Money for old rope.
500 million pounds spread amongst 'hundreds of hackers. By my reckoning that at least half a mill each. Where do I sign?
The UK's Ministry of Defence wants to recruit an army of computer experts to serve as "cyber reservists" to defend national security. Defence Secretary Philip Hammond said the MoD will take on "hundreds" of IT wizards to work "at the cutting edge of the nation's cyber defences" at a cost of up to £500m. The tech talent will …
I'm considering signing up myself.
Admittedly I'm a designer and as such have no formal qualifications in securing computer systems. I'm assuming though that they're using the usual government and media definition of 'hacker'. I believe I'm just as capable as the next man of guessing someone's Facebook password.
"I'm considering signing up myself."
They'd probably recruit you. But if they wanted to do this, then the first person on the recruiters list should be that schoolboy arrested the other week. Script kiddie or not, he seemed to have caused some mayhem, which would appear to be the desired outcome of this half-a-billion-before-we've-even-started programme.
Having said that, I don't see any real world benefit to the UK from frittering £500m establishing the First Battalion Cyber Troublemakers, regardless of who they recruit. Looks like it is just politicians spending many hundreds of millions the country doesn't have on something it doesn't need and hasn't voted for. Business as usual, then.
"But if they wanted to do this, then the first person on the recruiters list should be that schoolboy arrested the other week."
Absolutely not. Security companies have no business employing criminals in some "set a thief to catch a thief" mentality, apart from anything this guy got caught, so he's not that good, is he?
"apart from anything this guy got caught, so he's not that good, is he?"
Well, the NSA have been caught red handed, but they seem quite good at data slurping, so I don't think we should conflate the ability to do one thing with the ability to cover up that you are doing that.
If your intention is offensive cyber ops, then you can put additional resource into covering your tracks that may not be available to schoolboys, I'd have thought.
We are now going to have a trade minister that helped damage the security of hundreds of thousands of people in the UK thanks to the use of systems provided by a US company headed by somebody with links to spyware (BT, Ian Livingston and Kent Erturgrul), and whose activities probably makes the hacking activities of the newspapers look like child's play by comparison (but then we have a PM that thought hiring Andy Coulson was a good idea - so that at least should not come as a surprise).
GCHQ didn't seem to think it was worth knowing about (see https://www.dephormation.org.uk/index.php?page=83 - in particular that last part of the article).
A better start would be to stop actively undermining security. But then I guess it would be rather unrealistic to expect that, as depressing as that is...
Ok, the idea of getting cheap part-timers to do essential work is very Tory, but it doesn't go far enough. This should be privatised. Then we could set up El Reg Commentards plc and do a proper job of defending the cyber-interests of the British people (start by blocking all NSA, GCHQ and government internet access...)
> protect critical infrastructure and data stores were the country to come under electronic attack.
Or in this case, to unplug "critical infrastructure" from the source of all evil?
Seriously, you'd hope - against all common sense and reason - that anything that was actually critical would be a long, long way from being accessible over the internet.
> "cyber weapons" could be used along with regular munitions in future conflicts.
Excellent idea. Collect up all the computers and throw them at the enemy. Especially in an assymetric warfare theatre (the defining type of war in the 21st century), where one side has a great big target painted on its arse and the other is coming at it with a pitchfork.
"Seriously, you'd hope - against all common sense and reason - that anything that was actually critical would be a long, long way from being accessible over the internet."
Actually, there's a lot of good reasons why some SCADA is internet connected; obviously you would hope that it has adequate protection to misuse, but I don't think that we should consider that no infrastructure must ever be connected to the internet - in practical terms any remote access, for example leased lines within the PSTN could be equally vulnerable.
The most important measures are (1) good basic connection security, and (2) adequate safeguards to stop plant being crippled if that security is breached. As Stuxnet showed, air gapping won't necessarily protect you. In that case, a simple independent speed governor on each centrifuge could have stopped the attack working, at a few dollars a pop. The most remarkable thing (if you believe Western accounts of the "success" of Stuxnet) was that the Iranians watched about 1,000 centrifuges go bang before they cottoned on.
Operators well might choose to persist with using the convenience of internet connectivity for their plant, and accept the risk of some modest inconvenience (for example DOS attacks, or even intrusion), but as long as the attackers can't cause lasting damage then the threat is of no greater severity than (say) the occasional power cuts we are already exposed to.
