Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NSA Director Says the US Must Secure the Internet

Soulskill posted about 4 years ago | from the self-proclaimed-internet-police dept.

Government 250

Trailrunner7 writes "The United States has a responsibility to take a leadership role in securing the Internet against both internal and external attackers, a duty that the federal government takes very seriously, the country's top military cybersecurity official said Tuesday. However, Gen. Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, provided virtually nothing in the way of details of how the government intends to accomplish this rather daunting task. 'We made the Internet and it seems to me that we ought to be the first folks to get out there and protect it,' Alexander said. 'The challenge before us is large and daunting. But we have an obligation to meet it head-on.' It's unlikely that any of Alexander's comments Tuesday will do much to quiet the criticisms of the Obama administration's security efforts thus far. Speaking mostly in generalities, Alexander emphasized the administration's commitment to the Comprehensive National Cybersecurity Initiative, a plan developed by the Bush administration and recently partially de-classified by Obama administration officials."

cancel ×

250 comments

Sorry! There are no comments related to the filter you selected.

Are they joking? (5, Insightful)

ak_hepcat (468765) | about 4 years ago | (#33499474)

Until you control all the INPUTS, you can't control the OUTPUTS

I think these folks are actually trying to use scare-tactics in order to increase their own budgets short-term,
knowing that there is no feasible method of performing such a task.

Already secure (1)

sakdoctor (1087155) | about 4 years ago | (#33499524)

The internet is already secure for me, when using SSH to a trusted host.
Job done.

Re:Already secure (4, Insightful)

arth1 (260657) | about 4 years ago | (#33499726)

And how do you know that the host you SSH to is secure? It has at least one exposed attack vector if you can SSH to it, and probably more. And it's not enough that it's secure right now -- if it was broken into in the past (visibly or without traces), and someone made off with the host key, you can't protect against a man-in-the-middle attack.
Then there's the possibility of breaking in to the router in front of that host, which might give you access to other and less secure hosts in the same zone. Do you control that too?
And what about your system? Has it been 100% safe from day one until now?

No chain is stronger than the weakest link, including the endpoints.

Not quite (4, Insightful)

Burz (138833) | about 4 years ago | (#33499742)

You could be placed under investigation because of Who you ssh with.

Re:Already secure (2, Insightful)

FriendlyLurker (50431) | about 4 years ago | (#33499838)

Obligatory Pentagon War on Internet Video [youtube.com] .

The internet is already secure for me, when using [Insert Technology Here]

I think that is missing the point somewhat - It is not secure against you speaking your mind on their corruption and organizing against it.

Re:Already secure (5, Insightful)

Anonymous Coward | about 4 years ago | (#33500026)

You're missing the point entirely. When US gov. officials use the term "secure" they mean precisely "control and oppress those in question" or often "retain power at all costs". You must learn to read these statements properly.

Re:Already secure (3, Insightful)

gorzek (647352) | about 4 years ago | (#33500334)

For the US government (and likely any individual national government), the Internet has only one valid purpose: commerce. It must be a safe place to do business, first and foremost. Any other perks, such as free expression, political activism, and unbridled creativity are expendable if it makes pacifying the electorate and corporate interests easier.

When "national security" is discussed in context of the Internet, let's make no mistake, it just means "keep people from saying things we don't want them to say."

Re:Already secure (2, Interesting)

digitig (1056110) | about 4 years ago | (#33500156)

"Secure" means different things to different people.

There's an old saying that if you ask the army to secure a building then they place armed guards at intervals around the perimeter and at strategic points within the building. If you ask the navy to secure a building then they make sure the doors and windows are locked before they leave. And if you ask the air force to secure a building then they take out a ten-year lease with an option to extend to twenty-five.

Which meaning is this one?

Re:Already secure (2, Informative)

betterunixthanunix (980855) | about 4 years ago | (#33500384)

You are assuming that SSH is secure; I know of at least one attack on SSHv1, and it is likely that there are other attacks on SSHv2 (and yet-undiscovered attacks).

Re:Already secure (1)

KDR_11k (778916) | about 4 years ago | (#33500450)

Practical attacks or merely theoretical "well, it's broken under mathematical rules" attacks?

Re:Are they joking? (1)

clang_jangle (975789) | about 4 years ago | (#33499532)

Of course they're not joking. All just part of securing the planet, you know. Did you imagine they had some smaller goal in mind?

Re:Are they joking? (1)

cygnwolf (601176) | about 4 years ago | (#33499700)

Of course they're not joking. All just part of controlling the planet, you know. Did you imagine they had some smaller goal in mind?

FTFY

Re:Are they joking? (1)

clang_jangle (975789) | about 4 years ago | (#33499772)

Touché!

Re:Are they joking? (1)

Defenestrar (1773808) | about 4 years ago | (#33499706)

Obviously we need to protect it as thoroughly as we protect the First Amendment. Or perhaps the Fourth. One of them thingies anyway.

Re:Are they joking? (1)

AndrewNeo (979708) | about 4 years ago | (#33500198)

I want my bear arms, damnit!

Re:Are they joking? (2, Funny)

jgagnon (1663075) | about 4 years ago | (#33500434)

Shave them weekly for about 6 months then stop for 6 months and you shall receive that which you desire.

