Regarding the post last Saturday about the proposed joint DHS/NSA program, I wandered across a few other interesting notes.In a letter to to the Bush administration, Rep Bernnie Thompson (Chairman of the House Homeland Security Committee) politely asked "WTF mates?" Seems like repeated requests by he and his committee to get any sort of information have been repeatedly ignored.
More details can be read in an article here.
Thompson - whose panel oversees the Homeland Security Department, which would run the initiative - said he was unaware of the program's existence until it was revealed by The Sun in a Sept. 20 article.So a program that has been in design phase for many months (if not years) which is expected to run for at least seven years and cost billions of dollars, which will require a revamping of the NSA charter and which involves access to highly sensitive personal information of everybody who is using The Internets transiting US geography - this is US citizens - is running silent and deep.
A Homeland Security spokeswoman said Chertoff had received Thompson's letter, which was dated Monday, and would respond "in a timely fashion."
"We do agree that cybersecurity is a very important issue, and that is why since the beginning of this congressional session DHS has provided more than a half a dozen briefings to the House Homeland Security Committee on cyberthreats and related issues," said the spokeswoman, Laura Keehner.
No indication of legal authority to even run the show. No indication that evidence gathered will even be usable when weighed against the remaining fourth amendment constitutional rights we still have. No notion of utility - how and what are they going to do?
That is what I want to know. Getting the data is surprisingly easy. Making intelligent decisions based on this collection of flows and application data can be quite difficult. Using the infrastructure to spy on people is trivial. Rather amusing in a cynical sort of way.
And we do trust them, yes?
The first part of the implementation seems to be a continuation of the Einstein program which is geared to globally monitor US government networking resources. This would be in conjunction with the OMB plan to reduce the number of POP sites hooking up government networks with the internet proper. No issues with this - we have seen budget and planning indications for this above the table. Government gets to monitor government networks. No expectation of privacy there(!).
What I am hearing though is this:
Policymakers have become increasingly alarmed at the vulnerability of trains, nuclear power plants, electrical grids and other key infrastructure systems, which rely on Internet-based controls that could be hijacked remotely to produce a catastrophic attack.Monitoring internet traffic will not actually address these issues. What exactly is the point of this program? Network monitoring sounds good and can be quite powerful in addressing some classes of attacks. I am not all that confident that it is the right tool to address issues related to real large scale threats to our resources. Nation-State level threats require smart responses rather than large responses. Sophisticated zero day attacks against high value targets are currently blindingly successful. Perhaps not tomorrow? Not sure.
Recent attempted attacks on Pentagon and other government computer systems have heightened concerns about holes in government networks, as well.
PAB will awake soon, so I must go mop the floor.
No comments:
Post a Comment