Cyber attacks threaten the "very existence" of the US, according to a top FBI official charged with worrying about such things. "The cyber threat can be an existential threat - meaning it can challenge our country's very existence, or significantly alter our nation's potential," Steven Chabinsky was quoted by Computerworld as …
"Cyber attacks threaten the "very existence" of the US, according to a top FBI official charged with worrying about such things."
sudo rm -rf /countries/united-states-of-america
or what ?
"Mr. Chabinsky joined the FBI in 1995 as an attorney in the Bureau’s Office of the General Counsel. In 1998, Mr. Chabinsky became Principal Legal Advisor to the National Infrastructure Protection Center (NIPC) and later served as senior counsel to the Cyber Division.....
Prior to joining the FBI, Mr. Chabinsky worked as an associate attorney in the law firm of Simpson Thacher & Bartlett in New York City, and clerked for the Honorable Dennis G. Jacobs (now Chief Judge) of the United States Court of Appeals for the Second Circuit. Mr. Chabinsky graduated with honors from Duke University in 1987 and from Duke Law School in 1990."
If Mr Chabinsky secures a system it surely is penetrable. I do have some doubts though, if somebody with a CS degree working for the last ten years for NSA/CSS is defending it. Especially if he has the help of about 2000 buddies with very similar qualifications.
Time to kick the lawyer and put a CS person in charge. Oh, I forgot they annoy the gubbermint drones....
Now that's 1337
So what they're saying is cyber villains could actually delete the country?
Yeah, imagine a Communist Cyber Warrior (CCW) dragging USA.exe into the Trashbin. That is going to be the end of the United States of America !
The elite CCW will be even more sophisticated:
..every computer is a handgrenade wating to explode the U.S. of A !!!!!!
If the threat is serious
Why is any part of the US government still using Windows?
Or is this a case where ignorant lawyers and MS fanbois prevent taking that action?
What puzzles me (as it has other readers): why is an IT section of the government headed by a lawyer? You can't learn about IT security by reading "IT Security for Dummies", dummy!
Spot the dummy
At least he's not so dumb as to think that removing Windows will magically close all security vulnerabilities. Thank <insert deity here> you don't have any security responsibilities yourself.
RE: Spot the dummy
"At least he's not so dumb as to think that removing Windows will magically close all security vulnerabilities."
...but as we all know from reading El Reg, Windows is absolutely riddled with security holes!
Can't win, don't bother trying. Gotcha.
Removing Windows would "magically" reduce the number of vulnerabilities. But I suppose that offends your fanboy sensibilities.
Spot the other dumy
"At least he's not so dumb as to think that removing Windows will magically close all security vulnerabilities. Thank <insert deity here> you don't have any security responsibilities yourself."
At least he's not so dumb as to think that because dumping Windows won't close ALL security holes, it's not worth dumping. Windows shop, perchance?
Lawyers in charge
It could be worse; It could be an accountant.
The replacement and handover periods would create a vast amount more vulnerabilities, especially to social engineering. It is pointless, at this stage, to indulge in "Well, you shouldn't have used" arguments since they DID use, and now they have to deal with it.
Religious arguments are rarely logical, even in the security sphere.
Accountants are not sucking society dry and taking the fun out of everything as well are they?
A good thing...
...because if the US ceases to exist, then the water is going to have to fill the space where the landmass was, and that will counteract the rising of sea levels due to climate change...
Paris, becausre she'd agree with me.
The horror, the horror!
"I am convinced that given enough time, motivation and funding a determined adversary will always - always - be able to penetrate a targeted system."
Let me think...
Israelis hoovering up various state secrets (not to mention a few kilograms of highly enriched uranium) and Turks pulling in the nuclear goods by just bribing or blackmailing _very very_ highly placed retards (like, no.2 highly)?
No? Swept under carpet? Gag orders issued and never mentioned again? No-one's worried then.
Ah, hold on, we are talking about CHINA? Ok, now THAT's serious!
It doesn't have to be like that
"I am convinced that given enough time, motivation and funding," he said, "a determined adversary will always - always - be able to penetrate a targeted system."
Quite true, ignoring serious hardening of selected systems. it follows that the existence of the US is indeed under threat, but only if that existence is dependent on Cyber-purity.