Re:Are they joking? (5, Insightful)

Burz (138833) | about 4 years ago | (#33499722)

Exactly. What they are demanding is the banishment of anonymity at the very least.

Re:Are they joking? (2, Insightful)

Anonymous Coward | about 4 years ago | (#33499968)

Where are they saying that?

Re:Are they joking? (3, Insightful)

Totenglocke (1291680) | about 4 years ago | (#33500308)

How does any government ever "secure" something? By adding multiple layers of bureaucracy and requiring multiple forms of identification to use the service.

Re:Are they joking? (2, Insightful)

PopeRatzo (965947) | about 4 years ago | (#33500284)

the banishment of anonymity

Of course.

By "securing the Internet" they really mean, "stop filesharing and wikileaks".

This is why neutrality regarding the infrastructure of the Internet has to be codified now. In a year, maybe two, it'll be too late. Once the telcos put up their toll booths and completely wipe out independent ISPs, it's all over.

I suppose though that the minute the first advertisement appeared on the web years ago the future was written in stone. You can't allow just anybody to connect to the Internet and provide content because that would make it a real free market, instead of the "Free Market" for very few that we have today.

The Internet was accidental, and the corporate elite has been working day and night to fix that happy accident. It won't happen again. That's why it's such a pity when you hear so-called "libertarians" talking about how we have to prevent "government regulation" of the Internet. They don't realize whose water they're carrying.

Re:Are they joking? (1)

Shikaku (1129753) | about 4 years ago | (#33499774)

How to be secure from the internet:

Disconnect the ethernet cable and the Wifi.

$1 million for my groundbreaking solution please.

Re:Are they joking? (0)

Anonymous Coward | about 4 years ago | (#33500272)

Don't forget that dial-up still exists.

Re:Are they joking? (4, Interesting)

rwa2 (4391) | about 4 years ago | (#33499786)

Meh, joking aside, there's plenty of technical measures that they could be doing (not that we'd necessarily want these people to do this kind of thing for us)...

* Plopping down firewalls at internet trunks, then using them to filter out spam and portscans. Propagate rules to shut down bot traffic at the edge routers.

* Sniffing / logging all traffic with snort / ntop (but more likely something big commercial and expensive) for, uh, forensic analysis

* Requiring some sort of RealID authenticated onramps, so net access can be traced back to a credit card or better yet an "internet license" associated with someone's passport or other unique government ID

* Encrypted key escrow so they can peek inside encrypted data and streams.

Scary stuff with lots of room for abuse, but really not any different than what a mildly competent corporate IT department already does.

Maybe on the internet2 for mobile phones (the next generation).... the question is whether the new system will be "pre-secured" by the corporate walled gardens, or if the government will finally finish "securing" and thus killing off the first gen internet just as the new one comes online ;-P

Re:Are they joking? (3, Insightful)

nine-times (778537) | about 4 years ago | (#33499904)

Well there's also relatively small steps like providing some better/simpler schemes for encryption/signing. PGP is pretty good, but poorly supported in most email clients. SSL is good, but CAs are lazy and expensive. SFTP provides encryption, but you generally need to blindly trust the host on the first connect.

One of the suggestions I've read around here is to support public keys in DNS records. If the DNS records are signed, then you can verify the public key did, in fact, come from the domain owner. Not a perfect solution, but it seems like it could be a first step to getting rid of the current CA system, which sucks IMO.

Re:Are they joking? (1)

bsDaemon (87307) | about 4 years ago | (#33500406)

PGP is pretty good, ...

Well, yeah... isn't that the point? /sarcasm (note to the uninitiated: PGP == Pretty Good Privacy).

Re:Are they joking? (0)

Anonymous Coward | about 4 years ago | (#33500360)

Your argument is based on the mistaken assumption that the internet exists as more than a convenient fiction which abstracts from the the origin and nature of global connectivity created by the interconnection of many autonomous networks operated by many different legal entities with a variety of motivations and under many different jurisdictions. Could you even non-arbitrarily define what the internet is? Why is my home network connected via wireless LAN to my friend's home network not the internet? Which service, which entity's presence makes a network of networks "the internet"? At what point does an alternative network which is created to work around restrictions become "the internet"? Any government can at best regulate the operators on its own soil, but even that kind of regulation is going to be inconsistent and arbitrary because the internet is an abstraction.

Re:Are they joking? (1)

FudRucker (866063) | about 4 years ago | (#33500160)

in this case, the NSA stands for "Not Something Attainable"

More U.S. government corruption? (0)

Anonymous Coward | about 4 years ago | (#33500180)

Agreed. Except that it is "increase the budgets long term".

"NSA Director Says the US Must Secure the Internet"

Translation:

We in the NSA have several reasons for wanting control over the internet:

  1. When we say "secure the internet", we mean make it less secure for everyone but us.
  2. Those who want continued corruption of the U.S. government want control, control, control. We must serve our masters.
  3. More control means raises and promotions. Get more of that taxpayer money. Yeah!!
  4. Most of us are clueless about the technology, but we want people to think we are important.
  5. If we have sufficient equipment and control, we can trade stocks within 50 milliseconds after they start rising or falling, as does Goldman Sachs. Later than that is for the losers.
  6. The U.S. government should spend huge amounts of taxpayer money to spy on the entire world. It's an arrogance thing.
  7. The U.S. government has killed so many Arabs that we need to know if they are plotting to kill us.
  8. You mere U.S. citizens are not allowed to know the other reasons.

What? (5, Insightful)

bhcompy (1877290) | about 4 years ago | (#33499490)

Secure it from you control freaks? Sure.

Why? (1)

garyisabusyguy (732330) | about 4 years ago | (#33499674)

Because we can!
Or at least that was 'good enough' of a reason for the Thunderbirds

Allwe need now are some 'net savvy puppets with supersonic jets

First (0)

Anonymous Coward | about 4 years ago | (#33499492)

Yes it's me!!!!

Re:First (0)

Anonymous Coward | about 4 years ago | (#33499518)

ULTRA-MEGA-FAIL.

The non-technical have lots of crazy ideas (0)

Anonymous Coward | about 4 years ago | (#33499500)

"... we ought to be the first folks..."

This says it all for me, he's non-technical.

Re:The non-technical have lots of crazy ideas (5, Insightful)

bsDaemon (87307) | about 4 years ago | (#33499602)

He has a masters degree in systems technology and another in physics, according to his biography, in addition to an MBA and a BS undergrad, plus lots of experience in intelligence and counter-intelligence, including in active combat scenarios, according to his biography. I suspect he's probably more "technical" than a large swath of people here, not to mention the general public. Just because he says folks doesn't mean his 'non-technical', so stfu.

Re:The non-technical have lots of crazy ideas (5, Insightful)

poetmatt (793785) | about 4 years ago | (#33499822)

if you read the summary about "Securing the internet" you'd know that the comment by this individual, technical or not, would give you the impression that he's a fucking moron.

I'm sure he's good at what he does, but "securing the internet" is not and will never be one of those things.
Even DNSSEC and IPv6 do nothing for "Security", because they haven't gotten back the original security issue: computers and/or users. Adding encryption, adding anything to allow anonymity and all you do is make it easier to poke holes in security. Get rid of anonymity and all you do is make it easier for people to use fraudulent identities since it assumes that nobody can be anonymous, which is also impossible. You're at the PC, and I'm behind you telling you what to do? Guess what, I'm anonymous.

Considering that security goes beyond the internet, shows how impossible the idea is. This is not even remotely reasonable.

Re:The non-technical have lots of crazy ideas (4, Insightful)

bsDaemon (87307) | about 4 years ago | (#33500008)

DNSSec is intended to prevent query cache poisoning. It's not a catch-all silver bullet and its not meant to be. Similarly, requiring IPSec in IPv6 solves certain problems, while leaving others untouched.

There will likely never be 100% security, for if there were, then you would have a 100% unusable system. But that doesn't mean that the current situation can't be made better. I just get the impression that a lot of people around here equate freedom with a reasonable expectation of getting away with a crime and have greasemonkey scripts to auto-respond with the Franklin security/liberty quote.

Re:The non-technical have lots of crazy ideas (1)

poetmatt (793785) | about 4 years ago | (#33500134)

nobody said the current situation can't be made better. That has absolutely nothing to do with the statements at hand.

Assuming you can make anything secure, however, is a completely false statement, and is specifically what was said. "We're going to secure the internet" is likewise a false statement.

Re:The non-technical have lots of crazy ideas (3, Insightful)

bsDaemon (87307) | about 4 years ago | (#33500290)

No, we can't secure the whole internet. What we can do, however, is make highly critical segments more secure. Part of that is physical security, part of it is better monitoring infrastructure, such as fiber tap splitters off to an IDS system at a backbone peering point. vendors such as Net Optics [netoptics.com] make just such a device, among others.

It would probably make more sense to run new lines, or light up some dark fiber, and move all the government stuff onto that, then have a few border crossings, like peerage points, where "real" internet access can be controlled and monitored to prevent breach of systems which aren't already on separate networks. They might do that already, I can't really say for sure.

Although, it still doesn't keep some random employee from doing something stupid on the inside, you can at least mitigate the impact. Then maybe, just leave much of the rest of the infrastructure as-is and have fend for ourselves, or whatever.

But yeah, we can just be picky and pedantic instead of just agreeing that there's a point of "good enough" that's more secure than what we have but less secure than just not having the system in the first place, or locking it away in a concrete bunker with no power.

Re:The non-technical have lots of crazy ideas (1)

poetmatt (793785) | about 4 years ago | (#33500168)

also, the franklin statement is very very accurate, and very much a concern when it comes to the US government, which is well known to throw around abuse of power and let judges settle the constitutionality of their horrible decisions in the first place.

The government clamoring for more security tells people that a: they want to monitor everything, b: they want to control everything, and c: who cares about the actual citizens of the US?

Forget the republican angle on it, this has been a corruption issue more than 30 years in the making at this point.

Re:The non-technical have lots of crazy ideas (0)

Anonymous Coward | about 4 years ago | (#33500094)

How about validating the silicon in routers, hardening corse software, redesigning the DNS system to make it less vulnerable to MITM attacks, perhaps something newer than SMTP that's designed for a hostile world. BGP's got a lot of room for improvement, like replacement with something less vulnerable. There's a lot of room, you fucking idiot.

Re:The non-technical have lots of crazy ideas (1)

nine-times (778537) | about 4 years ago | (#33500178)

Adding encryption, adding anything to allow anonymity and all you do is make it easier to poke holes in security.

You can always poke holes in any security scheme, but that doesn't mean it's not worth trying. Locks can be picked. Passwords can be guessed. Social engineering is always going to be a problem. Still, we do these things.

Security is not about making unauthorized access impossible. It's about making unauthorized access difficult and risky so that fewer people try, and fewer still succeed.

Re:The non-technical have lots of crazy ideas (0)

Anonymous Coward | about 4 years ago | (#33499874)

Just because he says folks doesn't mean his 'non-technical', so stfu

Derp? Can someone grammar-hammer this sentence?

Re:The non-technical have lots of crazy ideas (1)

bsDaemon (87307) | about 4 years ago | (#33499950)

A typo is not the same thing as a flawed argument, unless you're losing.

Re:The non-technical have lots of crazy ideas (5, Insightful)

copponex (13876) | about 4 years ago | (#33499990)

At some point in history, there were doctors who were convinced that the four humours [wikipedia.org] were the chief actors in the body, and developed some pretty strange and barbaric rituals to regulate their levels. The finest doctors at that time went to the finest schools and received the best education in the world, as far as they were concerned. The trouble was that everything they believed was absolutely untrue. The foundation of every bit of their knowledge was built upon a lie.

Receiving a good education does not ensure that you are right or wrong, but it means you are very highly trained in the existing hubris of your culture. So I'm sure this guy worked very hard, and filled out all the right forms and kissed ass at the appropriate times and wrote brilliant regurgitations of his professor's theories to clamor his way to the top of the bourgeois dog pile of the desperately successful. But that doesn't mean his ideas are worth a damn.

And it also doesn't mean that they're not worth a damn. But the guy works for the government, and specifically, the part of the government that exists to protect American (corporate) interests above all else. His job is to make the internet safe for commerce, not to protect the free flow of information. He's got his hammer, and he intends to find some nails.

Re:The non-technical have lots of crazy ideas (1)

X.25 (255792) | about 4 years ago | (#33500212)

He has a masters degree in systems technology and another in physics, according to his biography, in addition to an MBA and a BS undergrad, plus lots of experience in intelligence and counter-intelligence, including in active combat scenarios, according to his biography. I suspect he's probably more "technical" than a large swath of people here, not to mention the general public. Just because he says folks doesn't mean his 'non-technical', so stfu.

No "technical" person would ever say such a stupid thing, like "US must secure the Internet".

I know quite few people with lots of degrees and shit, but they're still dumb as a brick.

Can we have our money back? (5, Insightful)

blair1q (305137) | about 4 years ago | (#33499516)

We did make the Internet, and between government and business and private citizens we spent about $1 Trillion bringing it up to the state where Carly Fiorina and the other outsourcing robber-barons could use it to ship the whole information economy to India and China, cratering the return we expected from our investment, so they could pocket a few $billion in quick profit.

We'd like our money back. Someone tell Carly she owes us.

Re:Can we have our money back? (1)

garyisabusyguy (732330) | about 4 years ago | (#33499942)

Then send over some programmers with pliers and a blowtorch and get medieval on her ass

Re:Can we have our money back? (1)

frank_adrian314159 (469671) | about 4 years ago | (#33500246)

Someone tell Carly she owes us.

Don't worry! She'll pay it back in service as California's next Senator!!! I can't wait until she starts outsourcing citizen positions to India - we could cut Social Security and Medicare payments by 70%! Go, Carly!!!!!

Re:Can we have our money back? (1)

Kjella (173770) | about 4 years ago | (#33500316)

I'd love to see you try again only to see computers and networks merge into the Internet somewhere else, the US information economy would have fallen before it had even properly risen. Like that quote people pull out about the MPAA and RIAA, you don't have the right to halt progress just to preserve your profits and that goes for countries too. The rest of the world would have moved on and the US would be the one left behind.

America ... F*** yeah !!! (-1, Flamebait)

Anonymous Coward | about 4 years ago | (#33499522)

'nuff said.

Re:America ... Fuck yeah !!! (0)

Anonymous Coward | about 4 years ago | (#33499564)

FTFY. There is something very ironic about censoring that phrase.

Re:America ... F*** yeah !!! (0)

Anonymous Coward | about 4 years ago | (#33499716)

COMING TO FIREWALL THE FUCKING NET YEAH!

IPV4, Your days are through
Now you must
Answer to
ARPAAAAAAAAAAAAA
FUCK YEAH

Easy Fix (2, Funny)

Kagato (116051) | about 4 years ago | (#33499528)

Block all traffic to .ru and .cn.

Re:Easy Fix (0, Insightful)

Anonymous Coward | about 4 years ago | (#33499660)

Ban all Microsoft products from connecting to the Internet.

