×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Plans Cyber Shield For Private Companies and Utilities

samzenpus posted more than 3 years ago | from the more-power-to-the-shields dept.

Security 178

wiggles writes "The federal government is launching an expansive program dubbed 'Perfect Citizen' to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program. The surveillance by the National Security Agency, the government's chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn't persistently monitor the whole system, these people said. How do we feel about NSA spyware in all of our infrastructure?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

178 comments

Surveillance (5, Insightful)

SquarePixel (1851068) | more than 3 years ago | (#32841318)

Yes, because more surveillance is what is needed. Every year it goes further and further. The good thing is that at least they know to take it slowly - increase the surveillance just a little bit at a time and people wont really complain or notice. In a few years you will be there, just like with UK.

I would think that internet infrastructure belongs to the "critical" category too. Just tell your political opinions in a private conversation to someone, say you don't like the mayor and expect a lawsuit. How long until "harmful content" like P2P and porn starts to get blocked? Looks like USA is not that far from China after all.

And a name like a "Perfect Citizen"...

Re:Surveillance (4, Insightful)

Pojut (1027544) | more than 3 years ago | (#32841366)

Seriously? Calm down. They aren't monitoring the communication of private citizens, they are monitoring incoming connections on critical infrastructure systems.

Besides, monitoring the communication of private citizens happened a while ago under a happy little thing called the Patriot Act. ::flamesuit::

Re:Surveillance (4, Interesting)

causality (777677) | more than 3 years ago | (#32841474)

Seriously? Calm down. They aren't monitoring the communication of private citizens, they are monitoring incoming connections on critical infrastructure systems.

Besides, monitoring the communication of private citizens happened a while ago under a happy little thing called the Patriot Act. ::flamesuit::

The mention of the Patriot Act was apropos. That's because when I first saw the name of this, "Perfect Citizen", I wondered whether that sounded Orwellian to anyone else.

Stop parroting other people (-1, Troll)

Anonymous Coward | more than 3 years ago | (#32841590)

You've never read 1984 and only have the most naive understanding of anything it talks about, so stop quoting it you fucking loon, it's losing its meaning.

Re:Surveillance (4, Interesting)

slick7 (1703596) | more than 3 years ago | (#32841760)

when I first saw the name of this, "Perfect Citizen", I wondered whether that sounded Orwellian to anyone else.

To paraphrase a quote, "The only Perfect Citizen is a totally subjugated and suppressed citizen".
To really secure the infrastructure, a system of up-links and down-links to the TDRS satellites would be more secure. If land-based connectivity is required, then dedicated fiber-optics is a good bet. Just by-pass the internet altogether.

Re:Surveillance (2, Insightful)

FooAtWFU (699187) | more than 3 years ago | (#32842402)

Which works great until $serious_spy_agency splices the fiber somewhere and takes over everything.

Air-gap security is all fine and good against casual hackers, but still leaves you with an awfully gooey center. I don't know why Slashdotters keep advocating it as such a panacea.

Re:Surveillance (5, Interesting)

Philip K Dickhead (906971) | more than 3 years ago | (#32842618)

The summary for the submitted article misses almost EVERY important aspect to this story, as it was initially reported! It almost looks like an attempt to deliberately minimize concern over the dubious legality and suspect agenda for "Perfect Citizen".

In fact, Samzenpus and "Wiggles" seem content not to mention the program's Orwellian name, nor the specific use of the term "Big Brother" by Ratheon contractors associated with the NSA on this effort.

Here is the summary I supplied, when submitting this story as a front-pager for Slashdot. I believe that it is more cogent and INFORMATIVE than the blandness offered us.

The WSJ is reporting on an $100M NSA program [wsj.com] "to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants." All of which sound nice enough, if one does not become critically focused on the name they chose for this effort: 'Perfect Citizen'. [pcworld.com] Releasing this to the WSJ has the appearance of PR cover for the expansion of both warrantless surveillance [wikipedia.org] and the intrusion of the NSA into a theatre of domestic operations. [eff.org]
Ratheon, the NSA contractor charged with realizing the NSA vision for the 'Perfect Citizen' program openly called this the "Big Brother" [theregister.co.uk] system, in internal communications.

For once, I really wouldn't mind a "dupe" story, either my summary or that of another poster with some insight to the implications of "Perfect Citizen".

Perfect Citizen (0)

Anonymous Coward | more than 3 years ago | (#32842556)

Not Orwellian so much, but Chinese, Perfect Citizen sounds much like Harmonious discourse to me.

Regardless, I nearly choked on my coffee.

Oh god, captcha: smiles

Re:Surveillance (4, Informative)

rotide (1015173) | more than 3 years ago | (#32841534)

I'm no tinfoilhatter (see my post history) and I can easily state that the government does and has been monitoring communications of citizens since before the PATRIOT Act.

