July 01, 2009
Friday, July 3, 2009
Coordinator in chief (C4ISR Journal)
July 01, 2009
Cyberactions plan (C4ISR Journal)
Thursday, July 2, 2009
Defend America, One Laptop at a Time (NY Times)
Cambridge, Mass.
http://www.nytimes.com/2009/07/02/opinion/02goldsmith.html
OUR economy, energy supply, means of transportation and military defenses are dependent on vast, interconnected computer and telecommunications networks. These networks are poorly defended and vulnerable to theft, disruption or destruction by foreign states, criminal organizations, individual hackers and, potentially, terrorists. In the last few months it has been reported that Chinese network operations have found their way into American electricity grids, and computer spies have broken into the Pentagon's Joint Strike Fighter project.
Acknowledging such threats, President Obama recently declared that digital infrastructure is a "strategic national asset," the protection of which is a national security priority.
One of many hurdles to meeting this goal is that the private sector owns and controls most of the networks the government must protect. In addition to banks, energy suppliers and telecommunication companies, military and intelligence agencies use these private networks. This is a dangerous state of affairs, because the firms that build and run computer and communications networks focus on increasing profits, not protecting national security. They invest in levels of safety that satisfy their own purposes, and tend not to worry when they contribute to insecure networks that jeopardize national security.
This is a classic market failure that only government leadership can correct. The tricky task is for the government to fix the problem in ways that do not stifle innovation or unduly hamper civil liberties.
Our digital security problems start with ordinary computer users who do not take security seriously. Their computers can be infiltrated and used as vehicles for attacks on military or corporate systems. They are also often the first place that adversaries go to steal credentials or identify targets as a prelude to larger attacks.
President Obama has recognized the need to educate the public about computer security. The government should jump-start this education by mandating minimum computer security standards and by requiring Internet service providers to deny or delay Internet access to computers that fall below these standards, or that are sending spam or suspicious multiple computer probes into the network.
The government should also use legal liability or tax breaks to motivate manufacturers — especially makers of operating systems — to improve vulnerability-filled software that infects the entire network. It should mandate disclosure of data theft and other digital attacks — to trusted private parties, if not to the public or the government — so that firms can share information about common weapons and best defenses, and so the public can better assess which firms' computer systems are secure. Increased information production and sharing will also help create insurance markets that can elevate best security practices.
But the private sector cannot protect these networks by itself any more than it can protect the land, air or water channels through which foreign adversaries or criminal organizations might attack us. The government must be prepared to monitor and, if necessary, intervene to secure channels of cyberattack as well.
The Obama administration recently announced that it would set up a Pentagon cybercommand to defend military networks. Some in the administration want to use Cybercom to help the Department of Homeland Security protect the domestic components of private networks that are under attack or being used for attacks. Along similar lines, a Senate bill introduced in April would give the executive branch broad emergency authority to limit or halt private Internet traffic related to "critical infrastructure information systems."
President Obama has tried to soothe civil liberties groups' understandable worries about these proposals. In the speech that outlined the national security implications of our weak digital defenses, the president said the government would not monitor private sector networks or Internet traffic, and pledged to "preserve and protect the personal privacy and civil liberties we cherish as Americans."
But the president is less than candid about the tradeoffs the nation faces. The government must be given wider latitude than in the past to monitor private networks and respond to the most serious computer threats.
These new powers should be strictly defined and regularly vetted to ensure legal compliance and effectiveness. Last year's amendments to the nation's secret wiretapping regime are a useful model. They expanded the president's secret wiretapping powers, but also required quasi-independent inspectors general in the Department of Justice and the intelligence community to review effectiveness and legal compliance and report to Congress regularly.
Many will balk at this proposal because of the excesses and mistakes associated with the secret wiretapping regime in the Bush administration. These legitimate concerns can be addressed with improved systems of review.
But they should not prevent us from empowering the government to meet the cyber threats that jeopardize our national defense and economic security. If they do, then privacy could suffer much more when the government reacts to a catastrophic computer attack that it failed to prevent.
