Full Version: Cyb3r T3rr0r
For the non <geeks /> on this board, October is National Cyber Security Awareness month. So I'll do my part by spreading some awareness:
U.S. cybersecurity due for FEMA-like calamity??
The farce of federal cyber security?
In this day in age of high speed broadband, wireless, automated, on-demand, digital, hightech mumbo jumbo (yes that's a technical term) we find ourselves increasingly connected to the world around us. But for every new PDA or cell phone that we connect to our shared networks, is another chance to suffer the pains of information or identity theft, spam mail, privacy violations, trojans, virus and worms, or any of the other fun stuff out in the wild. If some 16 year old script kiddie can release a virus that takes networks down across the world, do you think Al-Qaeda might be considering it? So what's a federal government to do?!
Please try to explain your <geeked /> out answers so they make sense to everyone you
s
Do you see cyber-terror as a major threat to the security of America?
What role and scope should the federal government have in protecting Americans from a cyber attack?
What measures should be undertaken to increase the effectiveness of the Department of Homeland Security in dealing with and preventing cyber terrorism?
CSIA
US CERT
CSPRI
Center for democracy and tech.
Electronic Frontier Foundation
U.S. cybersecurity due for FEMA-like calamity??
QUOTE
But more so than FEMA, the department's cybersecurity functions have been plagued by a series of damning reports, accusations of bureaucratic bungling, and a rapid exodus of senior staff that's worrying experts and industry groups.
The farce of federal cyber security?
QUOTE
Over the past several years, various Washington entities, from the General Accounting Office to assorted Congressional committees, conducted surveys and issued reports on the state of the federal government's information security posture. In each case, with few exceptions, the findings range from the scathing to the downright embarrassing, and remain essentially unchanged since the mid-1990s.
In this day in age of high speed broadband, wireless, automated, on-demand, digital, hightech mumbo jumbo (yes that's a technical term) we find ourselves increasingly connected to the world around us. But for every new PDA or cell phone that we connect to our shared networks, is another chance to suffer the pains of information or identity theft, spam mail, privacy violations, trojans, virus and worms, or any of the other fun stuff out in the wild. If some 16 year old script kiddie can release a virus that takes networks down across the world, do you think Al-Qaeda might be considering it? So what's a federal government to do?!
Please try to explain your <geeked /> out answers so they make sense to everyone you
s Do you see cyber-terror as a major threat to the security of America?
What role and scope should the federal government have in protecting Americans from a cyber attack?
What measures should be undertaken to increase the effectiveness of the Department of Homeland Security in dealing with and preventing cyber terrorism?
CSIA
US CERT
CSPRI
Center for democracy and tech.
Electronic Frontier Foundation
ok lets get down to business
Do you see cyber-terror as a major threat to the security of America? Not really a major security threat to America. See the government must has some advanced firewall type thing so they can counter probley all viruses and worms.
What role and scope should the federal government have in protecting Americans from a cyber attack? A major role. I mean I do not have to turn on my computer on and see that Al-Quaeda attacked my PC. OF course I do believe that they should work with companies like microsoft and have them find a way to patch up security
What measures should be undertaken to increase the effectiveness of the Department of Homeland Security in dealing with and preventing cyber terrorism?
The DHS should find new "worms" before they start to infect the PC's. Yes I know it will be hard but if they find the new worms before they attack the PC's they can possibley neutralize it. Now I dont see this as a Bill on the Senate any time soon, so the federal government will do little about this.
Sorry if my answers arnt clear its 3:50AM here and I am tired, just decided to visit because I was playing a game
-Cya-
Do you see cyber-terror as a major threat to the security of America? Not really a major security threat to America. See the government must has some advanced firewall type thing so they can counter probley all viruses and worms.
What role and scope should the federal government have in protecting Americans from a cyber attack? A major role. I mean I do not have to turn on my computer on and see that Al-Quaeda attacked my PC. OF course I do believe that they should work with companies like microsoft and have them find a way to patch up security
What measures should be undertaken to increase the effectiveness of the Department of Homeland Security in dealing with and preventing cyber terrorism?
The DHS should find new "worms" before they start to infect the PC's. Yes I know it will be hard but if they find the new worms before they attack the PC's they can possibley neutralize it. Now I dont see this as a Bill on the Senate any time soon, so the federal government will do little about this.
Sorry if my answers arnt clear its 3:50AM here and I am tired, just decided to visit because I was playing a game
-Cya-
This is what my husband does for a living. The military is getting things together. I know because my husband implemented AKO. Any one in the Army knows what this is. This was like the flagship of all network layouts for all of the US military and I believe the Navy is now implementing it.
I am unaware of what the Airforce or Marines etc. are doing.
