Wednesday, August 15, 2012

DoD to take over critical networks in cyber emergency?

What could possibly go wrong?
The Pentagon has proposed that military cyber-specialists be given permission to take action outside its computer networks to defend critical U.S. computer systems — a move that officials say would set a significant precedent.
Gee, ya think?
The proposed rules would open the door for U.S. defense officials to act outside the confines of military-related computer networks to try to combat cyberattacks on private computers, including those in foreign countries.
This is a stupendously bad idea.  Let me count the ways:

1. Cyber Command has not demonstrated that they're better than n00bs.

I'm sorry to be so harsh, but in the Internet Security industry, it's not what you wear that makes you cool, it's what you do.  I literally do not know anyone who thinks that Cyber Command is 1337.  I'm willing to listen, so my invitation to the DoD is: go ahead - dazzle me.

2. There's a HUGE difference between offense and defense.

Duh.  So what's with the "biggest swingin' ****" business with foreign computers?  Shut up and sit down, Soldier.  You're making things worse.If you think I'm wrong, then I'm willing to listen, so my invitation to the DoD is: go ahead - dazzle me.

3. Posse Comitatus Act.

If you seize control of my computers, I will do my best to see you breaking rocks in Leavinworth.  Just sayin'.  And to the h4x0Rz with a star on their BDUs, you're where I'll start.  Commander is responsible, right?  If you think I'm wrong, then I'm willing to listen, so my invitation to the DoD is: go ahead - dazzle me.

4. Your folks will not know what is going on better than the people under attack.

How could you?  Sure, sure, you're all Cyber Ninjas and everything [rolls eyes], but you think that by the time some 4 Star approves actions your team will have more of a clue than the civilian Boots On The Ground?  History suggests that you're wrong.  If you think I'm wrong, then I'm willing to listen, so my invitation to the DoD is: go ahead - dazzle me.

5. Your people will not be more motivated to solve the problem than the owners and operators of the computers under attack.

Duh.  If you think you will be, then I'm willing to listen, so my invitation to the DoD is: go ahead - dazzle me.

This is a monumentally bad idea, and Cyber Command's budget should get cut to show people that this is not the way to advance their careers.

6 comments:

Tango said...

This is not about who can best fix the problem at hand unless that problem is the release of information by the public or to the public.

There is only one possible reason for this and that's to control the flow of information when the government wants it most.

Alan said...

Outside of a few agencies like the NSA, the government's reputation for computer security is abysmal with good reason.

And honestly the NSA has a good rep simply because they don't connect their networks to the Internet, thus obeying the first rule of cyber defense: If you don't want it hacked, don't put it on the Internet. I bet if they did, they'd get hacked too.


Borepatch said...

Alan, an air gap solves a multitude of security sins. Not all, but a lot.

kx59 said...

My tinfoil hat might be a bit tight but, me thinks this isn't really about "defense", but more about control.
It'd be easy enough for the DoD to institute an attack, and swoop in to "save the day" taking control of say, Google perhaps. Gaining access to the bazillion terabytes of data they've accumulated on unsuspecting Americans.

Rabbit said...

Word.

I was on a conference call all afternoon discussing the Company's continuing rollout of 'enhanced security'. Almost all I can say about it is unrepeatable in polite company and our users have already inadvertently found ways to compromise it.

DaddyBear said...

Keith Alexander was my battalion commander in Germany, and he was the 'grab what you can and make yourself look glorious' type back then too.
The function of the government is not to protect private computer networks unless their compromise would be a grave national security threat. And yeah, the brains of the security industry don't reside at Fort Meade.