Re:Easy Fix (1)

AnonymousClown (1788472) | about 4 years ago | (#33500056)

Well, that'll be hard because many of those NSA-Gov-security types get their penis enlargement pills from those internet sites.

A collection of Desert Eagle .50 caliber handguns just doesn't cut it.

The age old problem (1)

Pojut (1027544) | about 4 years ago | (#33499530)

So long as the smarter people remain outside the law, it will never be secure. /generalization

Read (0)

Anonymous Coward | about 4 years ago | (#33499592)

Read: Power Grab.

I don't want a "protected" internet. (4, Insightful)

wcrowe (94389) | about 4 years ago | (#33499632)

The way to "protect" it is to not use it for stuff that, um, needs protecting.

Re:I don't want a "protected" internet. (0)

Anonymous Coward | about 4 years ago | (#33499888)

The way to "protect" it is to not use it for stuff that, um, needs protecting.

Or they could just design a new one with secure messaging, end-to-end authentication, non-repudiation, etc, etc, etc and keep it to themselves.

I don't know why of all people, /. readers can't see that the private sector have failed to make the Internet a safe place for the continuous stream of sensitive activities creeping onto it, and that is happening at too fast a rate for regulation to possibly keep up.

The other day someone said the Information Age is over, we're in the Lulz Age.

I think they were right, as most Internet users would LOL@ someone being duped out of large sums of money at fake EBay auctions using obvious (in the technical sense, not to the user) email forgeries. Instead of you know, being the IT professional so many of you claim to be and recognizing that this BS has gone on too long.

All this "it doesn't need to be fixed" nonsense paints a pretty clear picture in my mind which way this is going to go. If you don't particularly care if public or private entities secure the Internet, um.. GLFH.

Re:I don't want a "protected" internet. (1)

0123456 (636235) | about 4 years ago | (#33500420)

-Or they could just design a new one with secure messaging, end-to-end authentication, non-repudiation, etc, etc, etc and keep it to themselves.

And they could give us FREE PONIES at the same time.

I think they were right, as most Internet users would LOL@ someone being duped out of large sums of money at fake EBay auctions using obvious (in the technical sense, not to the user) email forgeries.

How would tying those emails to an 'Internet Drivers' License' claiming that I'm 'Samuel El Jackson, Nigeria 90210' help prevent such scams?

Re:I don't want a "protected" internet. (2, Insightful)

Grand Facade (35180) | about 4 years ago | (#33500148)

It's not broke and can't be "fixed".

All any attempts will do is F it up.

I'd say to help they could put some effort into enforcing the existing abuses spam and cyber fraud, but that would sadly be ineffective. Asshats won't enforce anything but the most blatant TOS violations.

Education is the answer, just like street savvy, folks need internet savvy.

Some are so gullible they should not be allowed on the Net, but it's not for me to say who.

We Made the Internet... (0)

Anonymous Coward | about 4 years ago | (#33499658)

But the morons now in charge just don't understand how it actually works, nor do they care to learn.

Re:We Made the Internet... (1)

singingjim1 (1070652) | about 4 years ago | (#33499794)

They need to recruit the inventor of the Internet to help secure it. Al Gore finally has a real job!

He's right! (1, Interesting)

Anonymous Coward | about 4 years ago | (#33499690)

Gen. Keith Alexander is absolutely correct.
It is a daunting task, but the USA should be leading the fight in securing the internet from nefarious organizations like the NSA.

Protection (4, Interesting)

D3 (31029) | about 4 years ago | (#33499698)

I think it would be more accurate to say we need to protect ourselves from the Internet vs. we should protect the Internet.

Why.? (1, Insightful)

Anonymous Coward | about 4 years ago | (#33499724)

Why would they be worried about securing the net when they won't secure our boarders...

Re:Why.? (2, Funny)

ScentCone (795499) | about 4 years ago | (#33500128)

Why would they be worried about securing the net when they won't secure our boarders...

Well, a lot of us don't have boarders, even if most of us have internet access. Some of us who do have boarders will allow them to use our internet access, but I don't know if that matters. I don't want to have to watch them use it, just to secure them, and I don't want the Feds to get involved in the relationship between me and any boarders that stay in my house. But we do have to watch 'em, especially the boarders from over the border. Those Canadian boarders are nothing but trouble, and never pay their rent on time. In fact, I'm completey tired of renting out rooms. That last guy, from Quebec, wouldn't stop using French names for food. I'm done with him. I'm over the boarder, for sure. The broader issue of boarders, especially Swedish broads, bordering on being boarders but bartering room and board in exchange for making smorgasbords, is bordering on being a bore.

Re:Why.? (1)

spamking (967666) | about 4 years ago | (#33500164)

Might be time to start the /. internet militia . . .

Alexander Is Another FUDster Who Joins (0)

Anonymous Coward | about 4 years ago | (#33499830)

the one and only Richard Clarke [npr.org] :

""A cyberattack could disable trains all over the country," he tells Fresh Air host Terry Gross. "It could blow up pipelines. It could cause blackouts and damage electrical power grids so that the blackouts would go on for a long time. It could wipe out and confuse financial records, so that we would not know who owned what, and the financial system would be badly damaged. It could do things like disrupt traffic in urban areas by knocking out control computers. It could, in nefarious ways, do things like wipe out medical records."