Jack Goldsmith, a professor at Harvard Law School who was an assistant attorney general from 2003 to 2004, is writing a book on cyberwar.
Wednesday, July 1, 2009
U.S. Official: Cybersecurity Plans Not Just Talk (internetnews.com)
By Kenneth Corbin
July 1, 2009
NATIONAL HARBOR, Md. -- Amid all the recent talk in Washington about getting serious about cybersecurity, some skeptics have expressed concern that it might be just that -- all talk, followed by little action.
But a senior White House official this morning official promised an audience of security professionals that unlike past federal reviews, which have been criticized for making promises that policymakers didn't keep, this time is different.
Speaking at research firm Gartner's annual Information Security Summit, Christopher Painter, the National Cybersecurity Council's director of cybersecurity, outlined the steps the Obama administration is taking to move ahead with the recommendations of a 60-day review the president commissioned earlier this year.
In a speech accompanying the release of the review in May, Obama outlined a multi-prong plan to tighten up the nation's cyber defenses, including the formation of a new position to coordinate cybersecurity policy across the agencies, Congress and the private sector.
But despite Obama's assurance that the cybersecurity coordinator would have his full support and regular access to the Oval Office, critics have speculated that the position is too far down the bureaucratic pecking order to have any real clout. In practice, they warn, the role might end up little more than a glorified cheerleader.
Painter promised otherwise.
"The cyber coordinator is going to be more than just a figurehead," he said. "We really have to deliver on the action plan."
The previous two administrations have made noise about cybersecurity, including a policy review President Bush ordered in 2001, which resulted in a strategy directive two years later. But Painter noted that those efforts didn't come with the mandate of a White House address, a jump-off point that he said elevated the issue to a chief policy priority.
"That's really a watershed event," Painter said of Obama's speech. "That really sets the tone, not only in this country, but around the world."
He added, "We had a strategy in 2003, but you didn't have the president coming out and giving a speech on this, and that's really, really important."
In that address, Obama made the case that defending critical infrastructure against online threats is as much an economic priority as it is a security issue.
That was reflected in the structuring of the cybersecurity coordinator position, which will serve on both the National Security Council and the National Economic Council. He has yet to fill the position.
Obama's efforts to bring cybersecurity into the mainstream fit with many of his other policy initiatives, where he is trying to apply technology solutions to areas like energy and health care. The idea of connecting the power grid to an interoperable network, while alluring for the energy savings it could yield, could have disastrous results if hackers were able to infiltrate the system and knock it offline. Similarly, the grand vision of an IT-based health care system where patients' records are digitized and doctors can provide treatment to patients in remote areas through robust networks could quickly unravel if the technology were compromised.
"It's really important to have security baked in from the beginning," Painter said.
That goes for government, too. Other members of Obama's tech team, particularly Aneesh Chopra and Vivek Kundra, who respectively fill the new positions of federal CTO and CIO, have been talking loudly about bringing new technologies to the federal computing apparatus to make it more efficient and collaborative.
[cob:Special_Report]As Chopra, Kundra and others tinker with new Web 2.0 technologies and moving the federal IT infrastructure to the cloud, Painter said they will work closely with the new cybersecurity coordinator to ensure that the government is leading by example.
"The cybersecurity coordinator is going to work very closely with [Obama's] CTO and CIO," he said. "The idea is, when we're thinking about these new technologies, we're thinking about security."
Painter stressed the need to partner with foreign countries to develop a coordinated approach to combat cyber threats. He spoke of the "weakest-link problem," where hackers will scour the globe to find a nation with lax cyber defenses, and route their attacks through servers in that nation to reach their ultimate target.
"It is clear that given the ubiquitous borderless nature of computer systems and computer networks that it doesn't matter if we do everything right" if other nations aren't on board, he said. "We need to have a dialogue with other countries."
