A topic that I have been writing about for some time has once again stuck it's head up and flipped me off, so here we go again...
For quite a while I have been writing about the growing movement within government to develop the infrastructure and capability to monitor all in house network communications. Short version:
You are sick of hearing about this I realize, but there is a 'frog slowly boiling in a pot of water' activity going on and I feel the need to share my frustration over it as well as a little paranoia.
The classified joint directive, signed Jan. 8 and called the National Security Presidential Directive 54/Homeland Security Presidential Directive 23, has not been previously disclosed. Plans to expand the NSA's role in cyber-security were reported in the Baltimore Sun in September.
According to congressional aides and former White House officials with knowledge of the program, the directive outlines measures collectively referred to as the "cyber initiative," aimed at securing the government's computer systems against attacks by foreign adversaries and other intruders. It will cost billions of dollars, which the White House is expected to request in its fiscal 2009 budget.
So it looks like the first half of the program has passed the directive stage and will in all likelihood be funded. Seems like this sort of project does not fall under the scrutiny that the rest of the office of science (for example) does. Guns before butter kids...
There are a few interesting things that come up in the article which I found facinating. The initial read did not really provide a clear idea as to the state of domestic survelance. This struck me as a little odd, so I re-read and it became less opaque. None the less they spend nearly a third of the word space talking about domestic non-governmental monitoring as if already passed. It did not and perhaps I am reading too much into it.
But think about it this way. The NSA (and it's proxy organizations and companies) are building out their already sizable infrastructure to do really large scale monitoring - as if they don't already do. In addition they will build on the expertise to (hopefully) do real large scale correlation and analysis.
Correlation and analysis.
But we citizens are safe, yes? As this is just for governmental networks where notions privacy expectations are somewhat alien. Not so fast. They already have the infrastructure in place and are doing deep packet monitoring of US based traffic. This is a documented fact.
Then there is this weird attitude that somehow this is a simple problem to solve and that the most natural way to take care of the issue is to glom all the analysis together under one system.
Ed Giorgio, a former NSA analyst who is now a security consultant for ODNI, said, "If you're looking inside a DoD system and you see data flows going to China, that ought to set off a red flag. You don't need to scan the content to determine that."and even weirder:
The first is breathtaking in its naive style of analysis. You right fucking need to look at what is going over the wire. Anybody who tells you otherwise is simply telling you a lie. This person is a consultant who is planning on getting to blindingly stupid rich on this pig roast.
Under the initiative, the NSA, CIA and the FBI's Cyber Division will investigate intrusions by monitoring Internet activity and, in some cases, capturing data for analysis, sources said
The Pentagon can plan attacks on adversaries' networks if, for example, the NSA determines that a particular server in a foreign country needs to be taken down to disrupt an attack on an information system critical to the U.S. government. That could include responding to an attack against a private-sector network, such as the telecom industry's, sources said.
The second is a little creepy since they are talking about intentionally targeting civilian computational resources via official US military means. When that country or nation state defends itself by returning the favor, we have a reason for the infrastructure to be rolled over to the civilian side of the house.
This is exactly what has been suggested in the last post I did:
Spychief Mike McConnell is drafting a plan to protect America’s cyberspace that will raise privacy issues and make the current debate over surveillance law look like “a walk in the park,” McConnell tells The New Yorker in the issue set to hit newsstands Monday. “This is going to be a goat rope on the Hill. My prediction is that we’re going to screw around with this until something horrendous happens.”