Google any of the following:
Project Echelon
FBI Carnivore
FBI NarusInsight

This isn't fear mongering against the government. Those are actual programs/projects the government uses to watch those they want to watch. Actively, passively, whatever it is it doesn't change the fact that the government has the means and the will to watch those it finds worth watching.

Now, to think that the new system will watch international connections only is short sighted. All you have to do is argue that an "enemy" could bounce through an internal (to the US) proxy and the government would have wholesale reason to peek at _every_ connection, foreign or domestic.

Re:Surveillance (4, Insightful)

Pojut (1027544) | more than 3 years ago | (#32841602)

Regardless, as I've said many times on this site...in the year 2010, honestly thinking that most if not all digital communication that you engage in isn't tracked, monitored, or recorded at SOME POINT, either by a company or by the government, is just foolish. I operate under the assumption that I have zero privacy with my cell phone and online, and act accordingly.

Re:Surveillance (2, Funny)

LilGuy (150110) | more than 3 years ago | (#32841886)

Ahhh the good old days of Echelon. If only we could go back to such simpler times. :)

Re:Surveillance (4, Insightful)

commodore64_love (1445365) | more than 3 years ago | (#32841592)

>>>hey aren't monitoring the communication of private citizens, they are monitoring incoming connections on critical infrastructure systems.

Like the smart meters being installed in Californian homes. All they need to do now is upgrade the firmware to include a little NSA spyware (literally) so they can how much energy you are using & what it was for. ("Running grow lamps in the basement - mmm interesting. Notify the Drug Agency.")

Patriot Act sucks

The Patriot Renewal Act which Obama signed sucks even more. At least George Duh Bush could claim he didn't know what was in the bill whe he signed it in 2001, but Obama observed the direct consequences of the law (police entering homes w/ self-written warrants; spying on communications; arrests without right of trial). He should have vetoed that bill.

Re:Surveillance (0)

Anonymous Coward | more than 3 years ago | (#32841708)

lol you still believe in Obama..

Re:Surveillance (1)

tibman (623933) | more than 3 years ago | (#32842126)

My guess is intel agencies already have access to power consumption numbers.. though not live data, like a smart meter provides. I really don't think it's that useful though.. does a plug-in hybrid look like a rack of grow lights? Or a rendering cluster? Or a water-splitting setup? But i do think it would be bad for them to have access to. If i had that data, i could plan my raids around the times of least usage.. under the assumption that everyone is asleep or out of the house. It could be useful in a very short list of situations though.

Re:Surveillance (1)

commodore64_love (1445365) | more than 3 years ago | (#32842218)

Yeah but now they are putting meters inside appliances which will communicate with the central smart meter (house thermostat). So they'll be able to see if it's a plug-in hybrid or a rack of grow lights.

Aside-

Thank $deity that firefox has redline spell-checking. My fingers must be numb today - all kinds of typos

Re:Surveillance (1)

Hylandr (813770) | more than 3 years ago | (#32842614)

You are assuming the rack of glow lights has the ability to identify itself to the smart meter. Legacy devices will never register. Their usage can be metered, but the sum aggregate of the legacy devices will be indistinguishable from 1 big device or one hundred small ones.

Push comes to shove I have enough electrical know how to open simple devices and cut out the 'smart' circuit. Things like TV's might be able to require a signal from the smart device to operate but who cares how long the tv is on for?

Any device pulling power for an activity criminal in nature can be easily bypassed, and you can't make the legacy devices illegal to prevent them from getting on the 'smart grid'.

Good luck with this one.

- Dan.

Re:Surveillance (1)

locallyunscene (1000523) | more than 3 years ago | (#32842486)

RTFA:

Some companies may agree to have the NSA put its own sensors on and others may ask for direction on what sensors to buy and come to an agreement about what data they will then share with the government, industry and government officials said.

While the government can't force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, officials said.

They don't need to do any firmware upgrades. All the data all ready goes to those energy companies. It will be up to them to decide what to share with the NSA.

Re:Surveillance (4, Interesting)

Tmack (593755) | more than 3 years ago | (#32841752)

Seriously? Calm down. They aren't monitoring the communication of private citizens, they are monitoring incoming connections on critical infrastructure systems.

Besides, monitoring the communication of private citizens happened a while ago under a happy little thing called the Patriot Act. ::flamesuit::

FTFA:

A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It's a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.

They basically come out and directly say they are taking advantage of a slippery slope and happily sliding down it. So monitoring people driving is the same as watching what they are doing online.... yeh, thats not a slippery-slope argument at all </sarcasm> Next is, well, we already monitor the critical infrastructure, why not just all corporations, why not just all ISPs and all home users, then we could really catch all those sleepercell terrrrists at home!! yeh1!! its just like red-light cameras.

Tm

Re:Surveillance (0)

Anonymous Coward | more than 3 years ago | (#32841756)

Seriously? Calm down. They aren't monitoring the communication of private citizens

You don't understand do you. This is just the beginning. That kind of power is like a black hole. The closer you get the less control you have till you just can't break free. Who watches these people? Don't tell me Congress will watch them. They don't have a fucking clue. You'd better to be ready to fight for your civil liberties. /tinfoilhat

Re:Surveillance (1)

dave562 (969951) | more than 3 years ago | (#32842040)

The OP is right on target. I'm sure the government would consider "backbone routers at Tier1 ISPs" critical infrastructure. Given the compliant Congress and our society's lack of actually generating real material goods anymore, it isn't too much of a stretch to imagine the RIAA/MPAA convincing Congress that P2P is a serious threat to the economy. Oh noes, cyber-attacking pirates off the fiber-port bow!!! Shut down teh intartubez! Save the contents!!!

Re:Surveillance (1)

Jawnn (445279) | more than 3 years ago | (#32842374)

The OP is right on target. I'm sure the government would consider "backbone routers at Tier1 ISPs" critical infrastructure. Given the compliant Congress and our society's lack of actually generating real material goods anymore, it isn't too much of a stretch to imagine the RIAA/MPAA convincing Congress that P2P is a serious threat to the economy. Oh noes, cyber-attacking pirates off the fiber-port bow!!! Shut down teh intartubez! Save the contents!!!

Bingo!
The implied situation is that Tier 1 ISP's don't do have IDS and appropriate procedures in place and need help from the government to look to the security of their networks and systems. Somehow, I think that the ISP's are already doing a far better job of this than some low-bid government contractor will. Though, as we've seen, utility companies..., maybe not so much. Fine, draft regulations and then enforce them with meaningful penalties for failure to comply. Don't suggest that "the government" can do a better job because, when it comes to cyber security especially, it's track record is spotty, at best.

Re:Surveillance (0)

Anonymous Coward | more than 3 years ago | (#32841808)

Really? Should I really care that the feds will be snooping on data being sent to our critical networked infrastructure? Stop acting so self-righteous. The federal government has an obligation to monitor things that are of vital national interest like the power grid. I for one am glad they're finally being proactive about security for a change, instead of passing the buck until a major crisis happens and then forming 20 commissions to investigate what went wrong.

Re:Surveillance (1, Insightful)

bonch (38532) | more than 3 years ago | (#32841996)

Don't worry, all the people who would have bashed Bush for doing this will defend it because it's Obama.

P.S. Sure can't wait for "net neutrality." What could possibly go wrong with having the government regulate internet traffic?

Re:Surveillance (0)

Anonymous Coward | more than 3 years ago | (#32842646)

Don't worry, all the people who would have bashed Bush for doing this will defend it because it's Obama.

Name one.

P.S. Sure can't wait for "net neutrality." What could possibly go wrong with having the government regulate internet traffic?

Why do you insist on lying about what net neutrality means? Because you know you're not mentally competent to argue effectively against what it actually means. That is literally the only possible answer.

Re:Surveillance (3, Informative)

mrbofus (1189727) | more than 3 years ago | (#32842160)

What the submitter forgot to include is that this is an opt-in program; companies can choose to have their networks monitored by the government. Might have helped in a case like the Google/China hacking incidient.

Perfect Citizen (1)

Dan541 (1032000) | more than 3 years ago | (#32842706)

I swear the people who name such programs must be deliberately trying to bait conspiracy kooks.

Think? (1)

0racle (667029) | more than 3 years ago | (#32841354)

You're not cleared for that citizen.

Re:Think? (1)

easterberry (1826250) | more than 3 years ago | (#32841380)

I knew I should've worn my violent shirt today... but the infrared but just so stylish!

Re:Think? (1)

easterberry (1826250) | more than 3 years ago | (#32841402)

s/violent/violet

Re:Think? (0)

Anonymous Coward | more than 3 years ago | (#32841576)

That explains the first typo... Care to take a shot at the second one?

Re:Think? (1, Funny)

Anonymous Coward | more than 3 years ago | (#32841660)

s/violent/violet

Had it right the first time.

Perfect Citizen. Imperfect Government. (1, Interesting)

Anonymous Coward | more than 3 years ago | (#32841400)

I suspect this will turn a tower of babel of insecurity into a monoculture of insecurity.

And future exploits will involve DOS by getting the NSA sensors to trip. Which I assume might just shut down such networks which will cause plenty of problems.

Re:Perfect Citizen. Imperfect Government. (1)

commodore64_love (1445365) | more than 3 years ago | (#32842028)

>>>monoculture of insecurity.

"Monopoly" is the word you're looking for, and an Uncle Sam monopoly is no better than a Comcast monopoly. On the contrary: It's worse.
.