He also spoke of the delicate balance of protecting privacy while maintaining a reasonable level of security in networks that are under continuous threat. Obama has said he will appoint a privacy official to the National Security Council's cybersecurity directorate to help ensure that the government's cyber policing efforts don't run roughshod over Americans' civil liberties.
The two aren't mutually exclusive, Painter said, pointing out that properly securing the systems that house personal information such as health records will keep people's sensitive data private.
"It's not a zero-sum game," he said. "If we're doing this right, we're enhancing privacy."
A Bustling Week for Cyber Justice (Washington Post: Security Fix)
A Bustling Week for Cyber Justice
This past week has been a bustling one for cyber justice. The Federal Trade Commission announced a settlement in its ongoing case against scareware purveyors; a notorious hacker admitted stealing roughly two million credit card numbers; the Justice Department has charged a software developer from Arkansas with launching a series of debilitating online attacks against several online news sites that carried embarrassing stories about him. Finally, a federal appeals court decision gives security vendors added protection against spurious lawsuits by adware companies.
-- Last week, the FTC said it had settled with James Reno and his company ByteHosting Internet Services LLC. Both were named in the commission's broad sweep last year against purveyors of "scareware," programs that uses bogus security alerts to frighten people into paying for worthless security software.
The settlement imposes a judgment of $1.9 million against Reno and Bytehosting, yet the court overseeing the case suspended all but $116,697 of that fine, "based on the defendants' inability to pay the full amount."
Six other defendants allegedly involved in the scareware scams face pending charges from the FTC. One of the defendants, a San Francisco man named Sam Jain, is currently the subject of a federal criminal prosecution in California. According to Jain's attorneys, federal prosecutors in Illinois also are preparing to indict him on computer fraud charges related to the scareware distributed by his company, Innovative Marketing. Jain is currently a fugitive from justice.
-- From Wired.com's Kevin Poulsen comes what may be thepenultimate chapter in the prosecution of so-called superhacker Max Ray Butler, also of San Francisco. Butler, 36, faces up to 60 years in prison after pleading guilty to federal wire fraud charges that "he stole roughly two million credit card numbers from banks, businesses and other hackers, which were used to rack up $86 million in fraudulent charges."
Poulsen's story on Butler in Wired Magazine from December 2008 is a page-turner that chronicle's the hacker's successful bid to hack into, take over and ultimately consolidate several online forums dedicated to the theft and sale of stolen credit card numbers. One of the forums he hacked, called "Darkmarket," turned out to be a full-blown undercover sting operation set up by the FBI.
-- In a criminal complaint unsealed yesterday in a New Jersey federal court, the Justice Department charges a software developer from Arkansas with using botnets -- armies of hacked PCs -- to flood several targeted Web sites with so much data that they were at least temporarily unable to accommodate legitimate visitors.
The government alleges that between July 2007 and March 2008,Bruce Raisley launched a series of denial-of-service attacks against Rollingstone.com, and several other Web sites. Among those attacked was perverted-justice.com, a site dedicated to publicly exposing and shaming men who solicit sex from underage boys and girls online. Perverted-justice.com is perhaps best known for its connection to the Dateline NBC show "To Catch a Predator."
Charging documents note that Raisley apparently targeted those two sites and seven others for their publication of stories that retold an embarrassing chapter of his life. According to a July 2007 Rolling Stone article about perverted-justice.com founder Xavier Von Erck, Raisley himself was a former volunteer who helped perverted-justice members ensnare new targets.
At some point, the Rolling Stone article says, Raisley had a falling out with perverted-justice, and launched his own online campaign to depict the site's members as an out-of-control vigilante group. According to the Rolling Stone article, Von Erck "exacted a particularly sadistic form of revenge against" Raisley:
Posing as a woman named Holly, Von Erck began an online flirtation with Raisley, who was smitten enough to leave his wife and rent a new apartment. On the day Raisley went to pick up Holly at the airport, Von Erck sent a friend to snap his photo and posted it with a warning: "Tonight, Bruce Raisley stood around at an airport, flowers in hand, waiting for a woman that turned out to be a man. . . . He has no one. He has no more secrets. . . . Perverted-Justice.com will only tolerate so much in the way of threats and attacks upon us."
