US Congress wants hack teams for self-penetration The United States Congress this week delved further into the country's cybersecurity preparedness as members introduced two bills designed to protect federal networks and electric power grids from attacks. One bill, dubbed the US Information and Communications Enhancement Act of 2009, would mandate the formation of hacker …
"..would mandate the formation of hacker teams that would actively try to penetrate government networks."
I've said this for years: The only way to prove that a total system is hardened against a kick in the teeth is to give it a kick in the teeth when it's working and see what it does. Then you do it again, then you give it a kidney punch to see if the kick in the teeth has sent it into any kind of hidden vulnerability state.
Nice euphemism. David Threlfall doesn't have as many issues.
Yes, of course vulnerability testing is required and necessary, but then, shouldn't this be part of the design phase and considered in the selection process of various technologies and determinate of the structure of an organisation?
"... shouldn't this be part of the design phase and considered in the selection process of various technologies and determinate of the structure of an organization?" Yes ideally that would have been what happened/happens. However the realities are that it hasn't now and unless all of these bills/agencies/etc etc mandate taking those things into consideration, it never will. Our system as is right now is vulnerable in far to many areas and as such this kind of testing and much more must happen. I agree that it does indeed need to be mandated into future upgrades and certainly into new systems. However that doesn't and indeed shouldn't preclude this kind of testing on an ongoing basis. Because if we do the tests then sit back on our laurels smugly thinking were safe, we will wake up to one huge nasty surprise and all the money spent for tests/upgrades/etc will be be for nothing.
Might be hard for a team of hackers to have all the adrenaline taken off. If you don't have any incentive ... a fat cheque may not be enough ... what is the point you just get back to the old system
What would work may be
Phase 1 hack us and we won't press charges.
Phase 2 hack us and if you manage to cover your tracks we won't press charges.
Phase 3 hack us and we are back to the old scheme but if the intrusion has not been noticed by the time you tell us the guy in charge of the security will be jailed.
That should help everybody to remain focused.
Really? That term is a little silly for a government office. Wouldn't National Office of Information Warfare Preparedness or something be better?
Also, if the group that is doing the pen testing is beholden to the offices it is testing, then the tests are invalid. It must be an independent body that won't have its funding cut when it tries to push for vulnerabilities to be fixed.
...until Big Dick Cheney told a few members on the House floor to "GFY".
At first there was some squealing (like-a-pig) and shrieking (like with rape), but then the Legislative Anatomical Barriers were all Veep-ily overcome in a Spirit of Buy-Partisanship. Such great moans and sights of ecstatic forbidden pleasure (because altogether treasonous) did then nightly emit from the Veep Suite, and Miz Condi's offices too...
Now, in the NeoDawn's early Light, our poor bedraggled and utterly corrupted Corporatized Terrorwar Congress is merely and simply post-eff'd; not even any afterglow left. But "penetrated" certainly is an appropriate word in all but AIPAC/ADL company, too.
Both bills'll most likely get rubberstamped in the dead of night with zero public input nor any manner of constructive, reality-based debate, is my take on it. (Boondoggle, anyone?) Damn shame, too. This'un's no Ninesey-'Levvensey Insider Demolition Collapse Kerfluffle. Those towers were strong and quite well reinforced to begin with; it took lots of Thermate, a leetle bit o' ShadowGov-loyal (aka *criminal*) inter-agency co-operability, and some BIG alibis to pull those three buildings straight down at near-freefall speed.
The digitally-operated US national power grid is not so very robust as the weakest of those three office towers, by all accounts. But gee, the Bush-era Enron Rolling Blackouts sure do concretely illustrate the criminal blackmail threat potential, now do they not? My, my, and Dubya' was Best Friends with ol' Kenny-boy afore fergettin' all about him, wasn't he just?
All in The Family!
Opinion: Someone should right quick now just Cut The Bushes Out From Under the National Grid Structure, just like removing a newly-fingered world-class Bad Apple's prior international immunities is done.
That zero-additional-IT Lawful action, if ever invoked right *quick* before the (black-op) pig flu and errant (black-op) Air Force Ones of this gone-mad age get their acts "topped" by a ShadowGov-instigated continent-sized black-op blackout would imvho reliably tend to protect the entire US grid for many, many years to come against the Worst and Most Capable of the World Criminal Elite's rather large Bad and Capable Personnel inventory.
So really, how much Really New IT is *really* needed in order to put every Power Grid controller and telemetry box's "spare" comms ports into "Stealth Mode"? (ShoreWall FIrewall is free and stands up fine against all manner of Chinese portscans on my own desk, just like Everyone Else's does.)
Add a decent Grid-wide port-knocking protocol, with steady tho' apparently random-scheduled rejiggering of what knokkity-combo opens whose gates when (like Conficker did/does but benign as all Heaven) would just top the initial tighten-um-up phase off just fine, now wouldn't it?
Saw a decent-looking spec for one of those a week ago. For Linux, just like Shorewall. Equally $price-free to own and mod-up to suit, at that.
Aside: All boxcutter blades and Miraculously Surviving Passports can just go back and respectfully, factually address the criminal-elite ShadowGov minds that invented 'em and then forbade all forensic examination of the crime scene, I do declare.
In fact, the rising image of Hedley LaMarr hiring up all his Willing Coalition of baddies to up and lay a can o' whup-ass kerfluffle all over defenseless Rock Ridge for The Railroad's sake per the "Blazing Saddles" line of thematic action is too much to resist. Indeed, by the lights of some few well-credentialled accounts, that comic-played scene still stands as being too true a Cinema-Fictional Metaphoric/Symbolic Parallel to dismiss out-of-hand.
Mark my words: Unless *all* the Oleander Bush scions, sprouts, shoots, seeds and ROOTS are *all* cleaned out from the vicinity of *ALL* such National Necessities *immediately*, the next attack on the US will indeed prove to the no-spin mind (yet again) to have been an Inside Job.
Until that blessed day, I think, Congress can legislate whatever IT bills it sees fit until blueness of face in the 'leccy-less Blackmail Gloom does appear. No remedy until the Connecticut Carpetbaggers of the Lone Star State are at last taken into check and custody, I for one do dare to think and so say.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