In other words, if you admit you can't prevent attacks succeeding, then perhaps it would be better to pull back from the headlong rush to use the internet as a means of linking all aspects of life under govt control/oversight. Shit, I thought the individual states valued their independence - can it really be true that they are in danger of all going down together?
Now that's 1337
Don't they have a backup?
Or do they mean like when somebody deleted the root DNS entry for Sweden recently?
Good job nobody uses the .us domain
I think I smell someone at the US government Pork Barrel...
Sounds like a soundbite closely associated with a request for funding to me.
Q: The US cease to exist?
A: Don't be daft!
a man after more budget
"He's the assistant deputy director of National Intelligence for Cyber, the chair of the National Cyber Study Group, and the director of the Joint Interagency Cyber Task Force."
I understand this to mean that he talks dirty to people online for a living.
wanna cyber, indeed...!
I lost track of how many times the word "Cyber" is used in this article.
I learned about fifteen years or so ago that the more times the word "cyber" is used in an IT/internet-related news article or press release, the higher the chance that it's complete bullshit -- not to mention that the early '90s called, and they want their beat-assed old expression back.
Hell these guys' ravings are missing only the references to "Electronic Pearl Harbor" to be complete.
Whilst this is obviously just a bit of sensationalism comming from the mouth of a guy looking for a better budget and propping up the continued applied pressure of fear on an already fear ridden society, there is much that he can do without the need to develop this silly proprietry, expensive, non standard and difficult to support IDS system.
Switch the desktops to linux for a start. Your virus / trojan threat just dropped to near zero. They have direct control over every line of code and arenot at the mercy of large corporations to fix gaping security bugs.
All they need is a handfull of decent Linux developers to seal up code as and when required. Some well configured cisco firewalls and a bit of education to the users in basic threat avoidance "dont click on those viagra ads".
I really dont know why governments make such a big deal out of IT and Networks, constantly referring to it as "Cyber".
If us mere shitmuncher civillians can secure our networks then why cant they?
It's pathetic that they will spend billions on this when everybody else does it for for nothingor maybe a the cost of the firewalls and switches.
'a bit of education to the users in basic threat avoidance "dont click on those viagra ads" '
That alone would do so much! I support my family & friends with LINUX now, and one individual who shall remain nameless downloads various .exe and tries to install them. Now he gets nowhere because (a) he has not got sudo privileges (his wife has), and (b) it is a LINUX system, doh!
He does not understand either of those points, which is why they have had no infestations since I switched them. But you can see how that fails for the general population who look after their OWN systems and still click on stuff...
Hmm let me think
"If us mere shitmuncher civillians can secure our networks then why cant they?"
Due to the nature of some of the stuff they protect, they are the target of much higher volumes of much more sophisticated attacks than the average home or corporate network sees. Secondly they have very large complex networks that offer more locations that can be attacked so just configuring a few border firewalls is not in any way going to be effective.
This is not to say that the IDS / IPS system is foolproof... no matter how good it is it will only detect well known attacks, or attacks that create noticeable changes in traffic patterns. As the man said, determined attackers can breach any system, and attacks with unique signatures that limit their bandwidth usage (to stop from changing traffic patterns to any great extent) will still fall below the radar quite easily.
As for switching to Linux - while I like Linux, it has seen it's share of vulnerabilities over the years and there is no reason to believe it's now completely free from vulnerabilities.
This guy may be a lawyer, and his comment about the destruction of the USA is certainly aimed at getting more budget, but I see nothing in his comments or yours that would lead me to believe you know more about network security than him.
@ Linux twat
So get rid of Windows because it's closed source and replace with Linux, becuase they control the code.
Then stick in Cisco firewalls? eh? What?
You do know Cisco used closed source code?
If your that big a linux fan boy, why not use Linux firewalls? What you didn't know they exist?
Ha ha ha ha ha ha haaaaaa....
Now stop listening to what you school friends say and leave the real world to the grown ups. Beacuse you may find that trying to get all the apps used on millions of machines to work on Linux may not be quite as simple as just swapping them out. Tools for the job little boy, tools for the job.
"As the man said, determined attackers can breach any system, and attacks with unique signatures that limit their bandwidth usage (to stop from changing traffic patterns to any great extent) will still fall below the radar quite easily."
