Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Inside ICS-CERT's War Room

timothy posted more than 2 years ago | from the general-mckittrick's-around-somewhere dept.

Government 30

itwbennett writes "When Stuxnet first appeared in July 2010, the U.S. response was gathered at the ICS-CERT facilities at Idaho National Labs (INL). 'This is the classified building where phones will start ringing should the next Stuxnet show up, and home to staffers who specialize in IT and industrial systems,' said Robert McMillan, who was invited to attend a training exercise run by the U.S. Department of Homeland Security (DHS) and INL. 'It's small — there were just four analysts there on Thursday — but it looks like the security operations centers you see big companies such as Cisco and Symantec: people sitting in front of computers, with a big screen showing a real time feed of any situations that need to be handled.'"

cancel ×

30 comments

Sorry! There are no comments related to the filter you selected.

That seems old school. Not in a good way. (1)

bigredradio (631970) | more than 2 years ago | (#37597836)

From what I have read about Stuxnet, it was a global coordinated effort. The benefit to that level of diversity is the "out of the box" thinking is off the chart. You put similar people with similar backgrounds in the same room, and the hacking world will eat their lunch.

Re:That seems old school. Not in a good way. (0)

Anonymous Coward | more than 2 years ago | (#37597910)

From what I have read about Stuxnet, it was a global coordinated effort. The benefit to that level of diversity is the "out of the box" thinking is off the chart. You put similar people with similar backgrounds in the same room, and the hacking world will eat their lunch.

So you've read the bios of each person working there? You know their qualifications, education and general background? If not, then why did you make the assumption that they're all vanilla flavored? If you did, then post the link(s) so that we, too, can post our disgruntled, pessimist thoughts for the whole world to see.

Re:That seems old school. Not in a good way. (1)

Yvanhoe (564877) | more than 2 years ago | (#37597996)

It was an Israeli military effort. The general Gabi Ashkenazi admitted to have led this effort when going into retirement. Interestingly, I have read this news in several French newspaper but this information never seem to have crossed the language barrier. On both Stuxnet's and Gabi Ashkenazi's pages this fact is mentioned in the French wikipedia but not in the English one. The original source is the Israeli newspaper Haaretz.

Re:That seems old school. Not in a good way. (1)

ZankerH (1401751) | more than 2 years ago | (#37599594)

Those facts are not intended for public consumption by the goyim, citizen!

Re:That seems old school. Not in a good way. (1)

bigredradio (631970) | more than 2 years ago | (#37638704)

You misunderstand. I am talking about those that were trying to figure out what stuxnet was and who the intended target could be. That was a global effort. If there is a group attempting to thwart cyber threats, a global coordinated effort seems to make more sense to me than the war room mentality.

Re:That seems old school. Not in a good way. (1)

Xugumad (39311) | more than 2 years ago | (#37598044)

Out of curiousity, do you have any sort of netsec/infosec background, or does most of this come from reporters babbling about how everything is new and different (this time, really, we mean it)?

Defending a system under attack in real-time is... both very easy, and very difficult. Your main option is whether you pull the plug or not, and if you do that tends to be very effective. The blue/red team wargaming seems more like the sort of thing done to make someone feel they're doing something useful.

However, having people who can co-ordinate and manage information coming in, I can really see benefit to, even if they're just advising on when/where to pull network cables out to stop the flood.

Re:That seems old school. Not in a good way. (1)

Gimbal (2474818) | more than 2 years ago | (#37598188)

I imagine it would be a fun sociological experiment, to conduct a real sociological study of the hypothesis you suggest. Of course, there might be some collateral damage... Maybe it would make for a fine movie, anyways ;}

[Insert j/k tag here]

Classified building? (1)

SquirrelDeth (1972694) | more than 2 years ago | (#37597860)

Why would DHS say "Hey buddy come check out our training methods and classified building and then you can write a story and tell everyone all about it"?

Re:Classified building? (1)

borrel (2416350) | more than 2 years ago | (#37598196)

the most famous SECRET it operations center just like the most famous SECRET base (area 51) does anyone think there is anything secret there?(i dont, maybe there WAS but then it would be moved to a secret location)

hello (-1)

Anonymous Coward | more than 2 years ago | (#37597930)

Thanks for an informative post on “ the topic”. I was looking for the information and researching on it when I stumbled upon your post. Thanks again [slashdot.org]

Re:hello (1)

L4t3r4lu5 (1216702) | more than 2 years ago | (#37598148)

Thanks for an informative post on âoe the topicâ. I was looking for the information and researching on it when I stumbled upon your post. Thanks again

Hey there, link spammer!

