart (of how 'scared' you should be). The color order was wrong.
The usual standard for a color-scale is to follow the well-memorized rainbow color-order: ROY G BIV. That is, Red, Orange, Yellow, Green Blue, Indigo, and Violet.
And now Napolitano (former DHS chief) is heading-up the huge University of California System. Oy veh!
Will they use it on their own TLAs? (Score:5, Insightful)
So, partisan politics again? (Score:2)
OPM gets hacked... 'bama doesn't care.
His party gets hacked... well, now we need new laws and regulations and procedures!
Finally (Score:1)
All the times U.S. agencies and depts got hacked, nothing. But shit got real when it was only political.
RNC? (Score:2)
Re: (Score:2)
Would Obama do the same thing if it was the Republican National Convention?
They probably did, but having proof that the RNC colluded to try and stop Trump would be such a non-event that it might even increase political stability.
Presumably the goal here is to cause instability by undermining the candidate that is being proclaimed as the likely next president by the major media outlets.
And if those claims turn out to be more wish than fact, it still servers to make politicians nervous.
Re: (Score:2)
Isn't more interesting that the actual contents of the email leak is not getting much attention on Slashdot? For example the email where they call outreach to hispanic voters Taco bowl engagement. Or the meeting between the DNC and MSNBC or the fact that a Poltico blogger sent a story to the DNC to get feedback before publishing it.
Wouldn't numbers be easier? (Score:2)
Re: (Score:2)
Feelin' blue (Score:1)
What's the blue screen mean? Windows is giving me one now.
Re: (Score:1)
That's McAfee for ya: it "works" only because the hacker gets too bored waiting for slow McAfee-infested machines to respond.
They'd rather hack drying paint.
Re: (Score:2)
Everything normal.
This will work as well as Bush Clinton Reagan (Score:1)
None of the previous security protocols worked either.
Information just wants to be free, especially when it can be socially engineered and exists in multiple locations at various times.
now it is about color (Score:2)
Instead of showing leadership (Score:2)
Instead of showing leadership by going medieval on the DNC bigwigs, we get some stupid color coding scheme. Obama administration in a nutshell.
Re: (Score:2)
Somewhat obviously political (Score:1)
So, the government gets hacked and no overall action is taken, pentagon hacked, no particularly overarching initiatives. But the private organization, the DNC, they get hacked and Obama springs into action and creates an overarching initiative, because, well, political strategy is more important than Chinese military hacking, Russians hacking defense organizations and industry, etc. But threaten the liberal agenda by disclosing the truth, sure. Hacking the DNC warrants a more active response than Snowden wh
Re: (Score:2)
Obama has consistently acted as if hacking a private company is worse than hacking the government. This attitude predates him.
Hacked the pentagon and stole technical data on a top secret weapon system? Meh, that's just what governments do. Hacked into Apple and leaked the release date for the next iPhone? Cyberterrorism!
Awesome (Score:1)
Go to Blue Alert! (Score:1)
"Sir, are you absolutely sure? That does mean changing the bulb."
Red Dwarf: https://www.youtube.com/watch?v=Qa_gZ_7sdZg [youtube.com]
Impact to citizens (Score:2)
The chart [vice.com] specifically mentions "civil liberties" being impacted. Does that mean we can get the Patriot Act classified as a terrorist document?
Oh goody (Score:2)
DNC email more precious than classified US info (Score:2)
So, when the DNC's email servers have been compromised, the White House scrambles to come up with some cockamamie Directive on United States Cyber Incident Coordination. However, if the Secretary of State uses her own, unsecured server, the POTUS just states that "it was just a mistake" and doesn't endanger national security and the AG doesn't even try to slap a wrist.
What a bunch of inconsistent idiots.
What? (Score:2)
No threat level pink? This is an insult to all women...and people that are sympathetic to women...and people that are men that really want to be women.
And no threat level rainbow? Oh the humanity!!! Once again we have left our LGBT brothers and sisters in the lurch.
And code black is an imminent threat? Sounds vaguely racist.
No...this just won't do. Back to the drawing board Barack.
Wrong response (Score:1)
Do NOT let the russians win! (Score:1)
Regards, The Chosen Few Who Truly Understand
It's Chartreuse, run! (Score:1)
Years ago I remember a pundit joking that Obama would change the terror threat level colors (from the W era) into "chick colors", implying that Obama was effeminate, gay, and/or p-whipped.
It had colors like chartreuse, coral, fuchsia, periwinkle, peach, etc.
Purple Alert (Score:2)
https://youtu.be/rENdZ4dk6BI [youtu.be]
Dog Wagging (Score:2)