A cyberattack could also disrupt my game of Medal Of Honor [youtube.com] .

Yours In Krasnoyarsk,
K. Trout

Plug a barrel with 10,000 holes? (2, Insightful)

crackerjack911 (49510) | about 4 years ago | (#33499852)

Should the government really be trying to manage security across the ENTIRE internet? Would you rather plug 10,000 holes in an old barrel or just build a new barrel? Maybe I just don't understand the issue enough, but wouldn't a separate Government/Military/infrastructure internet be more viable and easier to implement on existing systems thus costing less? And if you really needed access to the public internet, you could control the points of entry and monitor them much easier and more effectively.

Re:Plug a barrel with 10,000 holes? (3, Insightful)

nomadic (141991) | about 4 years ago | (#33499984)

Should the government really be trying to manage security across the ENTIRE internet? Would you rather plug 10,000 holes in an old barrel or just build a new barrel? Maybe I just don't understand the issue enough, but wouldn't a separate Government/Military/infrastructure internet be more viable and easier to implement on existing systems thus costing less? And if you really needed access to the public internet, you could control the points of entry and monitor them much easier and more effectively.

Step 1) Set up the infrastructure you suggest; Step 2) allow academic researchers in; Step 3) allow college students in; Step 4) let other countries link up; Step 5) start allowing commercial enterprise in; Step 6) listen to the commercial enterprise whine how they should have more control over the internet; Step 7) listen to other countries whine since the US was nice enough to let them link up to the network, those countries are now entitled to equal control over the network; Step 8) listen to the open source crowd whine how the government is exercising too much control and security should be handled by them in a libertarian free-for-all. We've been through this before, the network won't stay secure.

Re:Plug a barrel with 10,000 holes? (1)

crackerjack911 (49510) | about 4 years ago | (#33500048)

Simple answer? Say 'No' a few times. Design it with one mission, secure critical systems for us. Screw the researchers, college students, thats what the public internet playground is for.

The Internet is insecure? (2, Interesting)

Nkwe (604125) | about 4 years ago | (#33499862)

I didn’t realize the Internet itself was insecure.

We could talk about securing applications that run on top of the Internet, but that would be a different conversation and I am not sure that is where we want the government to be.

Re:The Internet is insecure? (0)

Anonymous Coward | about 4 years ago | (#33500022)

It is actually semi fragile. Some of the bedrock applications were not ever thought to be 'attacked'. Such as BGP, DNS, source/dst in TCP etc... Some of these applications just take their input and merrily go along their way doing dumb things.

It really is 1 dorked route from some mom and pop ISP can take out the entire internet. It has happened a few times. It will again.

At its lowest level the internet is not secure (or reliable). Unfortunately the stuff that makes up the internet 1 level up is not either. That is the issue. They have known about man in the middle attacks on DNS for about 15 years yet only within the last year have we seen secdns take off. One part of the problem is you can even DO man in the middle. Yeah that is a pretty big problem. There are dozens of such issues. That are core to what makes up the internet as we know it.

Re:The Internet is insecure? (1)

Nkwe (604125) | about 4 years ago | (#33500114)

Then I would say that these sorts of things need to be corrected. I am just concerned that the concept of "securing" will include control of application level content and attempts to eliminate or reduce anonymity.

Re:The Internet is insecure? (1)

Profane MuthaFucka (574406) | about 4 years ago | (#33500106)

I had the same confusion. Do they mean the Internet, or do they mean the hosts on the Internet?

And how exactly would you secure the Internet? Does it make you safer if GoDaddy and every other place where you can inject a packet into the Internet starts checking your driver's license?

Kind of but not really (1)

stealth_finger (1809752) | about 4 years ago | (#33499872)

"We made the Internet and it seems to me that we ought to be the first folks to get out there and protect it,' Alexander said." That's like saying the guy who dug the foundations built the house and is responsible for it? And when he says "securing the Internet against both internal and external attackers" surely by it's nature all attacks are internal.....or external, whatever.

Re:Kind of but not really (0)

Anonymous Coward | about 4 years ago | (#33499948)

You can take a network down physically. Bombing datacentres, ripping up the undersea cables etc. I'd say they where external attacks.

Not possible... (2, Interesting)

Last_Available_Usern (756093) | about 4 years ago | (#33499896)

The internet is basically hosted on public infrastructure. Until the government decides to lay down it's own lines (above and beyond what it currently has, which in no way would support national bandwidth requirements) and host it on hardened equipment there's little the administration can do other than wave their finger and say, "Hey you guys, make this safer!" And to be honest, this has a lot less to do with protecting us from cyber threats and a lot more to do with implementing federal taxation on usage/commerce as well as visibility of data in and out of any node on the national network without all the red tape that's currently involved. You can call me a conspiracist, but it doesn't sound as crazy when you consider all the truly critical Government/Military traffic is already hosted on dedicated government-owned lines/equipment.

you username (0)

Anonymous Coward | about 4 years ago | (#33499982)

i think the rest of you username got cu

Good... (1)

DigitalSorceress (156609) | about 4 years ago | (#33499908)

Good... tell you what NSA, you go ahead and when you've managed to actually track down the spammers and the phishers and we have some "extrordinary rendition" (I was thinking of rendition more in the soap sense), then I'll believe you're serious. /It's fun to be an Internet Touch Chick //but I DO so wish they'd take me up on the challenge

Um... I have an idea... (1)

thestudio_bob (894258) | about 4 years ago | (#33499932)

...Why doesn't the government worry about securing their own networks before acting like they have the "expertise" to secure the entire internet.

