U.S. spy agencies ... email for cybersecurity

• Previous message (by thread): U.S. spy agencies ... email for cybersecurity
• Next message (by thread): U.S. spy agencies ... email for cybersecurity
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(note, people ought to: 1) think about this on their own making up
their own minds, 2) understand that the press has some very weird
ideas, 3) take some better protections on their own, for their own
security)

also, I'm not judging the OP nor the reporter nor the ideas espoused
in the article/clips...

On Mon, Jul 9, 2012 at 9:46 PM, William Allen Simpson
<william.allen.simpson at gmail.com> wrote:
> Somebody needs to give them a clue-by-four.  The private sector

people keep trying, sometimes it's helped. sometimes reporters need to
sell stories :(

> already has the "Internet address where an email ... originated";

it's not just email they care about :( (you knew that I think)

> it's already in the Received lines.  We don't need to be informed
> about it, we already inform each other about it.

one interesting idea, that has proven out some merit over the years is
the ability to share 'incident' data across entry points (say across
companies, or gov'ts even) about 'bad things' that are happening.

Take the case of 'spam came in from this end system to my mailserver',
if I tell you that (or some central system that which you can query)
you'll learn that maybe the inbound connection to you is also
spam-rich.

> And it's already delivered "at network speed."
>

the article sort of reads like the above scenario though... maybe it's
NOT that, maybe it's something else entirely... it SEEMS that the
gov't wants to help. They may be able to, they may just foul things
up. The reporter certainly didn't leave enough details in place to
tell :(

> It is my understanding the Dept of Homeland Security already
> cooperates in sharing government intrusion information.  We certainly
> don't need a "U.S. spy agency" MITM to "protect the private sector."

<http://en.wikipedia.org/wiki/Einstein_%28US-CERT_program%29>

you may mean? could be... the wikipedias are sometimes wrong, or so
says the teacher of my 7yr old.

> Moreover, the US is the source of most spam and malware, so the NSA
> isn't really going to be much help.  And the US is the source of the

but hosts in the US that are botted/spamming, also spam/bot other
things outside the US, right? so really who cares where the src is,
get some data collection points up and use that data to inform your
security policy, no? (sure, you'll have to have some smarts, and some
smart people, and be cautious... but you'd do that anyway, right? :) )

These folks have some awesome tech for that sort of data collection
and analysis:
 <http://en.wikipedia.org/wiki/SHERIFF>

it's a shame that their parent company can't find a way to monetize
that sort of thing. (the article there talks about some older version
of the system, which is still alive/well today doing fraud detection
and was doing some IDS/anomaly-detection-like work as well for ip
network things)

> only known cyber attacks on other country's infrastructure, so it's
> not likely much help there, either.  Unless they expect retaliation?
>
> ===
>
> http://in.reuters.com/article/2012/07/10/net-us-usa-security-cyber-idINBRE86901620120710
>
> U.S. spy agencies say won't read Americans' email for cybersecurity
> 8:48pm EDT
>
> By Tabassum Zakaria and David Alexander
>
> WASHINGTON (Reuters) - The head of the U.S. spy agency that eavesdrops on
> electronic communications overseas sought on Monday to reassure Americans
> that the National Security Agency would not read their personal email if
> a new cybersecurity law was enacted to allow private companies to share
> information with the government.
> ...
>
> But to help protect the private sector, he said it was important that the
> intelligence agency be able to inform them about the type of malicious

translated: "Hey, what if we could tell our private sector partners
(Lockheed-Martin, for instance) that they should be on the lookout for
things like X, or traffic destined to Y, or people sending all their
DNS queries to these 5 netblocks." (dcwg.org sorta crap)

that doesn't sound 'bad', it sounds like there is a gap in the
business world to wrap all this data up and sell access to it... but
the gov't can jump in with their mountains of data from their
'einstein' or whatever and go to town protecting their 'partners' who
have often close interactions with the gov't, right?

> software and other cyber intrusions it is seeing and hear from companies
> about what they see breaching the protective measures on their computer
> networks.

adding to the above: "What if we had an API such that you could feed
your collected alarm/alert/badness data to us as well? and we could
feed that back into our system, protect ourselves AND send it back out
to the other partners?"

again, that's not that bad, really it sounds pretty cool... only if
MCI could have found a way to productize and monetize that... which we
built for them too :( but I digress.

> "It doesn't require the government to read their mail or your mail to do
> that. It requires them, the Internet service provider or that company, to
> tell us that that type of event is going on at this time. And it has to be
> at network speed if you're going to stop it," Alexander said.

alexander is loose with his pronouns, which makes this worse... in
reality: "send your alarm data to our system, hurrah!", PROBABLY this
could include large ISP people if the pricing (or regulatory world
were right), these folks COULD of course limit that to 'business isp
traffic only', maybe.

this sounds a little less on the ball though, so I'll blame bad
reporter-translation, and hope that Alexander really meant: "Our
partners in the industry, who help supply us and build our widgets for
us, would be enabled to send data into our API..."

>
> He said the information the government was seeking was the Internet
> address where an email containing malicious software originated and
> where it traveled to, not the content of the email.

I'm sure this was simply an example... and the reporter jumped on it
like a carnivore, poor job reporter! :(

> ...
>
> But the U.S. government is also concerned about the possibility of a cyber
> attack from adversaries on critical infrastructure such as the power grid or
> transportation systems.

yes, put in the boogie-man! also, keep in mind that CI things are ...
in a horrid state, and as it turns out the folk running it are
ostriches :(

-chris

• Previous message (by thread): U.S. spy agencies ... email for cybersecurity
• Next message (by thread): U.S. spy agencies ... email for cybersecurity
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]