Pentagon Official Reveals Computer Security Breach... As Part Of Effort To Get More Power Over Critical Infrastructure?
from the how's-that-work? dept
You may have seen the various stories making the rounds about how some malicious trojan originally on an unsecured USB key was put into a military laptop in 2008, and then propagated around the military, hitting both classified and unclassified documents. Why is this massive security breach being declassified now? Well, to warn us how scary computer threats out there are:Lynn's decision to declassify an incident that Defense officials had kept secret reflects the Pentagon's desire to raise congressional and public concern over the threats facing U.S. computer systems, experts said.We've already noted that various government officials have been engaging in a massive hype campaign about "cyberwar" threats, in an effort to get more control over certain networks. But there's also a bit of an inter-departmental battle within government agencies over who should get to control these new powers. And, in this case, Deputy Defense Secretary William Lynn's revelation of this security breach is party of his jockeying to make sure that the Pentagon gets more power here, rather than Homeland Security:
He puts the Homeland Security Department on notice that although it has the "lead" in protecting the dot.gov and dot.com domains, the Pentagon -- which includes the ultra-secret National Security Agency -- should support efforts to protect critical industry networks.As Jim Harper points out, however, this is the equivalent of saying we totally failed to protect our own systems, so put us in charge of more:
The failure of the military to protect its own systems creates an argument for it to have preeminence in protecting private computer infrastructure? Perhaps the Department of Homeland Security will reveal how badly it has been hacked in order to regain the upper hand in the battle to protect us.Don't you feel safer?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: defense department, homeland security, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
I disagree
It's ALWAYS about money.
[ link to this | view in chronology ]
Re: I disagree
[ link to this | view in chronology ]
Conspiracy Theory Alert ;)
[ link to this | view in chronology ]
Re: Conspiracy Theory Alert ;)
[ link to this | view in chronology ]
Re: Re: Conspiracy Theory Alert ;)
No matter what nasty thing you suspect the government of doing they are most assuredly doing something worse.
[ link to this | view in chronology ]
Re: Re: Re: Conspiracy Theory Alert ;)
[ link to this | view in chronology ]
Homeland Security doesn't strike me as doing much different than various militaries have have thousands of years of practice in getting wrong.
[ link to this | view in chronology ]
I watched this movie already.
[ link to this | view in chronology ]
Re: I watched this movie already.
Take us to Defcon 1
[ link to this | view in chronology ]
It's probably best in light of that, to keep any 'classified' information on separate networks with no route to the internet - at the very least.
[ link to this | view in chronology ]
Orz
[ link to this | view in chronology ]
Security
what your government is actually doing is worse than
you can ever imagine.
[ link to this | view in chronology ]
How do they possibly think that showing that they are incapable of properly handling their own security shows that they should be in charge of MORE peoples security?
My brain hurts from trying to parse that "logic"
[ link to this | view in chronology ]
Re:
The key to getting more money in power in government is showing need. Step 1, Show that you have the absolute best policy you can BS your way through to get the results you want. Step 2, spend your ENTIRE budget and then some on something having nothing to do with what you need money for (the more you spend the more you get...forget efficient and doing things the right way. Step 3, ask for more money cause obviously if you throw enough money into a bottomless pit you will get favorable results. Step 4, repeat until you win. Step 5, Profit.
[ link to this | view in chronology ]
This wasnt the worst
back years ago there was a hole that existed for 7 years i know and a few others know one UK guy got caught as did ONE american ...why cause they weren't given these tools to look they took them thus did not understand properly how to peek in.
AND YES that meant for 7 years people were having a look around.....and you think a USB stick was bad?
Funny how we got along fine without any added fed powers all that time....FUNNY don't ya think?
P.S. the us govt hired the guy that got caught in the usa, even more funny as the rest of us that didn't.
GO ahead pass the ip along i fear nothing.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Windows is not secure.
Problem solved.
[ link to this | view in chronology ]
Re: Windows is not secure.
An example of a secure networked system:
Keep a network with the data, and one with the decryption key. The data can be an open network. The decryption is a closed network. For example, a laptop without wireless capabilities.
Get a computer, read the data. Disconnect from data network, connect to decryption, read data. Disconnect, then flush intermediary computer.
Without ever guaranteeing that there will not be a virus, (heck, put as many on there as you'd like), the virus has no way to send back meaningful information to anybody.
Bonus points if the encryption is OTP.
[ link to this | view in chronology ]
There Is No Excuse
There is no excuse for senior officers not knowing and acting on these facts. They need to be told from the highest political levels, "Shape up or ship out!" Unless the politicians are willing to develop the political will to make sure the job gets done properly, then the job will continue to be done badly. Politicians are perfectly capable of sacking very senior officers, when they have the will. Hold the politicians accountable.
[ link to this | view in chronology ]
Unicorns
[ link to this | view in chronology ]