Friday, December 21, 2007

Sweeping out corners...

Prolog: In staring this blog, a major part of writing has been involved with exploring the various groups and agencies that are interested in protecting us from those dark shadowy evildoers that live in deep cyberspace. At this point it is really getting difficult to keep up with the sheer volume of participants who have lined up to play this game. Hell a shorter list might be those people disinterested in your packets.

Go figure.

Anyway, as discussed previously our friends in the executive branch requested some large block of funding ($282 million) for some sort of anti-terrorism humdrum to be spread across DOJ and DHS. I provided what I thought was a argument mostly based on innuendo and character assassination but it seemed like a good idea at the time. Some part of the dark budget side of that proposition seems to be surfacing.

From the Baltimore Sun (which has removed the original article which can still be located in a google search):
In a major shift, the National Security Agency is drawing up plans for a new domestic assignment: helping protect government and private communications networks from cyberattacks and infiltration by terrorists and hackers, according to current and former intelligence officials.
(...)
The plan calls for the NSA to work with the Department of Homeland Security and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the "Cyber Initiative." Details of the project are highly classified.
Hmmm. Guess details of this project are beginning to emerge. This is the same set of folks that engage in illegal warentless wiretaps of American citizens. This is what they say about the whole thing:
Another former NSA official said that if the government wants to prevent cyberattacks, it makes sense to tap the agency's skills.

"I've got to be able to at least look at something to determine: Do I have a threat or don't I have a threat?" the former NSA official said. "It's important that you have the best thinkers with the deepest experience working these problems on behalf of the nation."
A little farther down we see:
Amit Yoran, the Homeland Security Department's first chief of cybersecurity, said in an interview that while the government has made progress, federal efforts have been "somewhat spotty" overall.

Among the main challenges, he said, is that the Homeland Security Department has been given responsibility for the problem but lacks the authority and expertise to compel other agencies and the private sector to follow its lead.

The new cybersecurity effort aims to build, in part, on an existing NSA program, code-named Turbulence, which has had a troubled start, the senior intelligence official said.
The language that is being used here is quite interesting. What does it mean that one agency will 'compel' other agencies and the private sector to do something. As an act, this is hardly without precedent (think about basic federal regulations). On the other hand we are not just talking about seat belts here...

I have several issues here: The least of which is that DHS/NSA have not proven themselves compitent in the domain of commercial computer security. This has been commented on before.

More importantly the NSA can not be trusted. Period. Ever. They have a long and glorious history of abusing their considerable power for pure political ends. Given the machinations that the EFF has had to go through up till now to show that they are already looking at most of this data anyway, it seems a little odd about the selection.

A final question in this day before the weekend before Squidmass, is simple. Who will monitor these folks? The DOJ? [hahahahahahahahahahahahahahhahahahah!!!] Even if I trusted them any more than DHS/NSA - which seems somewhat unlikely - they lack jurisdiction to do anything except to complain to congress, the courts or (you know this is coming!) the executive branch. Feh.

And what the heck is the 'Turbulance' program mentioned at the bottom of the article?
Turbulence is a loose collection of at least nine programs designed to give the NSA the ability to continuously patrol global communications networks. The Sun revealed the existence of Turbulence and outlined its management problems earlier this year.
This could all just be FUD and the program might be canned (or not even started). Just seems a little broken to me to even begin thinking about security in these terms.

-----
* The dictionary options for this word include 'insecurity' which seems more than a little more applicable to me...

No comments: