Cybersecurity. Mmmmmm. More accurately, network monitoring.
Why should anybody care about such a thing? For the same reason why you should care about people opening your mail and listening in on your phone conversations. Privacy. Not that we have much in the way of that any more. Between embedded gps chips in newer cell phones, and the fast track devices that allow high speed transit across bridges, we as a society seem to be comfortable with the idea that your location is significantly less anonymous than it was even 5 years ago.
But enough of that. What I am talking about is the detailed active monitoring of internet activity in a non-directed way. This sort of dragnet activity is in direct opposition to the warrant driven CALIA actions that I have ranted about in the past. Fishing with dynamite if you will.
We start in the usual place - a request for money. On November 6 there was a request by White House officials for an additional $154 million to do two things - the first part ( $115 million) is to push forward the DHS 'Einstein' program which will be used to monitor government networks for worms and other traffic. I have opinions about this program that involve strong, salty language but for the time being all I will say is that DHS went around to other groups that had strong cybersecurity programs and asked how they did what they did. An excellent idea which should be held up as an example of doing something right, but what they seem to be looking for is so 2005, that it makes me a little squeamish.
The other far more interesting side of this is $39 million for additional DOJ monitoring activity. These are the same clowns who are targeting way more than just terrorists with their work. Remember that this is money that is earmarked for non-classified activity.
Justice, meanwhile, would receive $39 million to help the FBI investigate incursions into federal networks, increase intelligence analysis and provide technical tools for investigations and analysis.Still awake?
"These are two things that are most successful and needed money," said Paller. "There will be a huge amount of money spent on cyber projects and I believe this is the budget for public facing part. The rest will be in the black budget."
So this is what is bothering me. Looking at the actual budget requests and modifications, we see that there is $282 million requested for cybersecurity counter-terrorism activity to be spread across the two agencies. Now, they have all the governmental networks (probably not all, but the public facing ones) covered under the Einstein blanket, so who is left? Lets play a quick game. The players are gov military, gov non-military, commercial and international. DHS and DOJ want to do more pervasive netwok monitoring under the vernacular of their anti-terrorism mission. Gov-military tells them to piss up a rope since they are the fucking military and will do whatever they want to. International has been officially covered by the NSA quite well thank you and they don't need any little newby agency messing up their fun and games looking for worms or whateverthefuck. Gov non-military is covered by Einstein. Shudder - I hate that name...
Ok so we will be looking for terrorists on the commercial networks.
Besides for blindingly evil politically skulduggery (which we can only assume), there are only two reasons why we might be doing this. The first is rather sad:
"They know monitoring works and they want more monitoring," said Alan Paller, director of research at the Sans Institute. "The money will be used to get out more monitoring more quickly and do more analysis of the data. That is useful and necessary because what they discovered is the federal perimeter is broken. One of few ways to find bad guys in [the] perimeter is a more intent analysis of traffic coming out of the computers."it is the embodiment of an ignorant person hoping that more data will be better than less data. Is this good? As a marginally informed person on this topic you get a big maybe. Depends on who is looking at the data.
The other is a little more pragmatic:
US-China Economic and Security Review Commission's annual report to Congress says "Chinese espionage activities in the US are so extensive that they comprise the single greatest risk to the security of American technologies." The report recommends investigating whether China's own military technology is benefiting from US research conducted in China. The report also says that the Chinese military is developing the capability for launching cyber attacks that could have the "magnitude of a weapon of mass destruction."Last thing. Where does the additional money come from? You will really like this:
To pay for the launch of the initiative, Bush proposed cutting back several homeland security and law enforcement programs, including funding for the Coast Guard, Hurricane Katrina rebuilding, border security, Homeland Security's inspector general's office and the Federal Emergency Management Agency.Bitches.
Kevelighan said that shifting that money to cyber security and other counterterrorism programs would "utilize funding resources more effectively."
No comments:
Post a Comment