> Seriously, you'd hope - against all common sense and reason - that anything that was actually critical
> would be a long, long way from being accessible over the internet.
Step 1) Have a play on SHODAN http://www.shodanhq.com/ (although it appears to be dead at the moment)
Step 2) Be sad because of what you have seen.
"he also uses the word "cyber" which to me is a big flashing neon sign shouting "I have no idea what I'm talking about""
Well, to be fair you know he's no idea what he's talking about because he's a politician, with a degree in philosophy, politics, andeconomics.
The term cyber warfare (or cyber anything) isn't very attractive, but what convenient term exists for this? Looking on the bright side, those doing cyber warfare will presumably by cybermen.
"Don't tell them your password, Pike!"
"Er, I think I may have left it on the train, Mr. Mainwaring, sir."
"What's that you've got there, Corporal Jones?"
"It's a packet sniffer sir. They don't like it up 'em. Not up their backdoors they don't, sir!"
Oh, the fun we're going to have with this one ;-)
This is just to make it look Elgov is doing something without actually bothering to look into the issue & coming up with a real plan
If they were really concerned about IT security they do some of the following things;
- Stop encouraging the idea that 100% of all computing devices should be connected to the internet, regardless of necessity.
- Make the Orange book from the 1980s US DoD Rainbow series mandatory reading at high school so everyone can understand the concepts of password security
- Again stop promoting the idea that everywhere needs wireless, in some cases wireless so powerful that it can be accessed 200 to 300Ft outside the premises.
So, firstly, we had the "Cyber Specials" for the Met that were going to do this. That sank without a trace.
Then this "Cyber TA" was announced a few months ago. Conspicuous by the complete lack of action on it so far. Much like the CISP.
Now it's party conference season. Time to recycle a bunch of old policy initiatives again and see which ones the Civil Servants choose to run with. Maybe this is also intended as a kick up their collective arses as well.
Not holding my breath for action on this one.
"Something along the lines of the little seen dress uniform from Star Trek TNG. Mini-dresses for dudes."
Mini-dresses for the dude-ettes, you mean?
Speaking for myself, the uniform must have a cloak. Think Star Wars, LoTR, Hairy Potter, Gladiator, Black Adder, all the best characters have cloaks.
A cloak is a given as, I'd suggest, would be a propeller cap. As the vanguard of Her Majesty s armed forces, I also feel it appropriate that they should all be knighted. In lieu of a mount, sword & shield, they can ride forth into battle on their office wheely-chairs bearing a usb stick and motherboard. The enemy will not know (or care, but we won't mention that bit) what hit 'em!
The article on the MOD site reads like this is really just a job-creation scheme for squaddies, as small compensation for the many who have lost jobs in the cuts. They've added some support from an electronic version of the TA to give it some semblance of purpose and kudos, but it is hardly going to deter.
Most squaddies have left school before completing formal education and have by the MOD's own records a reading age of an 11 year old child.
Many when I was involved in the MOD DIIF project needed help with PC literacy, simple word processing, email writing and online self service MOD benefits claims.
Yeah Dads Army sets the right tone and expectation......I can see them tripping over themselves as they try and get both left feet in front of the other whilst wielding their pitch forks which they have managed to snag their capes on...............lol
Or is it
Keystone Cyber Cops running in ever decreasing circles.....
At the bottom of this page:
Interesting to see that they mention " Selection into the pilot scheme will recognise the unique attributes and potential contribution of individuals who might otherwise not be attracted or able to serve in the Reserve forces." I wonder what they're willing to overlook; massively impaired social skills, horrific levels of physical fitness, criminal records, mental instability?
> massively impaired social skills, horrific levels of physical fitness, criminal records, mental instability?
And that's quite enough about the government.
I don't expect the RAMBusters Mission [cue stirring patriotic music] to amount to much. Which is a shame, because protection of critical electronic infrastructure isn't a bad idea really.
But it won't do anything useful if the usual suspects are managing it.
Right then lets get recruiting! Send in the new meat Darling.