Let me guess (1)

elrous0 (869638) | about 4 years ago | (#33499934)

The first step is to stop movie and music piracy, right? Truly the biggest threat to our country (if you ask any politician getting big campaign donations from Hollywood and big media, that is).

Simple Solution! (1)

JoshDM (741866) | about 4 years ago | (#33499952)

Just add an "s" to your "http"!

Re:Simple Solution! (1)

CannonballHead (842625) | about 4 years ago | (#33500452)

[pedantic] append, not add... [/pedantic]

Its the OS that is not secure (1)

Jadeinfosy (960509) | about 4 years ago | (#33499992)

The Internet is quite secure, it's the software systems that are attached to the internet that are not. Time to develop a trusted opererating system and a secure browser.

huh? (1)

mosdave (1262828) | about 4 years ago | (#33499998)

"...a network that many security experts see as hopelessly broken and flawed by design."
wait, what?

Trying to cure the symtpoms .... (1)

AnonymousClown (1788472) | about 4 years ago | (#33500018)

The article is "blah blah blah security blah blah risks blah blah blah ...."

Why not concentrate on the folks who are exposing critical systems to the internet - if, in fact, they are?

I know folks in the defense industry - all the critical stuff has not physical path to the internet. To access that information means switching machines.

Same goes for other industries. I mean, network admins aren't stupid - it's pretty obvious that if it's really critical you don't connect it to the internet. Even the PHBs get that.

How do you plug all the holes in a screen door? (1)

kawabago (551139) | about 4 years ago | (#33500032)

Trying to secure the internet is like trying to stop air flowing through a screen door. They might have better luck securing critical infrastructure and implementing a backup communication channel for that infrastructure should the internet be compromised.

Aliens (1)

sea4ever (1628181) | about 4 years ago | (#33500062)

"secure the internet against internal and external attackers?"
What does external mean here? The first thing that comes to mind would have to be some kind of E.T..
Someone explain what 'external' means in relation to the internet. Unless it's referring to some kind of physical world outside of the internet..!!
Is there a world outside of the internet!!?

Please help us NSA... (0)

Anonymous Coward | about 4 years ago | (#33500102)

At least the NSA contributed selinux. With their budgets if they want to help make the network more secure the single best thing they could do is develop analysis tools (Stanford checker et al) to find defects in the computer codes running the network and systems connected to it and not just hoard these capabilities.

The actual statement sounds kind of lame in that it provides zero effective information on either what is meant or how it would be done.

Personally I think the best outcome is that efforts are made to make the network itself as reliable as possible but NOT secure. In other words DNS works to the extent that you can't blindly inject bogus responses into systems UNLESS you have direct control over the network path between systems. DNSSEC and its planet scale trust anchor is a poster child for futility.

End-to-End security where the network is assumed to be insecure is the only architectural method for security that makes any sense whatsoever at the scale of the Internet.

What is it exactly that needs protection here? (0)

Anonymous Coward | about 4 years ago | (#33500120)

it seems to me that we ought to be the first folks to get out there and protect it

What is it exactly that needs protection here?

I thought the Internet was designed to "heal itself" from attacks by using a flexible routing system.

In fact, wasn't that a primary goal for ARPA when it designed the network? To ensure that its architecture did not have a single point of failure?

Does this call for "protection" mean that the Internet is somehow not robust as originally designed? What is the proof of this supposed lack-of-robustness?

secure = kill switch? (1)

spook brat (300775) | about 4 years ago | (#33500144)

This press statement makes me really worried. Considering the recent news about Congress wanting a kill switch for the Internet [slashdot.org] , an NSA announcement that it will "secure" the internet sounds like spin.

Have you ever heard the joke about how different branches of the U.S. military "secure" a building [strategypage.com] ? The NSA puchline would be "rig the building for demolition, then put the Big Red Button [tvtropes.org] right next to the light switch.

Between my experience with STU-IIIs and being a Dune fan ("He who can destroy a thing, controls a thing") I'm really worried that the NSA has been tasked to create an internet kill switch, and that the "security" efforts they will soon recommend will be a pretext for the kill switch's creation. The NSA is the logical government agency to implement a kill switch, and designing the new security system would give them the access they'd need. Normally I hate conspiracy theories, but this is just creepy to me.

Footnotes:
For all you coders out there, I meant "=", not "=="; in my opinion the NSA getting involved assigns the value "kill switch" to "secure".

