03 April 2021

Failures of National Defense Cybersecurity (mostly from Tim Cushing at Techdirt)

Here's a clipped short version: ..."Hindsight is 20/20. Foresight appears to be almost nonexistent, even with the tech tools the NSA has at its disposal. If it couldn't mitigate the damage before it turned federal agencies into unwitting honeypots for data exfiltration (and that includes the supposed securers of the Homeland, the Department of Homeland Security and its cybersecurity branch), it shouldn't be given all access passes to domestic networks under the theory that it might be able to do marginally better with greater "visibility."
Never let a good crisis go to waste.
The federal government is always on the lookout for expansion opportunities and a bad actor known colloquially as "Current Events" keeps handing the government what it's looking for.

NSA Director Says More Domestic Surveillance Might Stop Foreign Hacking; Fails To Explain Why NSA Isn't Stopping Much Foreign Hacking

from the what-if-we-just-did-the-thing-we-already-do-but-not-through-the-back-door dept

More > The blockbuster breach of widely-used SolarWinds network software affected dozens of federal agencies and millions of users around the world. In response to this travesty, the director of the NSA and its military counterpart CYBERCOM (Cyber Command) floated the idea of allowing the NSA (and others) to gaze inwardly at the country's moving (computer) parts.

“We truly need to look at the ability for us to see ourselves and right now it's difficult for us to see ourselves,” [General Paul] Nakasone testified on Thursday to the Senate Armed Services Committee. Adversaries like China and Russia “are operating with increased sophistication, scope [and] scale, including operations that can end “before a warrant can be issued,” he warned.

“If we have a problem where we only see our adversaries when they operate outside of their country and we don't see them when they operate inside our country it's very difficult for us to be able to—to, as I say, connect those dots,” Nakasone said. “That's something that—that the administration and obviously, others are addressing right now.”

The NSA thinks it doesn't have enough visibility. And it's true, information sharing has long been an intergovernmental problem. Information sharing between the government and private companies has also been less than ideal, largely due to the fact that the government demands more than it's willing to share -- and that includes known exploits and bugs it's currently using to engage in worldwide surveillance.

6 Outsider Cloud Security Attacks To Look Out For In 2020

What Nakasone is suggesting sounds like domestic surveillance of private networks to potentially thwart attacks and root out persistent threats. That doesn't sound much like America though. And there's no reason to believe the NSA and DoD are better qualified to do this job than the private sector. The NSA and others have suffered their own security breaches and carelessly handled sensitive tools/information. Giving up privacy (and some security) for nominal gains in "visibility" would be a really bad idea . . .
more

No comments: