White House cyber-general says US must be able to cyber-nuke the worst of the cyber-worst The US government must hone its offensive capabilities to electronically attack those who menace America's interests, said the White House's Cybersecurity Coordinator Michael Daniel, quickly adding global ground rules for cyber-war have to be worked out first. On April 1, President Obama signed an executive order that would …
This sort of thing is getting uncomfortably close to the US government requiring that manufacturers put methods into all products that allow the US to remotely, and without control by the user, stop or alter the use of the product.
The products can be hardware, software, firmware, maybe even wetware!
Michael Daniel is the unintended consequence. A general concern for the well being of the nation devolves into a catchall for every nut job who likes pulling the legs off frogs and sharing other peoples nuddie picks. Michael has not even constrained himself to national security or the law but uses the suitably oblique - America's interests. Anyone who demands more power based upon the worst-of-the-worst argument should also be barred from office as we all know where that foot in the door strategy leads - and there it is; "the goal is to create 'norms of behavior'".
On the plus side his analogy with Underwriters Laboratories and pooling resources to improve products is sound. I would like to see the tech world pool resources to help improve government. Perhaps by employing strong encryption in all communications products and storage assemblies, fixing vulnerable hardware interfaces like USB and having OS's report on unexpected changes in hardware and software configuration. Ethics and a reluctance to support projects which are clearly unconstitutional or not in America's interests would also be a positive step.
+1 for that.
Really, the note about UL is the only sane thing but it misses the point - there is a need for standards of software/systems not being shitty that are legally enforced. If your kit fails the UL standards then AFIK you can't sell it in the USA/Canada and if you do you can be prosecuted.
We need something similar for software: a requirement that best-practice (e.g. MISRA coding standards, etc) is used when writing it and the security aspect is properly considered, and finally that timely bug-fixes are provided for free (i.e. covered by the intial sales cost) and are practical to install for 5 years or so after the product family is last sold. Some legal stick is also needed, e.g. making the supplier liable for the consequences if not patched effectively after say 30 days of a vulnerability being reported, and obstructing security testing/auditing of your products to be illegal.
Yes, I know that costs money to do, but if it is a requirement on ALL businesses then doing it right is no longer a cost-penalty compared to the shitty state we currently see.
"The CISPA and CISA legislation that has some people worried will come to a vote this week, and he said the word in the White House is that both will pass without a problem.
Of course both will pass! Our glorious Congress passed the Patriot Act, and set up the FISA Court, and we've basked in the glory and success of both those achievements!
Consider the fruits of American intelligence gathering and pin-point military involvement: Iraq and Afghanistan are stabilized and prosperous, Syria has seen the light and adopted a Constitutional government, Iran and Saudi Arabia are consulting together on the first wave of free elections in both countries; Somalia has been accepted in the United Nations, and Yemen is hosting peace talks between Israel and the newly-mandated Palestinian state. All terror threats against the United States, and indeed, the Free World, have ceased to exist!
Now, concerning that encrypted and unregistered computer sitting on your desk ...
This may be intended as a good thing and it might work (slim chance at best) to at least slow down the amount of state sponsored activity. Two things bother me with this.... no definition of what would trigger such a response. Another SONY type attack? And there's the "leaving the ordinary criminals alone" message...
This is not a tool that's going to be used on a daily basis for ordinary criminals, but to allow us to go after the worst of the worst...", trying unsuccessfully to distance himself from previous efforts by various three letter agencies. It will be used on a daily basis. It will be used against ordinary criminals. It might not be used against ordinary criminals on a daily basis, but I would not bet against it.
We waged war on poverty, drugs and terror. It looks as though we are starting a war on electrons.
... if the US government still had any credibility in the field of cybersecurity, building an open net, protecting diversity and freedom of opinion, ... As it stands, his statements are just some more noise in the propaganda war for controlling the internet of everything.
But in the long term, if the US is to actively go after miscreants online, then it's going to need international cooperation, Daniel said. The goal is to create "norms of behavior" for nation states online in reacting to such threats.
The following, earlier shared here freely with El Regers on the Register program and/or project, is the norm of behaviour for nations states and non state actors, Mr. White House's Cybersecurity Coordinator Michael Daniel? ........... http://www.ur2die4.com/150421/
Disagree if you will, but the truth of the virtual reality of it and Advanced IntelAIgent Command and Control of IT does not alter the fact nor hinder Ab Fab Fabless Progress ...... Stealthy Immaculate Service.
The White House wants its own cyber-terrorist group. .... Evil Auditor
Quite a revolutionary and very lucrative opportunity for that which, and or those who can provide the unique overwhelming source that renders any kind of real and/or dynamic and/or kinetic force obsolete and counter-productive and self-destructive, Evil Auditor.
Is there already a valid POC at the crazy White House where one can engage in negotiating for delivery of product for present and future placement of programs? Or are they happy to have outsourced provision from especial relationships from secret vendors via their chunnels?
The problem is to reliably identify the attacker.
If you want to damage a country, plant malware on its computers that will make them attack the US, and the US will obligingly respond.
Anyone could do this, another country, a blackmailer, or one of these teenagers who delight in getting strangers' houses visited by a SWAT team. Get a whole country SWATted - what bragging rights!
But the most likely attacker, and the one with the most skills to bring it off and avoid notice, is of course the USA. Any country which has oil or other resources that the US wants, or that thinks that having a democratic government means acting in the interests of their own citizens rather than in the interests of the USA, will have its computers taken over by the NSA and used to attack US computers, giving an excuse (as if one were needed!) for a 'retaliatory' attack.
And when have facts or evidence even been needed for states to do whatever they want to do? They simply give some reasoning for what they want to do and tell us we cannot see the actual evidence as that is a matter of national security. Or they just invent and sex-up evidence to 'prove' whatever they want proven.
Remember when Cameron was in the commons trying to get us to arm and fight on behalf of ISIL?
All this bluster and bravado from Michael Daniels, President Obama's Cyber security advisor , about "global" Cyber security rules and standards means diddly-squat if other large and very powerful technology countries like China, Japan and Russia for example, do not agree or go along
with any "American" mandated policies, procdures or hollow threats.
But even before such universal moves, The USA must contend with it's exorbitant national appetite and dependence on software technologies that are globally deemed and have proven unequivocally to be absurdly insecure and unreliable to an extreme degree. The treasure trove of Cyber intrusions against US companies in recent years - for Home Depot, Marshalls, Neiman Marcus, UPS, US Government departments and countess others can be attributed primarily to weaknesses and poorly designed infrastructure of Microsoft Windows software, to the tune of trillions of dollars of economic losses for US economy.
President Obama and his "Cyber" team are ill informed as the depth of this problem for the country, especially since the might and political influence of Microsoft prevents their true learning experience and any pertinent knowledge gained to any relevant level, and the administration is too cozy with Silicon Valley behemoths as to alloy any objective and abstract evaluations that make sense.
Great concept of international Cyber security cooperation and standards, but still a naive pipe dream, particularly given the revelations of USA NSA unscrupulous Cyber snooping on "close allies and their heads of state" and on millions of innocent citizens and children in non-threatening, developed democratic countries as well.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
