Michael Chertoff, head of the Department of Homeland Security, is back in the headlines with comments on Einstein 3.0, the department's latest effort to protect cyberspace. Sadly, as I read through the articles, the only thing I could think of were bad jokes.
Let me give one example. Chertoff states the system "would literally, like an anti-aircraft weapon, shoot down an attack before it hits its target," he said. "And that's what we call Einstein 3.0."
To judge from recent personnel appointments, it's pretty clear Chertoff doesn't much value technical experience where cyber-security is concerned. So I'd like to introduce him to the concept of a firewall. For the unaware, these are common products, available for more than a decade, and are included already in many operating systems. They prevent attacks from reaching their targets.
Despite the administration's demonstration that they don't value security experience, they really cannot be this naïve. At least I hope not.
Let's trace this back a couple iterations. Einstein 1.0 occurred when the government decided to remove most of its access points to the Internet. That was long overdue, and a basic security practice that many companies have been implementing for more than a decade. From there, the government implemented intrusion detection (Einstein 2.0). Now, as DHS looks to go even further and proactively stop attacks, these would-be protectors will have to expand their thinking well beyond the concept of a firewall.
Maybe Chertoff wants to go into the civilian Internet and take proactive or reactive measures to attack. What Chertoff needs is regulation to require ISPs to stop known attacks, as well as to work with ISPs to shut down the sources of attacks. They, of course, also need the authority to go after computers that are blatantly threatening U.S. systems.
I have regularly stated that ISPs and backbone providers should be responsible for identifying traffic from their users and blocking their traffic. This should be a proactive step for all to take. Everyone should be able to access the Internet, but if their systems are endangering others, then they should lose their rights, in my opinion. The government should have a system in place that notifies the appropriate carriers that their users are performing illegal activities and that their access needs to be blocked or cut off. Many banks are already doing this with phishing attacks.
Of course, when there is no friendly ISP or carrier to contact, the government needs to take some measures to protect itself, and that implies striking back. That is dangerous, but a plan must be put in place. A criminal might break into a critical system and launch an attack from there with the specific intent of provoking a party to retaliate, all to create embarrassment. That shouldn't preclude strike-back, but it does call for a clear process to be put in place.
For everyone's protection, there should be requirements on the appropriate parties to remove offending systems from the Internet. Nobody has the right to endanger others. However, until Chertoff decides to push for this necessary measure, I recommend he pick up a few books on basic firewall security in the meantime.
— Ira Winkler, Former National Security Agency analyst and author of Spies Among Us
This blog is part of Internet Evolution's Security Clan, which looks at the present and future threats to Internet security and the methods being used to defend and protect users and organizations. Register here to join the Security Clan, and you might become eligible to win one of our limited edition T-shirts.
While this is great news that they are finally implementing some type of Detection system whether it is IDS/IPS, or even just an event correlation engine.
I do have one question, as per your statement, and the issue with the Federal Government holding on to well qualified individuals, who is going to run it? Contractors, Sub-contractors, or government paid MSSP?
If it does get to have attack capabilities who will run this as well? Will they have to abide by the rule of war that the DoD is currently undergoing for their ability to create counter-offensive / agressive manuvers? With all the job postings and the new Hire-per-qualifications that the gov't is pushing, I hope that it will be run by true DHS Cyber-Technical personnel, who are bound by Legislation and Legal requirements before attacking or intruding on personal space.
But even if they had a great idea, they wouldn't be able to do anything about it as long as they are in it by themselves. They need to work alongside international agencies and other countries' ISPs. China and Russia, being two of the most attack-originator countries in the World wouldn't like the idea too much (USoA always trying to be the cop of the World) but something needs to be done, at it has to be in an international scene.
In so much of today's culture, it is the thought that counts. For someone to suggest that we should point virtual rockets into cyberspace and prep them to counterattack (before the threat is even identified) shouldn't be too much of a stretch for the American people to swallow.
The concept of a firewall would have been good to introduce a while back, but now the threat is so real that we must take action! We can't risk doing nothing anymore because the cyberthreat is so scary!
Ira, perhaps you should cut DHS some slack. They are just trying to be impressive!
I want to know how exactly you propose to strike back.Your Idea makes sense as you said with friendly ISPs most of whom have implemented or are in the process of implementing Protections against DoS ,Botnets ,etc.
But in case of unfriendly ISPs,what would you do?Launch a DoS attack on the pinpointed Server/Machine? How can you be so certain that is the very machine that is launching the attack and is not acting as a front /Bot for some 3rd party orchestrating these attacks? Today information on this issue is sketchy to say the least .So it would be great hearing from you as to how you would go about tackling this important issue.
Lets say something similar to the Russian Attacks on Estonia/Georgia happens in America, how can we know clearly and correctly who is orchestrating these attacks and just by shutting off one machine/server we will be able to close them out.Having seen the performance of the Storm Botnet I can say that these things are way more rugged than we give them credit for.
I have an interesting idea,lets say you identity with 90% accuracy that this PC/Server which is located with 90% certainty in a certain Area and is orchestrating these attacks-Immediately Identify the closest Power Station and put it out of commision.Now that will leave those attackers in the 'dark'-literally.
I agree with you, Ira -- the federal government can't really come at this so simplistically. It's window-dressing designed to mollify the masses, rather than speak with any real substance to issue that you and I care about.
Especially in an administration renowned for doubletalk and falsehood, it's pretty safe to cynically assume there are some nasty strike-back measures being taken against would-be cyber evil-doers.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
In his recent Congressional testimony, Dennis Blair, the U.S. director of national intelligence, stated that the U.S. is "severely threatened" by cyber attacks and that the recent Google (Nasdaq: GOOG) attacks should serve as a wake-up call.
I keep telling people that if they do everything right, they will be generally secure. I like to think I do everything right myself to minimize the likelihood of being hit by malware. I avoid going to unusual sites. I don’t click on links in strange emails. When reading normal emails, I verify any embedded links, just in case.
The U.S. Department of Homeland Security is going on a hiring spree. They intend to hire more than 1,000 cybersecurity experts over the next three years.
Given all the issues we have with cybersecurity, it amazes me that every time there is a government effort to improve security, it always involves calls for more research. Such is the case with the proposed Cybersecurity Enhancement Act.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
In the final episode of this series about the death of Internet anonymity, Saunders describes how the Internet of the future will start to attain a level of intelligence that requires no human intervention. Scary.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
More companies are trolling social networks to find and vet potential job candidates. Beware the pitfalls of blurring the line between personal and professional lives.
It is 20 years since the invention of the World Wide Web, and the Internet has changed beyond recognition since then. Steve Saunders peers into the future to predict what the Web will look like in another 20 years time – and he doesn’t like what he sees.
Data mining of social networks means people might face unforeseen consequences as a result of their seemingly innocuous personal choices and associations.
Microsoft reportedly has plans to integrate Windows Live and even Xbox with Windows Mobile. That may provide them a strategic advantage, but what will the cost be to your privacy? Tom explains all.
Both the federal intelligence agencies and the metropolitan police forces are likely monitoring your social networks. So should you lay low, or make it worth their while?
Research shows that the youth of today like Facebook – but not blogging or Twitter. Does that mean Facebook has won, or just that it's not yet out of favor? Will all the services we see today fade into Ovaltine-or-Wheaties status in just a few years?
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