Raisley's court-appointed attorney could not be immediately reached for comment.
-- On Friday, the U.S. Ninth Circuit Court of Appeals in Seattle upheld a decision to dismiss a case brought in 2007 by Bellvue, Wash., based adware maker Zango. The company had sued anti-virus makerKaspersky, charging that Kaspersky interfered with its business by removing Zango's adware without first alerting the user.
The appeals court affirmed that Kaspersky's actions were shielded by the federal Communications Decency Act (CDA). That law contains a "good Samaritan" clause that protects computer services companies from liability for good faith efforts to block material that users may consider objectionable.
Eric Howes, director of malware research at computer security firmSunbelt Software, said admittedly, this decision is not nearly as consequential for anti-malware providers as it would have been three or four years ago, when adware vendors such as Zango and Direct Revenue were regularly threatening anti-spyware providers with legal action and peppering them with cease-and-desist letters on a weekly basis.
"It's a been a while since we received any serious legal threats, although we do still get the occasional protest from software developers whose apps we target as 'low risk,' potentially unwanted programs or tools," Howes wrote on the company's blog. "Nonetheless, the decision is a welcome one, as it extends to Sunbelt and other anti-malware providers the kind of legal cover we need in order to provide our customers and users with strong protection against unwanted, malicious software."
By Brian Krebs | July 1, 2009; 7:00 AM ET
Tuesday, June 30, 2009
Deep-Packet Inspection in U.S. Scrutinized Following Iran Surveillance (Threat Level)
Deep-Packet Inspection in U.S. Scrutinized Following Iran Surveillance
Following a report last week that Iran is spying on domestic internet users with western-supplied technology, advocacy groups are pressuring federal lawmakers to scrutinize the use of the same technology in the U.S.
The Open Internet Coalition sent a letter to all members of the House and Senate urging them to launch hearings aimed at examining and possibly regulating the so-called deep-packet inspection technology.
Two senators also announced plans to introduce a bill that would bar foreign companies that sell IT technology to Iran from obtaining U.S. government contracts, legislation that is clearly aimed at the two European companies that reportedly sold the equipment to Iran.
The Wall Street Journal reported last week that Nokia Siemens Networks, a joint venture between Germany's Siemens and Finland's Nokia, recently gave Iran deep-packet inspection equipment that would allow the government to spy on internet users.
According to the Journal, Iranian officials have used deep-packet surveillance to snoop on the content of e-mail, VoIP calls and other online communication as well as track users' other online activity, such as uploading videos to YouTube. Iranian officials are said to be using it to monitor activists engaged in protests over the country's recent disputed presidential election, though the Journal said it couldn't confirm whether Iran was using the Nokia Siemens Networks equipment for this purpose or equipment from another maker.
Nokia Siemens has denied that it provided Iran with such technology.
But similar technology is being installed at ISPs in the U.S.
It spurred extensive controversy last year when Charter Communications, one of the country's largest ISPs, announced that it planned to use deep-packet inspection to spy on broadband customers to help advertisers deliver targeted ads.
The plan sparked a backlash and heated congressional hearings. Publicity about the issue died down, however, after Charter retreated from its plan, and Congress moved on to other matters. But deep-packet inspection didn't go away.
ISPs insist they need it to help combat spam and malware. But the technology is ripe for abuse, not only by ISPs but also by the U.S. government, which could force providers to retain and hand over data they collect about users.
In its letter to lawmakers (.pdf) urging them to investigate the technology, the Open Internet Coalition delicately avoided placing the U.S. government in the same category as Iran by not mentioning possible U.S. government abuses of the technology.
"We do not believe U.S. network owners intend to interfere with political communications in the way the Iranian government is doing, but the control technologies they are deploying on the internet carry the same enormous power," the Coalition writes. "And, whether an inspection system is used to disrupt political speech or achieve commercial purposes, both require the same level of total surveillance of all communications between end-users and the internet."