By default, all URL's on Slashdot have the attribute "rel=nofollow" meaning that web spiders won't follow the links for the purpose of ranking in search engines.

What it DOES do, however, is ensure that your spam URL www dot efortesolutions dot com makes its way into my DNS shitlist, never to be resolved by anyone inside my organisation again. Furthermore, you're supposed to replace " the topic" with the actual topic of the post. Way to go, douchebag!

Re:hello (0)

Anonymous Coward | more than 2 years ago | (#37598800)

Gentlemen. You can't fight in here. This is the War Room!

Re:hello (0)

Anonymous Coward | more than 2 years ago | (#37599802)

Ha. Excellent work sir.

Big Screen? (1)

Lord Grey (463613) | more than 2 years ago | (#37597974)

... with a big screen showing a real time feed of any situations ...

Pfffft. That screen is nothing compared to what you need just to handle development in Eclipse. Pansies.

Re:Big Screen? (1)

Gimbal (2474818) | more than 2 years ago | (#37598062)

Well ain't it some nice techno-bling though?

Well it's some silliness anyways - an exaggerated presentation of simple information, really. Such tendency for exaggeration in "such things" - it is a large part of why I, myself, will not even try to get a job with such organization. And the world moves on.... :)

Re:Big Screen? (0)

Anonymous Coward | more than 2 years ago | (#37598170)

Notice that all the analysts have their own personal monitors...

Big screens like that are nice for showing off to the media and the boss, not so nice for actually reading them. When I was a child my dad was a sysadmin for an electric company and they decided to film a commercial down in the server room for some reason. About half way through, the film crew stopped because "the server wasn't on." The tape deck wasn't spinning... They ended up needing to start a backup so the tape would spin and server would look busy.

Re:Big Screen? (1)

Gimbal (2474818) | more than 2 years ago | (#37598274)

Nice level-headed point of view, there.

Me, I'd be too preoccupied with the burning question, "I wonder how the Ren and Stimpy show would look, on that big screen?" too much to actually get the job done...

As far as data modeling for comp sec work, so that one wouldn't need a huge screen to get a useful view on a huge data set - well, digressing, I guess that's stuff mostly to show off to the boss, too...?

Re:Big Screen? (1)

ITShaman (120297) | more than 2 years ago | (#37598718)

I know what you mean. I did a gig with a North American electricity supplier, and spent a lot of time in their Ops Center. They had 2 big screens at the front of the room, and about 8 workareas (semi-cicular desks) with 3 monitors on each of them, all the desks facing these massive 2 projection screens. One screen had real-time traffic and weather camera feeds going (why? I don't know, guess they wanted to know how the commute home would go...) The other screen had statuses for some of the more critical servers. Which was also funny, since I was there when one of those servers went from "green" to "red", and 4 pagers/phones went off in the room at the same time, and the those whose phones rang immediately got on the phone and started to troubleshoot, with the big screens all but forgotten.

In short, it's all for show, not really, truly useful...

Re:Big Screen? (1)

Dishevel (1105119) | more than 2 years ago | (#37599100)

The server status screen may not be useful when one server goes down.
But if you have hundreds of servers and the display is laid out correctly pagers going off 12 times will not give you the same overview of the situation a visual display of what is up and what is down will.
Granted. You do not need a 247" screen, but having a visual of a complicated and large network and its equipment can be of help when the shit hits the fan.

Re:Big Screen? (1)

Dr_Barnowl (709838) | more than 2 years ago | (#37599674)

The traffic and weather feeds were probably pertinent.

Traffic governs how fast people get home. The first thing people do when they get home is power up a whole bunch of stuff, some of it very hungry - like kettles, for making tea or coffee.

Weather affects how many lights you turn on, whether you use the dryer rather than the line, etc.

For the same reason electricity suppliers in the UK need to know the television schedules - historically, we have had fewer channels, and breaks in popular programmes coincide with large numbers of kettles being put on (at 1-3 kW each, this isn't a small thing).

