(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for February 27th, 2009

NSA may get more cybersecurity duties

leave a comment »

U.S. spy agency may get more cybersecurity duties
Thu Feb 26, 2009 1:20am GMT

By Randall Mikkelsen

WASHINGTON, Feb 25 (Reuters) – The spy agency that ran the Bush administration’s warrantless eavesdropping program may get more responsibility for securing U.S. computer networks, President Barack Obama’s intelligence chief told Congress on Wednesday.

Director of National Intelligence Admiral Dennis Blair said the National Security Agency, which is responsible for codebreaking and electronic spying, should assume a greater role in cybersecurity because of its technological prowess and current role in detecting attacks.

“There are some wizards out there … who can do stuff. I think that capability should be harnessed and built on,” Blair said in testimony to the House of Representatives intelligence committee.

Blair acknowledged that many Americans distrust the agency, which operated former President George W. Bush’s secret program of warrantless electronic spying on some Americans’ overseas phone calls.

“The NSA is both intelligence and military, two strikes out in terms of the way some Americans think about a body that ought to be protecting their privacy and civil liberties,” Blair said.

Government concern over computer network vulnerability has risen as computer hackers become more sophisticated.

“A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure,” Blair said. “Cyber-defense is not a one-time fix; it requires a continual investment.”

Billions of dollars are at stake. Defense contractors Northrop Grumman Corp (NOC.N: Quote, Profile, Research), Lockheed Martin (LMT.N: Quote, Profile, Research) and Boeing Co (BA.N: Quote, Profile, Research) are working on classified cybersecurity projects for the U.S. government.

Software and telecommunications companies also are likely to play a major role, said Democratic Representative Dutch Ruppersberger, whose Maryland district includes the NSA.

Earlier this month, President Barack Obama ordered a 60-day cybersecurity review and named Melissa Hathaway, the top cyber official with the intelligence director’s office, to a White House post overseeing the effort.

Some lawmakers have said the Homeland Security Department, which plays a leading role in U.S. computer security and is incharge of protecting federal civilian networks, is not up to the job.

Blair said he agreed: “The National Security Agency has the greatest repository of cyber talent.”

“They’re the ones who know best about what’s coming back at us, and it is defenses against those sorts of things that we need to be able to build into wider and wider circles.”

I posited this back a while ago and got some angry replies from folks. I agree, the watchers need watching but, we really need the help here.. I am willing to let the NSA (with supervision) do the job

Written by Krypt3ia

2009/02/27 at 15:44

Silver lining for IT security staff?

leave a comment »

Tim Watson, 26 Feb 2009

I’m not a fan of zombie films, or of horror films in general. It’s the waiting I can’t stand, the interminable suspense. Perhaps it’s a professional aversion.

For anyone involved in the computer security industry, waiting for bad things to happen is what we do. We lock the doors, block the windows and keep a careful eye on the open fireplace, while all around, outside, the hordes of zombies mass.

The organisations we work for see us as killjoys, as nerdy Cassandras. While they carry on oblivious, we’re tugging at their sleeves and pointing out the imminent doom. For years we kept telling them, and now they see that we were right.

Well, OK, it wasn’t quite the apocalypse that we were expecting. While we were watching the network logs and applying software patches, some clowns in the banking industry destroyed our economy. Let’s just say that we were right in principle.

So the financial world is in meltdown, companies are shrinking and folding, and security is on everyone’s mind. Is it all going to be over by Christmas? Are we at the beginning of the second Great Depression? And what of the computer security industry? Will it be boom or bust for those charged with manning the barricades? It goes against my better professional judgement but, as far as the future is concerned, I’m reasonably optimistic.

The rest HERE

Ehhh, I am not so much an optimist on this. You see, people as a species are rather poor at determining danger other than the short term “fight or flight” danger it seems from my observations. The whole arena of information security has been a sore point on this issue because so few get it and really try to enforce it. Never mind the fact that many companies and people running them usually cut security right off the bat as a cost center despite the fact it is necessary.

Then we have the problem of lack of understanding, which also breeds laziness and lacksadazical atitudes toward the technology and its protection.. Ya know, like the popularity of “1234” as their master password *shudder* So yeah, I really have very little faith in people, ok, “management” doing the right thing where security is concerned.

So now we are in the recession of a century and this guy thinks that security won’t take the hit? The only way I see that happening is if the regulation happens that I hope will come from the Obama administration. So do I think this is likely to happen? Well, I say it’s about a 40% chance of happening… Heh, maybe I am being too optimistic there huh? We shall see.

Anyway, with all the experience I have had in the infosec sphere, I have very little hope that the right thing will be done. Meanwhile the economy will collapse around us, data will be lost and or stolen in even greater quantities, and Rome will burn as the people fiddle with their iPhones…. Yay!
I could be wrong though…

Written by Krypt3ia

2009/02/27 at 01:01