At a House subcommittee hearing this year to examine the technology, Rep. Rick Boucher (D-Virginia) also expressed alarm.
"The thought that a network operator could track a user's every move on the Internet, record the details of every search and read every e-mail or attached document is alarming," he said.
With regard to the sale of the technology to Iran, Sens. Charles E. Schumer (D-New York) and Lindsey Graham (R-South Carolina) attempted to address the Nokie Siemens issue with a bill that would prevent foreign companies selling sensitive technology to Iran from either obtaining new government contracts or renewing existing ones, unless they halt their exports to Iran.
According to NextGov, Nokia did more than $10 million in business with the U.S. government between 2000 and 2008; Siemens has nearly 2,000 U.S. government contracts and obtained $250 million in U.S. government contracts this year alone. Nokia Siemens Networks currently has more than $5 million in U.S. government contracts.
Neither Schumer nor Graham mentioned how such a law would be enforced if foreign companies used proxies to sell their products to Iran to circumvent the regulation.
The U.S. government embargo against U.S. companies selling to Iran is one of the tightest. The embargo currently prevents any U.S. individual or company from obtaining a license to sell goods and technologies to Iran that could be used for, among other things, missile proliferation purposes, chemical and biological warfare proliferation, human rights and crime control. The embargo, however, has done little to prevent Iran from obtaining U.S. technology anyway.
In the meantime, consumers called for a boycott of Nokia and Siemens products. And Hands Across the Mideast Support Alliance (HAMSA) has organized a writing campaign urging users to send a protest letter to Nokia. According to the organization's site, nearly 4,000 people have acknowledged sending the letter so far.
NSA EDGES OUT OTHERS IN CYBER COMMAND CONTROL (Defense Tech)
NSA EDGES OUT OTHERS IN CYBER COMMAND CONTROL
Last week Defense Secretary Robert Gatesordered U.S. Strategic Command (StratCom) to deliver a plan to stand-up a new command to oversee information technology security and attack – what would be known as "Cyber Command." This is in addition to President Obama's announcement last month that he will establish a new cyber security office at theWhite House. The historic event took place on Tuesday, June 22nd.
As one could imagine, this is no small task. StratCom has just a little over sixty days to accomplish this mission. The plan to create this new entity operating within the Department of Defense and lead by a 4-star general is due to the Defense Secretary by September 1st. According to Gates' timeline, Cyber Command is expected to be up and operational by October 1, 2009, and fully functional one year later. An internal memo from Gates to senior Pentagon officials stated that he intends to recommend that Lt. Gen. Keith Alexander, the current director of the National Security Agency, take on the role as commander of the Cyber Command with the rank of a four-star general.
What this will actually cost is anyone's guess. Current thinking is that the budget to just establish the new command through year's end could reach as high as $200 million. Longer term, the cost of cyber intelligence, defense and offensive capabilities are estimated to be around $55 billion annually. This will create our offensive cyber forces and capabilities and defend the over 100,000 DoD Networks and 5 million DoD computers against cyber attack. One might say it is just a drop in the bucket of a 2009 DoD budget that topped $515 billion.
The United States is not the only country making this move. The UK defense ministry announced plans to establish an office of cyber attack and defense but gave no hard date when it would be operational. Britain's GCHQ (Government Communications Headquarters, their equivalent of the NSA) seems to be well underway in fully developing their cyber capabilities. In addition, the defense ministry of South Korea has also announced plans to establish a cyber command by 2012.
Internal cooperation is critical for cyber incident investigations and event attribution. As more and more countries establish a focal point for cyber defense, the greater the opportunity to conduct these investigations and accurately identify those behind cyber attacks.
