On Mon, Jul 9, 2012 at 11:22 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
(note, people ought to: 1) think about this on their own making up their own minds, 2) understand that the press has some very weird ideas, 3) take some better protections on their own, for their own security)
also, I'm not judging the OP nor the reporter nor the ideas espoused in the article/clips...
On Mon, Jul 9, 2012 at 9:46 PM, William Allen Simpson <william.allen.simpson@gmail.com> wrote:
Somebody needs to give them a clue-by-four. The private sector
people keep trying, sometimes it's helped. sometimes reporters need to sell stories :(
already has the "Internet address where an email ... originated";
it's not just email they care about :( (you knew that I think)
it's already in the Received lines. We don't need to be informed about it, we already inform each other about it.
one interesting idea, that has proven out some merit over the years is the ability to share 'incident' data across entry points (say across companies, or gov'ts even) about 'bad things' that are happening.
Take the case of 'spam came in from this end system to my mailserver', if I tell you that (or some central system that which you can query) you'll learn that maybe the inbound connection to you is also spam-rich.
And it's already delivered "at network speed."
the article sort of reads like the above scenario though... maybe it's NOT that, maybe it's something else entirely... it SEEMS that the gov't wants to help. They may be able to, they may just foul things up. The reporter certainly didn't leave enough details in place to tell :(
It is my understanding the Dept of Homeland Security already cooperates in sharing government intrusion information. We certainly don't need a "U.S. spy agency" MITM to "protect the private sector."
<http://en.wikipedia.org/wiki/Einstein_%28US-CERT_program%29>
you may mean? could be... the wikipedias are sometimes wrong, or so says the teacher of my 7yr old.
Moreover, the US is the source of most spam and malware, so the NSA isn't really going to be much help. And the US is the source of the
but hosts in the US that are botted/spamming, also spam/bot other things outside the US, right? so really who cares where the src is, get some data collection points up and use that data to inform your security policy, no? (sure, you'll have to have some smarts, and some smart people, and be cautious... but you'd do that anyway, right? :) )
These folks have some awesome tech for that sort of data collection and analysis: <http://en.wikipedia.org/wiki/SHERIFF>
it's a shame that their parent company can't find a way to monetize that sort of thing. (the article there talks about some older version of the system, which is still alive/well today doing fraud detection and was doing some IDS/anomaly-detection-like work as well for ip network things)
to be fair to vz/mci here, an offline reader pointed me to: <http://newscenter.verizon.com/press-releases/verizon/2011/verizon-teams-with-northrop.html> hey lookie, they sold one :) (hopefully for the sheriff folks, they can do more of this, it really is cool)
only known cyber attacks on other country's infrastructure, so it's not likely much help there, either. Unless they expect retaliation?
===
http://in.reuters.com/article/2012/07/10/net-us-usa-security-cyber-idINBRE86...
U.S. spy agencies say won't read Americans' email for cybersecurity 8:48pm EDT
By Tabassum Zakaria and David Alexander
WASHINGTON (Reuters) - The head of the U.S. spy agency that eavesdrops on electronic communications overseas sought on Monday to reassure Americans that the National Security Agency would not read their personal email if a new cybersecurity law was enacted to allow private companies to share information with the government. ...
But to help protect the private sector, he said it was important that the intelligence agency be able to inform them about the type of malicious
translated: "Hey, what if we could tell our private sector partners (Lockheed-Martin, for instance) that they should be on the lookout for things like X, or traffic destined to Y, or people sending all their DNS queries to these 5 netblocks." (dcwg.org sorta crap)
that doesn't sound 'bad', it sounds like there is a gap in the business world to wrap all this data up and sell access to it... but the gov't can jump in with their mountains of data from their 'einstein' or whatever and go to town protecting their 'partners' who have often close interactions with the gov't, right?
software and other cyber intrusions it is seeing and hear from companies about what they see breaching the protective measures on their computer networks.
adding to the above: "What if we had an API such that you could feed your collected alarm/alert/badness data to us as well? and we could feed that back into our system, protect ourselves AND send it back out to the other partners?"
again, that's not that bad, really it sounds pretty cool... only if MCI could have found a way to productize and monetize that... which we built for them too :( but I digress.
"It doesn't require the government to read their mail or your mail to do that. It requires them, the Internet service provider or that company, to tell us that that type of event is going on at this time. And it has to be at network speed if you're going to stop it," Alexander said.
alexander is loose with his pronouns, which makes this worse... in reality: "send your alarm data to our system, hurrah!", PROBABLY this could include large ISP people if the pricing (or regulatory world were right), these folks COULD of course limit that to 'business isp traffic only', maybe.
this sounds a little less on the ball though, so I'll blame bad reporter-translation, and hope that Alexander really meant: "Our partners in the industry, who help supply us and build our widgets for us, would be enabled to send data into our API..."
He said the information the government was seeking was the Internet address where an email containing malicious software originated and where it traveled to, not the content of the email.
I'm sure this was simply an example... and the reporter jumped on it like a carnivore, poor job reporter! :(
...
But the U.S. government is also concerned about the possibility of a cyber attack from adversaries on critical infrastructure such as the power grid or transportation systems.
yes, put in the boogie-man! also, keep in mind that CI things are ... in a horrid state, and as it turns out the folk running it are ostriches :(
-chris