Too Fat! Next
Too Spotty! Next
Good god he must be in his 40's! Next
Hmmm this one seem's ok, no wait he has a police caution for drunk and disorder, can't have that on our security clearence what what! Next
Look Darling i know we have to be 21st century but is this post open to women as well? whats that boy? Well we certainly won't have any of that in my unit bloody hippies with their long hair. Next
Ah Beufort-Smith i havn't seen you since we beat those poncy etonions, says here you once used a computer come in! Sit down i am sure we have a command position for you
Puts on a bad Churchill voice.
We will fight them on the Ethernet cables,We will fight them on the firewalls,we will fight them on the network switches and on the motherboards, we will fight them in the hard drives; we shall never surrender.
I am sorry I could not resist I will get me coat
The following conversation highlights the train wreck which is any government rather than a private operation providing Future Failsafe ... well, CyberIntelAIgent Security and Virtual Protection Services with Out of this Wwworld Facilities and Capabilities, because are not all governments loaded down and fatally compromised with dirty little great secrets which if known by the masses would have them and their friends and backers hanging lifeless from trees. Surely only a retard would imagine that to be a group worthy to be known to be associated with and helping, and thus does a dodgy establishment model have something of a major problem to resolve in order to attract the right sort of crack hacker and virtual boffin, for its leading IT spaces are not suitable at all for the less that well gifted and honest and true.
There are though a number of issues which raise an enigmatic dilemma and something of a engaging enough conundrum which established systems seeking virtual defence capabilities and facilities will find difficult to impossible to resolve without accepting that they have lost the plot and command and control of future global eventing and would now be as interested enthusiastic spectators in the madding crowd rather than rising stars on the field of play.
For example...... unless one knows how to attack successfully, which be stealthily and relatively anonymously with a remote control of systems nowadays, is one unable to offer any effective defence at all, and ...... once one has identified fundamental catastrophic systemic weaknesses for vulnerability exploitation and leading collapse programs, would one be wise or wish to share them with corrupt and perverse, abusive and punitive systems admin for peanuts, if fortunes be easily made elsewhere with others more interested in a global change of power to new leaderships and a paradigm shift in the status quo position ....... although one may be inclined to reconsider any radical move to ensure a fundamental change which helps a new leading player if offered ab fab fortunes to ensure that change leadership is retained by existing lead teams albeit with command and control direction and [NEUKlearer HyperRadioProActive IT Power] elite expertise provided by that which is being handsomely paid regular fortunes for spending that ensures and assures failsafe convivial success and insures defeat against unworthy allcomers who would be dabbling in fields of extreme power brokering.
The government can't even control the tangible let alone the intangible....sort out the financial/banking system for starters!
The government would have us believe the Brits are at the forefront/leaders in this cybercrime (virtual) field.... What planet are they on....Ed the Red believes he has the power to influence free market energy pricing - Cameron believes he can influence control over the European Union.......also if this new elite squad is as effective as the Fraud Squad then God help us....
We should not underestimate the threat but as you allude to employing savvy hackers or facilitating their skills to inflict damage on other governments may come back to bite us. Those of that persuasion might be easily 'turned' In this 'free world' money is power/king!
Defend against attacks? - OK. Counter-attack? - maybe. Strike in support of attacks with regular munitions? - hmmm.
What bothers me about that idea is that we may end up in the same situation as we've been in the past, where a massive bombardment to soften up the enemy prior to an attack didn't actually do much.
The trouble is that we won't know for sure that the enemy facilities have truly been taken out, as opposed to being temporarily switched off or even switched to backup capabilities.
What's more reliable is the judicious application of high-velocity an/or explosive projectiles.
Sounds like an not unreasonable attempt to understand and control the nature and methods of attacks on their own systems by the people who have - or may potentially - attack their systems. Basically, bribe your enemies soldiers to work for you instead.
Trouble is, now we know what we know about NSA/GCHQ, its no longer clear who are the good guys and who are the bad guys.
That means they will be using obsolete equipment that has been in store for years (Acorns?)
Their trainers will be end of career types who often are not very interested and they will be meeting on a Wednesday night in the village hall.
For extra money they will get the odd bit of exciting weekend training in a cold damp mosquito infested wood somewhere in Britain.
I can see great things coming of this!
Why doesn't UKGov just repurpose some of the NSA employees at Bletchley, instead?
Biting the hand that feeds IT © 1998–2019