Yes, but that observation applies to any kind of security. The question is why is this cause for panic, or even a raised eyebrow? If this situation has existed for a while, continues - and will continue - to exist, you can get as hyperventilaty about it all as you like but the problem isn't going to change, not even when you implement <insert_name_of_trillion_dollar_project_here>. Just get used to the idea, breathe from a brown paper bag for a moment, and then disconnect all your computers from teh Internets. Its the only real way to make sure they're secure.
Also - does it strike anyone else that the statement "THUH USA COULD BE DESTROYED!!!!!!!!!!!!" is a little bit teenage?
For one thing the USA consists of land, sea, people, institutions, shared beliefs, shopping malls, and so on. How a cyber-terrorist - even a really good one - could cause the USA to literally disappear off the map is a little puzzling. I suppose in an utterly believable Hollywood scenario a cyber-terrorist could detonate all the States' nukes simultaneously, but as the USA is in control of its own nukes maybe that should be a lesson to the pea-brains in the Pentagon that they are actually part of the no-nukes treaty and maybe they up their efforts to get rid of the fucking things before someone has the bright idea of using their own weapons against them. (Would you try and fight Bruce Lee with a knife? No - because you know he'll take it off you and make your life worse than it would have been if you'd just decided to be a man and face him sans weapons).
Anyway the nearest the USA came to actually collapsing was a year or two ago when the greedy fuckers who keep our money in trust caused everyone in the entire world to eat shit because they'd screwed up. Because money rules the world even though you can't fucking well eat it. You want to be secure - think of and implement a fairer organising system for humans where the rich aren't so rich, the poor aren't so poor, and where no-one plays that bloody John Lennon tune whenever anyone goes on about imagining how things could be better.
"seek every day to steal our state secrets and private sector intellectual property, sometimes for the purpose of undermining the stability of our government by weakening our economic or military supremacy."
... is like Fox News claiming that Middle-America has total news-domination (via Fox News) and yet is totally under threat</Charlie Brooker>. Which is it? Domination, or under totatally threat? Place your bets now.</Banzai>
Should use _administered_ Linux
Similar situation here: I set up a totally computer-illiterate aunt with a stable Linux desktop, which she uses mainly for e-banking and mail. I shudder to think what would have happened with Windows, as she has no concept of the various software layers (OS versys apps versus the hardware) and if a piece of malware popped up a dialog box sayin "click me to remove viruses", she would certainly click it... The root password is known only to me (she doesn't even know there is such a thing), and updates are done when I visit her. After some initial problems, she has been using the system daily, with many months passing between "service calls" to me.
Too bad this solution requires a "nerd" in the family, but maybe this could form the basis for a service business? Hmm, maybe I should start thinking about it.
Who's the Tw@t?
"Now stop listening to what you [sic] school friends say and leave the real world to the grown ups. Beacuse [sic] you may find that trying to get all the apps used on millions of machines to work on Linux may not be quite as simple as just swapping them out. Tools for the job little boy, tools for the job."
You honestly think the majority of people in Government are using Windows-only software packages that aren't web-based or can't be exchanged for OpenOffice? What's that about "real world," name-caller? http://arstechnica.com/apple/news/2007/12/army-using-macs-to-beef-up-security.ars
It would take about three days to install Linux and OpenOffice in my office and most wouldn't even notice the difference.
And learn to type before calling people names. Twat.
"They have direct control over every line of code and arenot at the mercy of large corporations to fix gaping security bugs."
I take this to indicate that you have spent absolutely zero time in serious government circles, or even bothered to think about it very much, because if you had you had you would understand that where security is seriously at issue, governments have source licences to the OSes that they use.
Control over source code is not an issue. Shit, _you_ could go out tomorrow and buy a source licence for Windows, key word there is 'buy', and it's unlikely that a freetard could afford it, or would abide by the licensing terms and the NDA, but still.
Lots of zero knowledge posts from freetards and fanbois today, as usual.
Think, don't shudder. Better - measure and know.
"I shudder to think what would have happened with Windows, as she has no concept of the various software layers "
Then let me provide you with a clue : nothing.