As far as the Federal government goes..well my husband is now working for NSF and they are a mess and no they don't even have basic firewalls in place. My husband is implementing a basic authentication/user system in place that is now a mandatory requirement for all Federal networks to have. Apparently NSF is one of the only even bothering with this requirement I think the other he said was the ag. bureau..i don't remember. And NSF is way past her due date.
I think unfortunately it will take some insane computer network crash to make the government realize just how important computer networking and it's protection is. My husband says that he has worked for private companies who practice stricter network security than most of the government sites he has been to. I think we lag in this area and I wish it got more attention and more people were aware at how inadequate it is in the government sector.
I am unaware of what the Airforce or Marines etc. are doing.
As far as the Federal government goes..well my husband is now working for NSF and they are a mess and no they don't even have basic firewalls in place. My husband is implementing a basic authentication/user system in place that is now a mandatory requirement for all Federal networks to have. Apparently NSF is one of the only even bothering with this requirement I think the other he said was the ag. bureau..i don't remember. And NSF is way past her due date.
I think unfortunately it will take some insane computer network crash to make the government realize just how important computer networking and it's protection is. My husband says that he has worked for private companies who practice stricter network security than most of the government sites he has been to. I think we lag in this area and I wish it got more attention and more people were aware at how inadequate it is in the government sector.
I don't think things have changed since the early days of computing at a certain level.
Highly secure government networks are not public networks. If the cyber terropunks can't get on the wire, they can't attack any system on that wire. It's simple physics. Access to the hardware is so tight (and I've experienced this) that civilian contractors, even with high security clearances, might not be allowed to touch a keyboard. It depends on how secure/secret the system is. I once dictated commands to an operator who then entered them, which was a pain, but understandable, and it all paid the same.
Back in the 1980s when the Internet was being built out for the public, including general commerce, I do believe a second network was also built out that was not intended for the public, due to the techies of the time having a good handle on what it takes to be secure. TCP/IP is not secure at all. It's just handy for building wide open networks for everybody to use. SNA is more secure due to point-to-point architecture, like VPN is supposed to work in TCP/IP. They call it tunneling. It's not exactly the same though, and encryption is a big part of VPN.
On my last techie gig, the Unix ports were being locked down. This rippled into applications, so the apps had to be recoded for security. It was a Big Dot Deal, and it was in the context of telecommunications and Internet backbones.
Meanwhile, people are getting smarter with their own PCs and networks. Virus scanners, spy-adware detectors, encrypted wireless LAN, limited access LAN, firewalls and the such are in more common use and getting built into consumer operating systems (XP firewall).
So is cyber terropunk attack a concern? Always. Security is good. It's unfortunate that we had to go through the painful education process of the 1990s, and it's still unfortunate that some people still don't have a clue, but that was to be expected. Or tolerated? Sometimes people will not listen to experienced techies for various reasons, some of them having to do with egos and complex psychological factors.
It might put your mind to rest that the big parts of commerce, like the Fed Reserve, still use dedicated lines and hardware encryption for check/transaction processing. Also that a physical attack on a federal bank is covered by strong disaster recovery exercises, required by law. Here's an example of effective regulation trumping the egos of the mahogany jungle.
Highly secure government networks are not public networks. If the cyber terropunks can't get on the wire, they can't attack any system on that wire. It's simple physics. Access to the hardware is so tight (and I've experienced this) that civilian contractors, even with high security clearances, might not be allowed to touch a keyboard. It depends on how secure/secret the system is. I once dictated commands to an operator who then entered them, which was a pain, but understandable, and it all paid the same.
Back in the 1980s when the Internet was being built out for the public, including general commerce, I do believe a second network was also built out that was not intended for the public, due to the techies of the time having a good handle on what it takes to be secure. TCP/IP is not secure at all. It's just handy for building wide open networks for everybody to use. SNA is more secure due to point-to-point architecture, like VPN is supposed to work in TCP/IP. They call it tunneling. It's not exactly the same though, and encryption is a big part of VPN.
On my last techie gig, the Unix ports were being locked down. This rippled into applications, so the apps had to be recoded for security. It was a Big Dot Deal, and it was in the context of telecommunications and Internet backbones.
Meanwhile, people are getting smarter with their own PCs and networks. Virus scanners, spy-adware detectors, encrypted wireless LAN, limited access LAN, firewalls and the such are in more common use and getting built into consumer operating systems (XP firewall).
So is cyber terropunk attack a concern? Always. Security is good. It's unfortunate that we had to go through the painful education process of the 1990s, and it's still unfortunate that some people still don't have a clue, but that was to be expected. Or tolerated? Sometimes people will not listen to experienced techies for various reasons, some of them having to do with egos and complex psychological factors.
It might put your mind to rest that the big parts of commerce, like the Fed Reserve, still use dedicated lines and hardware encryption for check/transaction processing. Also that a physical attack on a federal bank is covered by strong disaster recovery exercises, required by law. Here's an example of effective regulation trumping the egos of the mahogany jungle.