StratCom Plows Ahead on Cyber (DoD Buzz)
StratCom Plows Ahead on Cyber
http://www.dodbuzz.com/2009/06/29/stratcom-plows-ahead-on-cyber/
You are the commander of Strategic Command, charged with coming up with an implementation plan for the new cyber command within 60 days. But there's going to be a new head of cyber command, a four-star just like you, and Lt. Gen. Keith Alexander has the Big Mo on his side. And Alexander is known as an almost crazily foxy guy who has rebuilt the NSA and will be largely dependent on folks from NSA for most of his capabilities. Air Force Gen. Kevin Chilton is known as one of the brainiest generals around. Hmmm. Who's going to win this bureaucratic game will be great fun to watch.
For some idea of just what may lie ahead, have a look at this April 7 speech by Chilton, which has been quoted by the two cyber warriors with whom I speak. This is not about improving the country's IT capabilities in terms of efficiency and information sharing. This is about life and death on the battlefield.
"It's not a convenience any more, it's a dependency. We need to recognize that we need this domain and we need these systems to conduct our fight today and tomorrow. We need to recognize that we can fight in this domain just as an air-to-air fighter can fight in the air domain; and we can fight through this domain and affect other domains just as an airplane can drop a bomb on a land domain and create affects across a domain. And as commanders we must appreciate the vulnerability of this domain, not just its importance. We have to transition from a culture of convenience to a culture of responsibility. We must recognize vulnerability — the vulnerability that one system can create here on the other side of the world, not just locally," Chilton said. For more on this, have a look at Kevin Coleman's piece below from Defense Tech.
Last week Defense Secretary Robert Gates ordered U.S. Strategic Command (StratCom) to deliver a plan to stand-up a new command to oversee information technology security and attack – what would be known as "Cyber Command." This is in addition to President Obama's announcement last month that he will establish a new cyber security office at the White House. The historic event took place on Tuesday, June 22nd.
As one could imagine, this is no small task. StratCom has just a little over sixty days to accomplish this mission. The plan to create this new entity operating within the Department of Defense and lead by a 4-star general is due to the Defense Secretary by September 1st. According to Gates' timeline, Cyber Command is expected to be up and operational by October 1, 2009, and fully functional one year later. An internal memo from Gates to senior Pentagon officials stated that he intends to recommend that Lt. Gen. Keith Alexander, the current director of the National Security Agency, take on the role as commander of the Cyber Command with the rank of a four-star general.
What this will actually cost is anyone's guess. Current thinking is that the budget to just establish the new command through year's end could reach as high as $200 million. Longer term, the cost of cyber intelligence, defense and offensive capabilities are estimated to be around $55 billion annually. This will create our offensive cyber forces and capabilities and defend the over 100,000 DoD Networks and 5 million DoD computers against cyber attack. One might say it is just a drop in the bucket of a 2009 DoD budget that topped $515 billion.
The United States is not the only country making this move. The UK defense ministry announced plans to establish an office of cyber attack and defense but gave no hard date when it would be operational. Britain's GCHQ (Government Communications Headquarters, their equivalent of the NSA) seems to be well underway in fully developing their cyber capabilities. In addition, the defense ministry of South Korea has also announced plans to establish a cyber command by 2012.
Internal cooperation is critical for cyber incident investigations and event attribution. As more and more countries establish a focal point for cyber defense, the greater the opportunity to conduct these investigations and accurately identify those behind cyber attacks.
Monday, June 29, 2009
Obama and Cyber Defense (WSJ)
Government should protect our e-infrastructure.
In a Monty Python skit from 1970, the Vercotti brothers, wearing Mafia suits and dark glasses, approach a colonel in a British military barracks. "You've got a nice army base here, Colonel," says Luigi Vercotti. "We wouldn't want anything to happen to it." Dino explains, "My brother and I have got a little proposition for you, Colonel," and Luigi elaborates, "We can guarantee you that not a single armored division will get done over for 15 bob a week."
If the idea of the military having to pay protection money to the mob seems silly, imagine what Monty Python could do with last week's White House decision on security. It announced a new "Cyber Command" to protect information infrastructure, but stipulated that the military is allowed to protect only itself, not the civilian Internet or other key communications networks. When President Barack Obama announced the plan, he stressed that it "will not -- I repeat -- will not -- include monitoring private-sector networks or Internet traffic." It's like telling the military if there's another 9/11 to protect the Pentagon but not the World Trade Center.