>>>future exploits will involve DOS by getting the NSA sensors to trip

And of course the failure of the government to secure the net will be used as proof that we need more, not less government.

but.. (0)

Anonymous Coward | more than 3 years ago | (#32841434)

What if the network does come under attack, and gets so badly flooded out that their 'spyware' is unable to phone home to say "something fishy here.."

  What then?

Re:but.. Citizen (1)

StillNeedMoreCoffee (123989) | more than 3 years ago | (#32842178)

What if a person goes on a rampage in a school and shoots up people. Well we investigate, charge, and try and hopefully convict. The presumption of innocence prevents pre-emptive actions. We seem more and more to cater to Chaneyesque fears (where If I remember right he said if there is as little as 2% chance something bad is going to happen, we take pre-emptive steps or something like that, and we invade a country with our citizens loosing their lives and thousands suffering.. good work Dick). This getting into the middle of essentially all communications is very Orwellian and scary. I am reminded of the steps that Singapore takes to control their citizens. I understand they have urine detectors in elevators, just in case someone takes a leak when riding between floors.

If you are in the network monitoring traffic, you are monitoring All traffic, and it is only your filtering and selection programs that might capture or alert you to specific types of transmissions or to or from individuals or addresses. But you start with monitoring All traffic. So to say, they (actually we, if you think that the government is by the people and for the people) are not looking at private citizens, well of course they are, I'm sure the targets are all private citizens and the senders are either private citizens or programs written by private citizens, Aren't we all private citizens, what other kind of citizen is there, unless you mean Public citizens maybe or private non-US citizens. But we are all private citizens of some country. Are non-US citizens less worthy of protection or privacy? are they a second class of citizen? I think the issues of us vs. them can be framed in a number of ways. With this article the them may be those in the government that want to protect us from ourselves. Not their job.

Asinine (1)

TubeSteak (669689) | more than 3 years ago | (#32841446)

A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras.

::facepalm::
My internet traffic is not on a public roadway.

It's just rediculous that they're trying to make such an argument
while trying to plug these boxes into private networks.

Re:Asinine (1)

commodore64_love (1445365) | more than 3 years ago | (#32841644)

Maybe Alex Jones is smarter than he acts. He's been talking for months about Boxes being placed in homes (or at the curb) to monitor internet lines to ensure security. I thought he was nuts but now here it comes.

"Any who would give-up essential liberty for temporary security deserve neither." - Benjamin Franklin, Pennsylvanian

Re:Asinine (4, Insightful)

jeffmeden (135043) | more than 3 years ago | (#32841706)

The first thing I thought of when I read the flame-inducing "How do we feel about NSA spyware in all of our infrastructure?" was "oh well, at least there will be good-guy spyware in there with the bad-guy spyware..."

Do you really think that these private firms are honky dory with their current systems? As discussed to death at Black Hat 20[insert any year here], most private firms are years behind the DOD when it comes to info security, some of them ignoring it outright (the new power grid technology comes to mind).

If these companies aren't going to take security seriously, is it really wrong to offer a program that lets the NSA help them out? Or worse, would you rather the NSA simply hold out for a secret executive order to place surveillance equipment without the need to tell anyone? I think that this step, at least, is in the right direction. It could still go horribly wrong, but why kill it before it has the chance to do some good?

Re:Asinine (1)

commodore64_love (1445365) | more than 3 years ago | (#32841780)

>>>My internet traffic is not on a public roadway.

Maybe it's time we nerds setup our own private network. Something like Usenet or Fidnonet but much faster (the old 56k or 112k connections are not enough). On second thought, with advancing codecs maybe it would work. I just watched Doctor Who at dialup speeds (48k) and it was no more horrible than watching a VHS tape.

And to add to Franklin's quote:

- I would rather take the risk that there's a 1 in 300 million risk that a terrorist will kill me, than the 1-to-1 risk that a politician is watching me. Liberty to not be spied on is essential. And the enhanced Security is only temporary (until the next tyrant arises and decides to imprison german-Americans again). It is a lousy bargain to trade the former for the latter.

Re:Asinine (1)

ScentCone (795499) | more than 3 years ago | (#32841898)

It's just rediculous

It's so diculous, it's ridiculous twice! It's re-diculous. Not to ridicule, of course.

As for connecting things to private networks: read. This is done in cooperation with private network owners that agree it's a good idea, considering what they're operating/protecting. You're not being forced, on your own network, to have anything to do with it.

Guess (1)

mackil (668039) | more than 3 years ago | (#32841448)

How do we feel about NSA spyware in all of our infrastructure?

ummm.... NOT GOOD

Re:Guess (1, Funny)

Anonymous Coward | more than 3 years ago | (#32842270)

Doubleplusungood, in fact.