Just to clairfy,
When I talk about cyber terror, I mean an attack on the general population which may or may not include the government. This would be something like shutting down systems that monitored the infrastructure of a city or crashed public/buisiness computers.
I would classify a cyber attack as trying to knock out, steal, or take down the US Army's/CIA/NSA/whatever IT as a cyber attack. While it might be devestating to the CIA if their servers went down for a few hours, it's not going to have the same sort of "terror" impact that say, shutting down a machine that regulates that amount of chlorine in your city's water.
I myself used them interchangably in the OP. Question 2 should be more along the lines of:
What role and scope should the federal government have in protecting Americans from cyber terror?
I'd like us to focus on the public's security and the government/FEMA's role.
Sorry!
When I talk about cyber terror, I mean an attack on the general population which may or may not include the government. This would be something like shutting down systems that monitored the infrastructure of a city or crashed public/buisiness computers.
I would classify a cyber attack as trying to knock out, steal, or take down the US Army's/CIA/NSA/whatever IT as a cyber attack. While it might be devestating to the CIA if their servers went down for a few hours, it's not going to have the same sort of "terror" impact that say, shutting down a machine that regulates that amount of chlorine in your city's water.
I myself used them interchangably in the OP. Question 2 should be more along the lines of:
What role and scope should the federal government have in protecting Americans from cyber terror?
I'd like us to focus on the public's security and the government/FEMA's role.
Sorry!
What role and scope should the federal government have in protecting Americans from cyber terror?
Good question. The example of a municipality's water works getting cracked and attacked should be overseen by government, as in security inspections from a third party auditing outfit. I can envision the computer controls being available via LAN, firewalled from the Internet, and having ways of securing remote access -- similar to what telecommunication outfits do to allow 24x7xforever coverage for the poor tech support folks. I like the token generators, but bioscan looks interesting too and is now available on IBM laptops. (I don't have any of that stock.)
So the feds should regulate, the municipalities should conform, the third-party auditors should ensure compliance, and the techies should be heard if they have a security gripe. I don't suppose the feds would offer funding though. The bank has been busted for something else.
When it comes to small business and family LAN, that's different. The impact wouldn't be serious to the rest of the community, so these folks should be on their own, and if they're smart, they'll harden their own machines and networks. It's doubtful that terrorist attacks would do something this small, but it is amazing how small businesses ignore fundamental IT principles, like data backup, fault-tolerance, power conditioning, disaster recovery, and of course security. It probably costs too much.
Good question. The example of a municipality's water works getting cracked and attacked should be overseen by government, as in security inspections from a third party auditing outfit. I can envision the computer controls being available via LAN, firewalled from the Internet, and having ways of securing remote access -- similar to what telecommunication outfits do to allow 24x7xforever coverage for the poor tech support folks. I like the token generators, but bioscan looks interesting too and is now available on IBM laptops. (I don't have any of that stock.)
So the feds should regulate, the municipalities should conform, the third-party auditors should ensure compliance, and the techies should be heard if they have a security gripe. I don't suppose the feds would offer funding though. The bank has been busted for something else.
When it comes to small business and family LAN, that's different. The impact wouldn't be serious to the rest of the community, so these folks should be on their own, and if they're smart, they'll harden their own machines and networks. It's doubtful that terrorist attacks would do something this small, but it is amazing how small businesses ignore fundamental IT principles, like data backup, fault-tolerance, power conditioning, disaster recovery, and of course security. It probably costs too much.
QUOTE(AuthorMusician @ Oct 11 2005, 04:22 PM)
So the feds should regulate, the municipalities should conform, the third-party auditors should ensure compliance, and the techies should be heard if they have a security gripe. I don't suppose the feds would offer funding though. The bank has been busted for something else.
I would pretty much agree with this statement but I don't think this is what the DHS's US CERT is doing. In my opinion, it's trying to be a security company. Tracking viruses, assigning severity, generating real time alerts etc. etc is redundant and a waste of resources/tax payer's money. This sort of information is already available to the general public and companies. I think Homeland Security is trying to do way too much and streatching themselves too thin to be effective. As noted in the articles, their is a lot of bueracracy in US-CERT. Red tape makes cyber security darn near impossible to keep up with. Demanding and ensuring that your local water works uses XXX bit encryption is more effective than trying to tell them to watch out for the new Blaster variant.
In terms of trying to prevent a cyber terrorist attack, I think that the government should focus on 1.) Protecting itself. 2.) Handing down regulations that municipalities must conform to. 3.) Education about cyber security, both to the public and companies. Security's weakest link is always the human factor. The best firewall in the world wont help you if I can socially engineer the nice little lady at the front desk to let me into an office and plug into your network (thus by passing your super firewall).
This is a simplified version of our main content. To view the full version with more information, formatting and images, please click here.