My pensioner mother does all these things with no ill effects on an XP box. I like linux, use it all the time, but this foamy hyperbolic bullshit is really boiling my piss, y'know ?
And once again, 'truth' vs reality
"It would take about three days to install Linux and OpenOffice in my office and most wouldn't even notice the difference."
Go on and do it then, money where your mouth is. Not long ago a client did exactly this in a misguided attempt to save on licensing costs and people sure as buggery noticed. They really noticed, and they were really, really unhappy. Not because there is anything intrinsically wrong with either linux or OOo, mind you, but because it wasn't what they had spent years getting used to and learning. It was different, and they were immediately deskilled. That upsets people.
Their support workload went through roof, and stayed their for a really long time, the results of which were felt throughout the organisation even by people not directly effected by the switchover.
Depending on how you structure your support costings, these things don't necessarily show up on the bottom line, but they are still costs.
If you had real world experience of what you're talking about, you wouldn't be any where near so fucking glib about it. Sure, move to linux desktops and OOo, but get a fucking clue about how to do it properly first, and don't imagine for a moment that 'no one would notice'.
And by the way, if it would only take three days, your user base is tiny, so again, you really don't understand the realities of what is involved with doing this with a large user base.
Ranting for the sake of it... Seriously...
@The Other Steve: You need to cut back on your coffee a little
Any transition from one OS to another is going to mean costs. Thats a given. Its wrong of people to think that enterprise Linux is "free" or even particularly cheap and its wrong to think that Linux is magically more secure than Windows - at least modern versions.
However, your ranting has started to move into the fanboi sphere (claiming "I use linux" doesnt change anything either).
I totally agree about the issue (cost and user resistance) involved in migrating users from (for example) Windows XP & MS Office 2003 to Linux / Open Office. Most users will get annoyed and you have to budget in training, support etc.
Now, try the same experiment moving users from Windows XP / MS Office 2003 to Win 7 and / or MS Office 2007. That was fun.
Not only did everything cost a fortune for licences but (and this was in two stages) there were a constant barrage of complaints, problems etc. Sadly the organisation didnt learn from the 2007 transition and faced exactly the same user resistance for Win 7.
Moving to a *nix / Oo package would have caused the same issues, but licences would have been less and the change would have been done.
Every MS upgrade has massive issues with only a token carry over from previous ways of doing things. Every time (3.51 to 4 to 2000 to 2003 etc) there are small but noticable changes and we are paying for the right to do this ourselves. Great hey?
The only reason MS surivives this crock of shit madness is almost every single user has Windows / Office at home and are used to its weird ways of doing things. Give the cost vs salary issues, I can only assume most home users have a warez version of office so the best way to get Linux everywhere is to implement better DRM on MS products...
And no, I dont use linux (I have a copy of Ubuntu on a VM but thats it), I have a copy of Office 2007 (legit) but I do use Open Office for about half the tasks.
"However, your ranting has started to move into the fanboi sphere"
Fanboi, of what ? Fanboi of clue, sure. Fanboi of a pragmatic and completely platform agnostic approach to solving IT problems ? Yup. Fanboi of professionalism ? Guilty. Fanboi of calling out clueless freetards for saying things are clearly and verifiably nonsense? definitely.
"(claiming "I use linux" doesnt change anything either)."
Except that it does, I've been a linux user for more than a decade and yet somehow it hasn't turned me into a dribbling retard who thinks it is the one true answer to everything.
I also pointed out that I have no problem with moving to linux desktops and OOo - indeed I've seen it done properly and had clients save money, what I do have a problem with is the idea that OSes and productivity suits are fungible and that you can just swap them out without giving it any more thought than that.
As you yourself have just so ably pointed out, this is very much not the case.
You are turning into a ranting fanboi like it or not. Go and re-read your comments. You need some sedatives.
Tell me again how much easier it is to switch from XP/Office 2003 to Win 7/Office 2007 vs [insert distro]/oo
To be fair though, I did like your rant before and its a shame the moderators deleted it.
25 years ago.
One of my IT friends called me up because he had a significant problem with people hacking his network over phone lines.
"Hang up the line and get out of the building the hacker is in the basement."
"I am convinced that given enough time, motivation and funding," he said, "a determined adversary will always - always - be able to penetrate a targeted system."