Spyware? Really? (3, Informative)

0xdeadbeef (28836) | more than 3 years ago | (#32841460)

When zealots can't distinguish between legitimate security and illegitimate spying, it hurts the credibility of civil liberties, not the NSA.

Re:Spyware? Really? (-1, Redundant)

commodore64_love (1445365) | more than 3 years ago | (#32841822)

>>>When zealots can't distinguish between legitimate security and illegitimate spying

When liberty-lovers can not see that security and spying are the same thing ("Ahhh I see citizen 12 is using grow lamps - send the DEA to investigate"), then liberty will die for all of us.

Re:Spyware? Really? (2, Funny)

Anonymous Coward | more than 3 years ago | (#32842038)

("Ahhh I see citizen 12 is using grow lamps - send the DEA to investigate"), then liberty will die for all of us.

If you are running grow lamps, maybe talking about them in every single post you make to slashdot isn't the way to keep them a secret? Just a thought.

Re:Spyware? Really? (0, Offtopic)

commodore64_love (1445365) | more than 3 years ago | (#32842300)

Anonymous Coward wrote:
>If you are running grow lamps, maybe talking about them in every single post you make to slashdot isn't the way to keep them a secret? Just a thought.

Yeah like I care. (1) I don't have any. (2) In the extremely unlikely event the DEA did show up, I'd just videotape the illegal police breakin, and then get my 15 minutes of fame on Glenn Beck, Rachel Maddown, and Youtube. It's an overall positive. - And thanks for the -1 mod.

Pick up that can! (0)

Anonymous Coward | more than 3 years ago | (#32841468)

I SAID... PICK UP THAT CAN!!

And the Maginot Line will protect France (4, Insightful)

Palestrina (715471) | more than 3 years ago | (#32841470)

That's the problem with big expensive publicly-announced efforts to protect against known attacks. The bad guys tend to not be idiots, and don't do what you expect. Come on, we can't even protect ourselves from our own stupidity, like when a trader accidentally enters an order for a billion rather than a million. If our systems are so fragile, then it doesn't take much. Oh, and what makes anyone thing that we don't have insiders willing to initiate cyber attacks? A big fire wall on the ourside doesn't help much there.

If they did it correctly, it would help. (2, Insightful)

khasim (1285) | more than 3 years ago | (#32841724)

Start with the basics. Map the traffic patterns and usage patterns.

Now, roll that data up from a hundred different companies.

You'll see the patterns.

Share that information (anonymized) with the companies so that they can hunt down any "weird" traffic on their networks.

Willing to bet (1)

ThatsNotPudding (1045640) | more than 3 years ago | (#32842370)

if the sensors mentioned are indeed hardware, they will purchased from a Defense contractor via a lucrative cost-plus agreement. Said contractor will then sub-sub-subcontract the hardware. From a Chinese quasi-military-owned manufacturer. Tah-Dah!

Citizens? (2, Interesting)

drumcat (1659893) | more than 3 years ago | (#32841476)

The fact that any government agency thinks its "corporate citizens" are perfect-able makes me ill. Yes, it's just a name, but it's time that human beings finally have more rights that incorporated entities. It's not to even be joked about by the government.

Concerns that don't involve tinfoil hats. (1)

stagg (1606187) | more than 3 years ago | (#32841498)

I'm more concerned about how this could limit the flexibility of these industries. Needing to run substantial IT changes through a federal agency could theoretically stifle innovation. You're adding another restrictive layer of bureaucracy. And then there's the age old... "they put something called linux on it, and it looked like something a hacker might use" problem. Let's hope the people monitoring this are IT people and not middle management people?

Re:Concerns that don't involve tinfoil hats. (2, Informative)

commodore64_love (1445365) | more than 3 years ago | (#32841900)

>>>there's the age old... "they put something called linux on it, and it looked like something a hacker might use" problem

Like that poor kid who was given detention. His crime? Demonstrating Linux on his personal laptop during study hall, and handing out free CDs of it to friends. The teacher assumed the kid was a pirate and punished him. She even went so far as to contact the guy who created the original CD, and scold him too! "I don't know why you are handing-out these CDs but I play to consult with lawyers and if necessary prosecute. We cannot allow you to corrupt our children." (Quoted from memory)

Fortunately a teacher has no real power, but imagine this story is the "teacher" was replaced with "NSA enforcement officer" knocking at your door and arresting you for illegal acts, such as handing out free copies of Ubuntu Linux OS. (And yes cops really are that fucking stupid. Go watch some vids on youtube.)

They couldn't have chosen a better name (0)

Anonymous Coward | more than 3 years ago | (#32841530)

"Perfect Citizen".