Joke punchline origin: every piece of NSA designed hardware I've handled has a kill switch built in, and one of my biggest headaches was people asking "what does (PRESS) this do?". Quote from the STU-III handbook [tscm.com] :

The STU-III battery backup allows power to be removed, as in a power failure or unplugging the unit to move it, without losing the encryption data. The zeroization button bypasses this backup and erases the encryption data. After zeroization, the STU-III must be rekeyed and the CIKs must be remade. The STU-III is zeroized:

In an Emergency. - If the STU-III is ever in danger of falling into hostile hands, zeroize it to prevent the adversary from obtaining a functional unit. . .

By Accident. - The accident usually follows an employee's curiosity. The employee starts playing with the buttons and zeroizes the unit. Be sure to brief your employees on the importance of not pressing or playing with the zeroization button. Refill the STU-III using a new seed key [or operational key].

An analogy.... (1)

OldHawk777 (19923) | about 4 years ago | (#33500172)

A house can be considered secure when doors and windows are closed and locked. Is the hose secure from criminal invasion? No
The house is secured from unauthorized access. Can the house be secured? No

So, How do you stop criminal entry? Stop the criminal. In the process of stopping the criminal can the home be used? No
Using the home will endanger or at least penalize the private home owners, and may inadvertently criminalize the home owner,
because there is a pot-plant growing (not for use/distribution) in the back yard.

Anyway good police work, investigation tools, reasonable response (offensive and defensive) weapons, and sensible laws are (IMO)
the only acceptable ways to stop criminals without harming your people, culture, economy....

Any blanket solution to crime (like the drug-war and god-sex laws) is always dumb as dirt and will never work.
Crime is flexible "Asymmetric" you can only lose while playing catch-up.

Good police work always adapts to the crime and times to get the dirt on the perps.
Holy-Drug/Sex/Alcohol... laws always create an ungovernable underground economy that makes citizens criminals (USA is the example).
When citizens are made criminals, then you must increase the protection for the remaining parochial-dogma citizens.

Good security always starts at the borders (points of entry). [i.e. Doors, Windows, Customs, Air/Sea Port, Top-Level gateways and routes...].
The laws already exist to stop criminals and locks and latches won't help US, EU, RU, CN....

Re:An analogy.... (1)

Aladrin (926209) | about 4 years ago | (#33500296)

Should have gone with the car analogy. Since they were invented here (like the internet) they fit a little better. ;)

But.. (1)

nanospook (521118) | about 4 years ago | (#33500194)

But we don't want you (the NSA) to secure the internet..

NSA Director Says the US Must Destroy the Internet (0)

Anonymous Coward | about 4 years ago | (#33500208)

It looks like the internet is a dangerous thing because it allows unsanctioned free speech.
And unsanctioned free speech is dangerous.
Perhaps we can have some govt. issued permits that authorize "journalists" to speak.
This way if someone posts something unsanctioned the permit can just be revoked and since all "Journalist" are registered we know who to imprison.
We can still have free speech we just have to make sure it's properly sanctioned by a "Journalist".

Who, what and why? (1)

Mathness (145187) | about 4 years ago | (#33500324)

"We made the Internet and it seems to me that we ought to be the first folks to get out there and protect it,"

Protect it from who, what and why?

And if you are serious, start by getting rid of spam. And if you should somehow manage that, you have most likely also killed the (free) internet as we know it.

Ignore the NSA and pull the plug on China (1)

WillAffleckUW (858324) | about 4 years ago | (#33500340)

You don't deal with issues like this by inaction, or by battening down the hatches while leaving a giant pipeline of hackers and botnets flowing from China into the US.

You pull the plug on the root servers recognizing China until THEY shut them down.

Actions speak louder than Fear.

Perhaps offer some standards? (2, Interesting)

mlts (1038732) | about 4 years ago | (#33500456)

There are ways the US government can do some in advancing Internet security as a whole. Some that come to my mind (usual long list):

1: Subsidizing an OATH compatible OTP system. Perhaps get Aladdin/SafeNet or RSA to make tokens which support numbers that change every 30 seconds, and apps for devices. Now, a thief has to do more than just slurp a password to compromise a bank account. They would have to actively mess with the Web browser. This leads to #2.

2: A ZTIC-like system. This way, transactions are confirmed actively, so malware present on the system can't actively transfer money even if a bank account's password is compromised. This can be a hardware device, or a phone app.

3: Crypto contest for a RSA successor. RSA has stood strong, but another public key algorithm that is quantum computer resistant is needed. Of course, this isn't an easy task, compared to making symmetric key algos.

4: A backbone between businesses similar to NIPRnet, but for civilian transactions.

5: A civilian CAC for client certificates, with good mechanisms in place to deal with cards that are lost, stolen, locked out due to bad PIN retries, or accidentally microwaved.

6: SELinux's successor. Preferably a hybrid between it and AppArmor. The more technology in keeping applications to just what they need to run, the better.

7: This isn't directly Internet affecting, but perhaps find some R&D into backup technologies? It used to be a while back that companies were through about backups, and if you even thought about being a sysadmin, you knew how to do dumps, tars, full/incremental/differential backups, tape rotations (grandfather/father/son), offsite tapes, and so on. These days, people don't even bother with backups, and if they do, they think the cloud can do it, forgetting the time it takes to suck all that info back through a WAN connection on restore. Yes, backups are boring as all get-out, but in case other security measures fall apart, backups are what one uses to piece things back together.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>