Re:Big Screen? (0)

Anonymous Coward | more than 2 years ago | (#37600498)

Also storms knock down power lines, and repair vehicles use the same roads as "civilian" vehicles.

Re:Big Screen? (1)

garyebickford (222422) | more than 2 years ago | (#37601932)

Back in the day the flow through the sewer systems was an accurate measure of the popularity of certain TV shows, as everyone flushed during the commercials. Nowadays that probably isn't so true.

Where were they at when.... (0)

madfilipino (557839) | more than 2 years ago | (#37598224)

Where were they at when the biggest virus to hit the internet - Windows 7 - was released? Sitting on their asses watching all the blinkenlights?

Because.... (1)

jimpop (27817) | more than 2 years ago | (#37598442)

Because... sitting in front of computers, with a big screen showing a real time feed of any situations that need to be handled is a true indicator that things will get accomplished.

Re:Because.... (1)

Errtu76 (776778) | more than 2 years ago | (#37598936)

We have the same for our Nagios instances. Big screen, big red alerts and stuff. Big deal. Fun for management, but my neck starts to hurt if i have to move around too much.

Re:Because.... (1)

garyebickford (222422) | more than 2 years ago | (#37602020)

I think it depends on the application. A project I worked on the proposal for was an upgrade to a large rail system. They had a big room with about a dozen huge projection displays that together showed the entire route system with live status from sensor data all over the area. I think every operator had their own console to work on their particular bit of it, but having the entire thing visible to everyone at once provided important contextual information. Similar displays, even full immersion rooms (for somewhat different purposes), are used in the chemical and oil industries. To some extent that would be true for any network-like operation, especially if you have a large number of nodes and edges.

One of the biggest issues I have with any computer monitor is that it is nearly impossible to provide all the contextual information that any wooden desktop provides. Seeing something 'out of the corner of my eye' is a valuable tool that is essentially not available in a computing environment. Our eyes and brains have an amazing capability to see both close-up detail and simultaneously be unconsciously monitoring a wide area around that detail. Working on computers, even the dual-screen setup I have now, is like always having to see through a porthole.

Re:Because.... (1)

Inda (580031) | more than 2 years ago | (#37598942)

Why not?

I sit here with cmd.exe running and everyone thinks I'm doing something important. The trick is to choose a large directory, with many sub-directories, on a slow server, on the other side of the world.

>tree /f

They should pay me extra for knowing that

Big screens are management porn... (1)

MrOion (19950) | more than 2 years ago | (#37599136)

Big screens are just management porn, its only for showing off to visitors and be taken pictures in front of.

We have the same in the SOC (Security Operation Center) where I work, and it's always fun watching politicians and other "prominent" people nodding their heads when our manager explains what the screens are showing. The fact is that we never ever use that information ourself, and all the real work is done one our own personal screens.

But it can be made to look impressive, and make sure the money flows our way... :)

Re:Big screens are management porn... (0)

Anonymous Coward | more than 2 years ago | (#37600206)

I was in a SOC once that had a bunch of big screen... Really cool looking. I started to ask questions and there was one that had a picture of the US with a bunch of lines all over. I of course thought it was some sort of density of network traffic or something like that so I asked it trying to sound smart I guess. The guy was like, no that is the weather map.... No idea why that was needed, but I felt like an idiot!

USA and Sanhedrin still deny the well known (0)

Anonymous Coward | more than 2 years ago | (#37610572)

> When Stuxnet first appeared in July 2010, the U.S. response

The above sentence is, in and itself impossible, considering the anti-iran Stuxnet computer worm was developed on the libyan P-1 uranium centrifuge rig set, which the USA had shipped over to the zionists's Dimona facility, after Colonel Gadhafi made peace with the euro-atlantic "Free World" a few years ago. There can be no "response" per se, if you are one of the initiators, obviously.

Not too suprisingly, as soon as Stuxnet was activated and done its job on Iran, Colonel Gadhafi and the secret of his P-1 set's destination became redundant, thus a "popular revolution" was quickly created in Libya to depose and kill him... (About as much of a scam as the 1956 hungarian revolution was a CIA scam, to cover the back of the tri-partite invasion of Egypt, except the USSR politburo did not fell for that one.)

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>