Ahhh... (3, Informative)

Securityemo (1407943) | more than 3 years ago | (#32841548)

From the article text, it sounds like this means deploying "normal" IDS systems on a per-network basis. "Not persistently monitor the whole system" probably serves to clarify that it won't log, capture or analyze all data; an IDS triggers when it detects something that it's rules/signatures match, much like an antivirus sans emulation/sandboxing unpacking and behaviour monitoring . "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security" sounds like they're forcing them to comply to inspection or testing.
Also, they might have wanted to pick a less dr-strangeglove-sounding name. But maybe the NSA geeks have a sense of humour too?

Wow... (2, Insightful)

Tmack (593755) | more than 3 years ago | (#32841584)

What they just described sounds like this device I heard of called a "fire wall". It can be set to alert you when bad people try to "hack" into your internets or do cyber war and will block the hackors from infecting you with computer viruses.

.. seriously, are we that far behind in our critical infrastructure that its still just plopped down on the internet without a firewall, filtering, port blocking, like some infected win95 machine from the 90s? Stuff like that should not be on the internet directly, ever. Private networks only, connected only to systems that need to monitor/control. Sure its faster/cheaper to plop a dsl line to that remote site, but its far less expensive to just get a direct private line to it than it would be to implement any of this other security theater the govment likes to use. Imagine your corporate firewall being run by the NSA....Hah

Tm

Re:Wow... (3, Interesting)

Securityemo (1407943) | more than 3 years ago | (#32841902)

An encrypted VPN secured with a key, that key itself only existing on the physically secure terminals used to access the systems and the internet-facing routers should be virtually as secure as an encrypted dedicated line. As long as the VPN software isn't faulty in some way, but it'd probably be secure enough. It might even be more secure, because if you've got a dedicated line and a stolen key you just need to tap into a point somewhere along the wire - unlike a VPN, where inbound and outbound traffic might follow different routes (a network engineer/architecht could perhaps kindly fill me in on the probability and topology of this). Or are you suggesting quantum-encrypted single-photon lines to every power plant in the US?

Keeping up with the Lees (0)

Anonymous Coward | more than 3 years ago | (#32841586)

How do we feel about NSA spyware in all of our infrastructure?

It's about time we caught back up with china.

Kiss Open Systems Goodbye (3, Insightful)

hackus (159037) | more than 3 years ago | (#32841624)

There it goes out the window with all of the Bills currently in Congress to chase the internet "boogie man" as they hire "governmental approved companies" to produce boxes to install on your internet line.

Proprietary and very secret boxes.

They will track how long you play WoW, what you buy and put you in prison for that Virus that downloads pr0n.

SO much easier to get rid of people they don't like especially if the black box has the ability to infect and download the pr0n for them onto your home PC using "government approved software".

This is getting way out of control very fast.

One thing for sure though, you won't run LINUX, you won't run anything except what that black box says you can run.

Ironically there is a very real chance that only the collusion of fascism can take down Open Source because companies can't compete against it and governments absolutely hate systems built in the open because they can't lie about what they are doing to the masses.

The "Perfect Citizen" in this definition is one who doesn't question, only uses what the government tells them to and more importantly believes that the internet is better off with it.

-Hack

Re:Kiss Open Systems Goodbye (1)

commodore64_love (1445365) | more than 3 years ago | (#32841952)

>>>One thing for sure though, you won't run LINUX, you won't run anything except what that black box says you can run.

Vice-versa: Some of us might start using Lubuntu Linux or Amiga OS specifically because we are told we can't. Some of us enjoy challenging tyrants in order to fight for freedom.

Re:Kiss Open Systems Goodbye (3, Informative)

chill (34294) | more than 3 years ago | (#32841986)

You do know they're talking about doing this to water, electric, utilities, gas and railroad infrastructure, right? "Critical infrastructure", such as traffic control centers, the power grids, gas grid and the like. You aren't critical infrastructure. WoW certainly as hell shouldn't be running on critical infrastructure. Traffic in those network SHOULD be watched and coordinated. The companies can either let the NSA do it or purchase the equipment and do it themselves.

Last I knew, those "proprietary systems" (example here [narus.com]) were Linux-based using libpcap but on screaming fast hardware. Proprietary analysis software is used to baseline traffic patterns and look for anomalies.

Uhm... no... (0)

Anonymous Coward | more than 3 years ago | (#32842302)

I strongly disagree..

They will track how long you play WoW, what you buy and put you in prison for that Virus that downloads pr0n.

Do you really think the gov't cares how long you play WoW, what you buy or how much you like to jerk off? They don't. And, if their "little black boxes" are monitoring your traffic, they should be able to tell the difference between a pent-up user and a malicious downloader, by the type and amount of traffic. They do even take legal action unless it is illegal content that you are surfing.

This is getting way out of control very fast.

How do you figure?

One thing for sure though, you won't run LINUX, you won't run anything except what that black box says you can run.

First off, no body is going to tell me what I can and can't run on my network (which happens to be 98% Linux). This wicked evil government has put laws in place to prevent monopolies, which is exactly what you are saying would happen.