The announcement shows that our political system is still ambivalent about how to defend communications networks such as the Internet. We expect privacy, but we know that intrusive techniques are required to protect the system from cyber attacks. How to balance privacy with preventing attacks that would undermine the system altogether?
It's an open secret that the National Security Agency (NSA) must operate through civilian networks inside the U.S. in order to prevent millions of cyber attacks every year by foreign governments, terror groups and hackers. Likewise, the NSA must follow leads through computer networks that run through innocent countries. "How do you understand sovereignty in the cyber domain?" asked James Cartwright, vice chairman of the Joint Chiefs of Staff, in a recent speech. "It doesn't tend to pay a lot of attention to geographic borders."
The risks are real. Cyber attacks on Estonia and Georgia by Russia in recent years forced government, banking, media and other Web sites offline. In the U.S., the public Web, air-traffic control systems and telecommunications services have all been attacked. Congressional offices have been told that China has broken into their computers. Both China and Russia were caught having infiltrated the U.S. electric-power grid, leaving behind software code to be used to disrupt the system. The risk of attacks to create massive power outages is so serious that the best option could be unplugging the U.S. power grid from the Internet.
The military is far ahead of civilian agencies such as Homeland Security and is now focused on cyber offense as well as defense. Cyberspace, says Gen. Kevin P. Chilton, commander of the U.S. Strategic Command, is the new "domain," joining the traditional domains of air, land and sea. Each is a focus for both defense and attack. The U.S., a decade behind China, is now officially focused on using cyber warfare offensively as well as defensively.
The U.S. is an inventive nation, so we'll get to the right answer on security if we ask the right questions. What if the only way the military can block a cyber attack is to monitor domestic use of the Web, since foreigners use the Web to launch cyber attacks? What is a "reasonable" search in a virtual world such as a global communication network? What's the proper response to cyber attacks?
If cyber war is a new form of war, wouldn't most Americans adjust their expectations of reasonable privacy to permit the Pentagon to intrude to some degree on their communications, if this is necessary to prevent great harm and if rules protecting anonymity can be established? Finally, wouldn't it be better for politicians to encourage a frank discussion about these issues before a significant attack occurs instead of pretending there are no trade-offs?
Only the NSA, which operates within the Defense Department, has the expertise to protect all U.S. networks. It has somehow found ways to mine needed data despite pre-Web rules that restrict its activities domestically. But the question remains: How can the military get enough access to private, domestic networks to protect them while still ensuring as much privacy as possible? One logical approach is for Homeland Security to delegate domestic defense to the NSA, but for the domestic agency to maintain enough responsibility to have political accountability if privacy rights get violated in the process.
We'll look back on the current era, with the military constrained from defending vital domestic interests, as an artifact of an era when it was easy to point to what was foreign and what was domestic. In the digital world, as the cyber threat shows, physical distinctions such as political borders are unhelpful and can be dangerously confusing.
Google mistakes Michael Jackson searches for cyber attack (
Google mistakes Michael Jackson searches for cyber attack
- Author:
- Warwick Ashford
- Posted:
- 14:56 29 Jun 2009
As word spread of Michael Jackson's death there was a "meteoric rise" in related searches.
"Search volume began to increase around 2:00pm (PDT), skyrocketed by 3:00pm, and stabilised by about 8:00pm," Google product manager RJ Pittman said in a blog post.
According to Pittman, last week also saw one of the largest mobile search spikes ever seen, with five of the top 20 searches about Jackson
As a result, for about 25 minutes, when some people searched Google News they saw a "We're sorry" page before finding the articles they were looking for, said Pittman.
The surge in demand for news and information about Michael Jackson hit most US news sites, with many taking more than double the usual time to respond.
Microblogging site Twitter was forced to disable some functionality on the network to keep the service working.