Fuck me, lucky that evil cyber-genius McKinnon was really luckily looking for UFOs then - otherwise he'd have DELETED THE COUNTRY!!
Won't somebody think of Chabinsky's children - or at least their college fund?
""The cyber threat can be an existential threat - meaning it can challenge our country's very existence, or significantly alter our nation's potential,""
The context's rather important, here. I mean, if he's just establishing parameters, he's perfectly right. Any modern nation is hugely dependent on telecommunications, and these days almost all telecommunications are in some sense dependent on Teh Intarwebs. So, it is perfectly logical to say that a threat to the communications infrastructure is indeed an 'existential' one.
Or are you all really arguing that if all of the U.S. lost all internet connectivity, that wouldn't "significantly alter [its] potential"?
Now, if what he's saying is that he reckons there are real people out there with the knowledge, means and motivation to actually do that, then obviously he needs some fairly solid evidence or he's just scaremongering. But the article doesn't provide enough context to know exactly what he meant.
So let's put two and two together here:
Two: "the cyber threat can be an existential threat".
Two: "given enough time, motivation and funding, a determined adversary will always - always - be able to penetrate a targeted system."
Four: Therefore, no matter how much you spend on cyber security, it will never be enough. The only way to save the USA is to make sure that no "determined adversary" ever gets money and time. He's not angling for a budget to ramp up security: what he wants is a license to actively hunt down every hacker on the planet.
Cyberthreat to vital buzzwords
3 likely reactions:
1, Businesses realize that computers and networks are an integral part of their infrastructure and insist on some security and reliability by design. So that virus and hacks become as rare as bridge failures. This benefits all computer users as normal desktop OSs become as secure as specialist secure OSs.
2, A giant government TSA style organization is setup to monitor and secure all critical infrastructure. Your small town’s sewage plant has to spend millions replacing all it’s computers with identical government approved systems. All these systems are identical so when a flaw is found everything in the country is vulnerable.
More mall cops are hired to protect sewage works. Workers have to have security checks, engineers who maintained the systems for years are fired because they have a dope bust from the 60s and cheap contract replacements are brought in by Haliburton.
3, They use the Patriot act to make anyone talking about this sort of thing a terrorist. Any student that investigates an open TCP port or reverse engineers a system is imprisoned.
Engineering schools adopt a zero tolerance policy for studying anything outside the approved course material.
Guess which one they will go for?
he he he he, ha ha ha ha
blarney, I don't find the threat to the existence of the US to be of any major concern to me, but the threat to the potential of the US hold many exciting possibilities to me.
The possibility of Global economic stability, the potential of Global peace breaking out, the potential to the end of a climate of fear.
Bring it on, fuck the US, who gives a shit.?
Expecting howls of outrage fom the sceptics and from the poodles.
Expecting howls of rage?
Just over a missing icon?
Well, if it'll make you happy....
Let's face one fact - cybercriminals are 99% in it for the money. You might get a disgruntled ex-employee with a score to settle, or a script kiddie looking for fame in all the wrong places, but other than that it's a cashflow situation.
Now, the electronic equivalent of 9/11 is NOT going to help anybody in the end. So, to be honest, I call bullshit on the threat of the very existence of America. I think the various cybercriminals are doing quite nicely in their own niches ripping off media, credit cards, services, and whatever the hell other routine espionage they can do. Because smoke and fireworks is great for "BREAKING NEWS" headlines, but it won't bring home a Happy Meal. Far better to sneak into Google and see if you can't download the source code to the search engine mechanism. Black hat SEOs would pay good money for something like that, and good money is what it's all about.
Fail icon, because America is capitalist, they oughta understand the concept of chasing a buck...
M.A.D., hackers, teats, etc.
"...the electronic equivalent of 9/11 is NOT going to help anybody in the end."
Neither does suicide bombings, but they still happen. The old cold-war-era thing about "Mutually Assured Destruction" being a preventative, doesn't apply anymore.
"...cybercriminals are 99% in it for the money."
So hire some cybercriminals and pay 'em sh1tloads of cash to sabotage spy satellites (feed false info perhaps?) or power plants or those newfangled remote-controlled military aircraft or whatever else. Possibilities are endless.