Ironically there is a very real chance that only the collusion of fascism can take down Open Source because companies can't compete against it and governments absolutely hate systems built in the open because they can't lie about what they are doing to the masses.

The US government USES F/OSS systems in their own infrastructure and even publish whitepapers on hardening said systems to comply with DoD standards. For you to state that they hate open systems is to point out the fact that you have no idea what you are talking about, in that regard. Personally, I find the NSA/DOD whitepapers on open-source sercurity to be some of the best.

Seriously, people. Do some research into matters and gain a better understanding of the way things currently are before spouting that the government is bringing about a dystopian future by wanting to monitor and secure critical national infrastructures and the infrastructures of those third-parties that are put in charge of them. IMO, I think the government SHOULD step up security on the cyber front. God knows they have been pretty lacking [popsci.com]

Re:Kiss Open Systems Goodbye (1)

tibman (623933) | more than 3 years ago | (#32842484)

I don't want to step on your rant, but most US Gov websites i've seen.. are on linux. I would guess much of the infrastructure is the same. End-user computers are mostly windows boxes though. With those come exchange and sharepoint and blah blah. But the critical stuff appears to be linux/bsd. You can check here: http://toolbar.netcraft.com/site_report?url=whitehouse.gov [netcraft.com]

Also, the last time i saw a Certificate of Networthiness list.. there was plenty of OSS approved: apache, php, python, putty, RHEL, firefox blah blah.

As far as the rest of your post is concerned.. i have no facts one way or the other.

thats right citizens! (1)

nimbius (983462) | more than 3 years ago | (#32841656)

its another cyberwar/cyberattack/cybersecurity article! your friends at Raytheon, a wholesome defense contractor, got the contract this time for a surveillance project to fight the upcoming cyber[war/attack]. they of course being shy about the whole thing declined to comment about it.

Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind.
the bigger issue is why are private corporations allowed to operate things like nuclear reactors in such a manner that apparently poses imminent threat to national security and public safety, then turn around and ask the government to secure their systems for them?

Definition of "Slippery Slope" (1)

Tmack (593755) | more than 3 years ago | (#32841658)

A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It's a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.

"You already gave up privacy for traffic cameras, so we can watch you drive, now we want to see what kinds of pr0n you like, cause thats no different and no big deal and its to stop the terrrrrists from doing another 9-11." This is exactly why privacy advocates are so rabid about what seems to be little things. They add up quick, and eventually get used as a "well we already do X, so this should be fine".

Tm

"Perfect Citizen" (3, Interesting)

L3370 (1421413) | more than 3 years ago | (#32841666)

Is it just me, or does "Perfect Citizen" sound like the most completely sinister project name you could give?
Seriously, shouldn't they try harder to disguise the intentions with a name like "Save the children security project" or "Patriotic Minutemen project"????

Re:"Perfect Citizen" (1)

dorkinson (1615103) | more than 3 years ago | (#32842108)

As the camera zooms out, our protagonist sees the manilla folder actually reads "To Perfect Citizen Enslavement"

Here's another idea... (1)

d474 (695126) | more than 3 years ago | (#32841672)

How about just disconnecting critical infrastructure from the internet all together? Which desk do I send my invoice to inside the NSA?

Wouldn't a secure OS be a better option? (1)

ka9dgx (72702) | more than 3 years ago | (#32841680)

Cabsec - Capability Based Security has been around for a long time, it was part of Multics... the idea of having real security built into the OS, available as a tool for the USER to decide what resources to make available to an application, is a very powerful one.

Unfortunately, its a boil the ocean solution.... you have to build a new OS which supports it, and then port your apps.

Re:Wouldn't a secure OS be a better option? (0)

Anonymous Coward | more than 3 years ago | (#32841772)

Trusted operating systems exist. They're prohibitively expensive for most organizations.

Bias? (2, Insightful)

andy1307 (656570) | more than 3 years ago | (#32841716)

How do we feel about NSA spyware in all of our infrastructure?

Better than Chinese spyware in all of our infrastructure.

I feel hopeful (0)

Anonymous Coward | more than 3 years ago | (#32841770)

Also, changed.

False positives and masked attacks (1, Insightful)

karl.auerbach (157250) | more than 3 years ago | (#32841788)

The net has huge tides - but unpredictable ones such as the traffic burst that happened when Michael Jackson died.

Those traffic shifts, along with the introduction of new technologies (such as IPv6, cloud computing, and smaller things like the next twitter) will create false positives.

And an attacker, knowing that there are these bursts fairly frequently and that during them there will be false triggers, will time the launch his attack so that it occurs during or shortly after one of those events.

Personally I don't think NSA has the chops to do this monitoring job. Why? Because to do a good job a lot of data needs to be correlated and NSA, if anything, is very unwilling to share its data with others who may also be watching - like ISPs and power companies or just those of us chatting on mailing lists and noticing that weird things are happening.

Re:False positives and masked attacks (1)

99BottlesOfBeerInMyF (813746) | more than 3 years ago | (#32842148)

Those traffic shifts, along with the introduction of new technologies (such as IPv6, cloud computing, and smaller things like the next twitter) will create false positives. And an attacker, knowing that there are these bursts fairly frequently and that during them there will be false triggers, will time the launch his attack so that it occurs during or shortly after one of those events.

This is pretty much a solved problem. You're picturing a system that monitors traffic level, then automatically shuts off the traffic in an emergency. That's not the state of the art and hasn't been for a long time. Rather, you deploy IDS systems that build a relational database of "normal" traffic on a network over time. Administrators look at the traffic ad mark some of it as "critically important" like the connection between the control system update board and the deployed sensors, and the connection between the payroll server and the payroll administrator's office. The rest of the traffic is stuff you don't care about that much, like the public facing Web server or the FTP server used by developers on site, or the desktop computers ability to access random ports to run P2P or play Quake after hours.

So what happens when Michael Jackson dies and all the desktops start going to a few Web sites and at the same time a hacker compromises a desktop and starts spreading a worm in the LAN? The IDS system freezes traffic levels and automatically prevents the desktops from talking on any non-critical ports while at the same time throttling Web traffic to sites about Michael Jackson. At the some time it contacts the security admin, shows them the traffic, attempts to identify some of it as a propagating worm, and lets the administrator decide what to do about it... all the while all the critical business is still getting done.

Personally I don't think NSA has the chops to do this monitoring job. Why? Because to do a good job a lot of data needs to be correlated and NSA, if anything, is very unwilling to share its data with others who may also be watching - like ISPs

There are already programs among ISPs and large network operators that do share just this kind of attack data (anonymized) to better coordinate security. I was involved in the creation of one of them. The DoD and NSA do participate.

The universal OFF switch (3, Insightful)

Drakkenmensch (1255800) | more than 3 years ago | (#32841960)

How about just... not connecting EVERYTHING to the net? The best way to prevent an unauthorized user access to the main control switches of a power plant is to simply have those commands input manually by someone you reach directly by phone. You won't be able to hack those employees directly until those nifty GITS full body replacements roll in (ETA Q4 2013)

Sensors (3, Insightful)

Thelasko (1196535) | more than 3 years ago | (#32841966)

would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack

How will the "sensors" communicate with the NSA while being attacked? The internet?

That Name! (2, Funny)

eheldreth (751767) | more than 3 years ago | (#32842016)

Am I the only one that read the name of this project and gave serious consideration to buying a shiny new bunker in Montana.

boondoggle (3, Interesting)

Jodka (520060) | more than 3 years ago | (#32842190)

A single flaw in a common security architecture is a pervasive vulnerability whereas a heterogenous system is robust to targeted attacks.

They would do better to solicit bids for multiple systems from private contractors and place the NSA as well as the public security community in the roles of auditors. That would also allay concerns about covert monitoring by the NSA.

Open-sourceing the product and allowing public audits is advantageous because what is sometimes obscured by "Security through obscurity" is that foreign operatives have covertly horked your source code and analyzed if for vulnerabilities.

What FEMA did for Katrina and the EPA did for the golf oil spill this program will do for online security: create an ineffective program which creates a false sense of protection, displacing genuinely effective protective measures. I am not saying that there is no roll for government here, but rather than the rolls played by government are typically either useless or harmful and it would be nice if it took a different approach; Give the Harvard MBAs and MIT and Caltech Ph.D engineeers working at Cisco and IBM opportunities to innovate and place the government and public in the role of customers holding contractors accountable for supplying quality products.

I guess (1)

ThatsNotPudding (1045640) | more than 3 years ago | (#32842278)

'Law-Abiding Citizen' was too tied up in the movie rights. I wonder if the project to select a name for this program was titled: Operation Hamfist.

Like as in also (1)

AnAdventurer (1548515) | more than 3 years ago | (#32842298)

Will this be like my bank blocking my debit card "for unusually activity"? Because that has never worked. The government's most secret known agency putting sensors with the ability to shut down a network, what could possibly go wrong?

Unutterably stupid (0)

Anonymous Coward | more than 3 years ago | (#32842496)

Control systems for critical national infrastructure are not connected to external networks. If the NSA or any other three letter agency wants to connect gear and networks to them then they build an attack pathway that would not otherwise exist. Self-fulfilling idiocy, this.

Let's make a deal (1)

wsanders (114993) | more than 3 years ago | (#32842660)

I'll let the NSA put spyware on some of my computers, *if* they let me target a Tomahawk missile at my least-favorite spammer once or twice a year.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...