Some of the alleged state-sponsored terrorists seem to have pretty powerful financial backers who fund their activities so money shouldn't be an issue.
It's not paranoia - it's just reality, and it's wise to figure out how to deal with it. Since much of Joe Blow Public is made up of idiots ;) and stoners and couch-potatoes, the gov't needs to dramatacize things a bit to get people's attention (and funding).
An ounce of prevention...
Something else: Like it or not, some prominent western democracies are basically sucking off of the U.S. teat as far as defensive capabilities. What affects the U.S., also has ripple effects in other nations. Being a lapdog has its downside ;)
I'm just sayin' ...
P.S.: Don't kill the messenger :)
Dude, FOSE The Attitude.
"at the Federal Office Systems Exposition, better known as FOSE, in Washington DC"
Which may help to explain why the Exposition idea has not caught on at local level.
What a muppet.
"a determined adversary will always - always - be able to penetrate a targeted system."
Not mine you won't.
Not when its encased in foot-thick concrete at the bottom of the ocean!
Or, to be more realistic, a nice fat air gap between the net adaptor port and the Cat5. (simples!)
#format USA: /q
More than 1 attack vector
Air gap just means they cant hack you over the internet.
Many other ways to skin the cat all the while convincing it you really are a vet.
is entirely what the bloke is getting at.
Besides, haven't you ever tried to take a cat to the vet? you have to roll it up in a towel.
Anyway, what about a good air gap between it and anything else, including the hackers themselves, and all portable media? Closed system. <Zerograv=ON>
I think this quote is from Chabinsky, too
"Hackers penetrate and ravage delicate public and privately owned computer systems, infecting them with viruses, and stealing materials for their own ends. These people, they are terrorists."
High-Profile Web Front-End NINJA Attack? *
"So what they're saying is cyber villains could actually delete the country?" .... Pablo Posted Wednesday 24th March 2010 21:34 GMT
Not quite, Pablo. They're saying that cyber genie could run the country although the paranoid schizophrenic will be pimping that they can overrun and takeover the country, which is something similar, but it is presented that way because they are screwing the System to pay them loadsamoney and buckets of flash cash to spin Doom and Gloom to justify Pork Spend on Defence which Morphs into Attack to Create Third Party Defence which is Spun as Attack ....... for a Pathetic Intellectually Bankrupt Destructive Loop ...... which is Madness Confirmed at the Executive Order level.
""The cyber threat can be an existential threat - meaning it can challenge our country's very existence, or significantly alter our nation's potential," Steven Chabinsky ...."How we rise to the cybersecurity challenge will determine whether our nation's best days are ahead of us or behind us," he added."
Purchasing* such a powerful threat vector driver will obviously engage a Valuable and Quite Foreign Asset and Alien Resource and would immediately provide Stealthy Security from that type of Existentialist Threat. IT doesn't get any simpler/more complicated than that, surely?
* Give any Being what they Need for Feed and you will control them Absolutely .... and they you ...... for a Most Convenient, Mutually Reassuring Reciprocality which costs virtually nothing whenever Credit Transfers are but a Mouse Click or two or three .....
"Chabinsky was certainly emphatic in his warnings. "I am convinced that given enough time, motivation and funding," he said, "a determined adversary will always - always - be able to penetrate a targeted system."" And aint that the truth, although it is only half the truth, for the half that is missing paints an even more dire/more invasive picture, for once the methodology is established, can the "adversary" penetrate targeting systems and reprogram them at will, with ease, to
follow alternate lead instructions/Command lines.
"...the FBI's Chabinsky wants to talk with you. He told the FOSE crowd that the FBI is looking for agents who can "talk the talk" to join the cyber-wars against cyber-baddies." ....... Is there a direct email address, El Reg Rik, or can one expect Uncle Sam's supposedly ubiquitous Snooping Systems to have provided them with Node/Persons of Interest to Contact.
And please can I have my Blog site up and running again, if you are not going to be doing anything Positively Engaging and HyperRadioProActive with Alien Communications in Quantum Control Systems. Thanks. :-)
And please, no wise cracks about Nurses and Meds, for Everything is as IT should be and in Perfect Working Order.
I suggest reading Kierkegaard and Nietzsche to get an understanding of these problems.